You are on page 1of 23

Q. Please describe the technical environment of your current (or most recent) position. A.

When describing the technical environment that you currently support, be sure to include the number of users you support, the number of IT staff, the technical infrastructure including servers, types of connections, desktop operating systems, your job duties, and your work schedule. You should be prepared to talk about each of the positions you have listed on your rsum in this way. Also be prepared with a follow-up statement of your most significant accomplishment. Q. How do you keep your technical knowledge and skills current? A. Keeping your skills current demonstrates initiative and a desire to perform at high standards. Be prepared with a list of resources including professional groups. Q. Please describe your greatest technical challenge and how you overcame it. A. Ah, an opportunity for a story. Great examples to draw on: how you taught yourself a new operating system, the installation of a complex system, integration of multiple systems, building of an e-commerce web site. Q. What are some of the tools you use to make your job easier? A. All network administrators have a bag of tricks. You should share some of your trade secrets as a way of demonstrating that you can be efficient in your job as a network administrator. These can include ghosting tools, troubleshooting tools, and documentation tools. Q. How do you document your network? A. One of the toughest parts of network administration is keeping track of an always changing environment. You must have basic documentation for user administration, file system planning, and address planning. Share your documentation with your interviewer.

Planning Questions
The interviewer will be interested in your network planning methodologies. The following questions provide insight into these skills. Q. What are some of the things you need to take into consideration when planning an upgrade from one network operating system to another? A. This is the mother of all planning activities because it will affect so many resources. The key here is testing and backups and thats what the interviewer wants to hear. Other considerations include:

Network documentation Ensuring that your hardware meets the minimum hardware requirements for the new operating system Creating a test network for testing the compatibility of applications, hardware, and drivers with the new operating system

Gathering all updated drivers and patches/service packs required for upgrade compatibility Identifying workflow issues before converting Separating workstation conversions from server conversions Ensuring you have backups of data and the servers so that you can revert back Network addressing scheme

Q. Describe the backup/restore policy you use most. A. First of all, the interviewer wants to ensure that you do backups! There are different methods, but the most common backup strategy used is to perform incremental backups Monday through Thursday and a normal backup on Friday. An alternative backup strategy is to perform differential backups Monday through Thursday and a normal backup on Friday. Q. How would you ensure that your servers are secure? A. Security always begins at the physical levelit makes little difference that youve provided all the security the operating system and software can provide if someone can walk away with the box or the portable hard drive. The next step is to ensure you have the latest service packs for the operating system and applications running on the server.

Installation
Q. What steps do you go through as part of your server installation process? A. The interviewer wants to know whether your typical work habits are to just jump in or whether you do some planning. You obviously want to ensure that your hardware meets the minimum requirements, that you have all the right drivers for the new operating system, and whether you need a ROM upgrade for your hardware. Depending on how many installations youve done, you may have a process that you like to follow. If you do, describe it to the interviewer. Q. How do you determine which file system is best for your environment? A. This question tests how well you plan for a variety of different environments. The key here is to take into consideration the file format support required for backward compatibility with other operating systems like NetWare or older versions of Windows NT. Youll also want to make sure theres enough disk space for drivers and files that must reside in the system partition, as well as space for a dump file if anything goes wrong. Q. Whats the first thing you should do after installing the network operating system? A. This is a test of your security skills. The first thing you should do is either change the password on the administrator account or change the name of the account itself. Q. You just installed a service pack on the e-mail, SQL, print, and file servers. You rebooted all the servers, and now the service pack installation is complete. Whats the final step for the evening?

A. The interviewer wants to make sure that testing is an integral part of your routine whenever you install software or make updates to systems. You may also want to review the Event Viewer logs and look for any errors that have been registered. Its a good idea to also examine the administrative interfaces for SQL and the e-mail server to satisfy yourself that no anomalies have appeared there.

Configuration
Ninety percent of your day is spent configuring network services, whether its installing applications, creating users, or adding printers. Q. What methods are available for configuring a WINS server for use by various Microsoft computers? A. This question demonstrates to the interviewer that you are familiar with the various methods for configuring routing using WINS. You can either configure the WINS server manually or by way of a Dynamic Host Configuration Protocol Server. Q. A user has left the company and you need to create a new user with the same rights and permissions. What are some of the ways to create the new user? A. By asking you to describe multiple ways of getting the job done, the interviewer can assess your experience level with the operating system. Some of the correct answers to this question include the following:

You could copy an existing users account to create a new account. However, the rights and permissions for the new, copied account will be based purely on its group memberships, not permissions g ranted strictly to the original account itself. Using Active Directory, you could use the CSVDE.exe program to create a new account with specific group memberships; however, this program is usually intended for bulk creation of accounts in your domain. You could create the new account from scratch, assigning group permissions or individual rights manually.

Q. What are some of the alternative ways for mapping a drive letter to a file server if you wish to connect to one of the servers shared folders? A. This question tests your experience by asking for alternate methods of getting the job done. In addition to mapped drives you can use a Universal Naming Convention path: \\servername\ sharename. You can also browse the Network Neighborhood. Q. You shared a printer from your NT server. What could you do to ensure that the printer is easily accessible to your Windows 98 clients? A. You may have to support older clients on your network. This question tests your experience with older technology. In this case, you should load the Windows 98 printer drivers on the share point.

Q. How large can I make a file allocation table partition using the NT operating system? A. This question tests your familiarity with system capabilities and limitations. The maximum FAT partition size is 4 gigabytes. Q. Is it necessary for an NT client computer to use the servers name in that UNC path? A. There are typically multiple ways of accomplishing the same task. Thank goodness, because you sometimes need them while troubleshooting. Using very basic questions, the interviewer can assess your real knowledge and experience with various operating systems. In this case, you can also use the servers TCP/IP address. Q. We are creating a web site on our NT server using Internet Information Server 4.0. We expect users to log on anonymously. How many client access licenses must we purchase to allow up to 100 simultaneous connections to our web site? A. This is a trick question to see if you understand the concept of user licensed connections. Anonymous logons on IIS 4.0 do not require client access licenses.

Troubleshooting
Q. A user contacts you and reports that their Windows 2000 workstation is having trouble connecting to the Web. You run the ipconfig command on the computer and you find that the computer is not referencing the correct primary DNS server. What must you do to remedy this? A. Using this question, the interviewer can assess your routing troubleshooting skills, an essential part of network administration. In this case, you would want to check the primary DNS setting in the IP configuration of the computer. If ipconfig shows a setting for the default DNS server other than what you want, this means the computers IP configuration is incorrect. Therefore, the Windows 2000 client computer needs to be reconfigured. Q. Users are complaining of slow performance when they run server-based applications. The server has the following specifications: > Compaq 1600 > 800 MHz Pentium 3 > 256MB of RAM > 18GB EIDE hard drive > 10/100 NIC > Connected to a Cisco switch The performance monitor shows the following: Memory Pages/Sec: 5 Physical Disk % Disk Time: 20 percent Processor % Processor Time: 90 percent What is the best way to improve the systems performance? A. This question tests your knowledge of server optimization. In this case, the recommendation should be to upgrade the processor. Microsoft recommends you do so if the CPU utilization averages over 70 to 75 percent.

Q. A user is having trouble sharing a folder from their NT Workstation. What is a likely cause? A. The interviewer is testing your basic knowledge of rights. In order to share a folder you must be logged on as an administrator, server operator (in a domain), or power user (in a workgroup). Q. Youve shared a folder and set the share permissions to Everyone = Full Control. However, none of the users can save information in the folder. Whats the likely cause? A. This is another question that tests your knowledge of permissions. The likely cause is that someone has set the NTFS permissions in a more restrictive manner than the share permissions. Between those two categories of permissions, the more restrictive of the two always applies to users accessing the folder over the network. Q. What is the most likely cause for the failure of a user to connect to an NT remote access server? A. Supporting remote users may be a big part of your job. Its important to understand the proper configuration and troubleshooting of the NT RAS. In this case, the user must be granted the RAS dial-in permission. Q. A remote user in Montana, who is not technical and is scared to death of computers, calls for help. The user logged in to your network via the terminal server. You determine that the solution to the users problem requires an edit of a hidden read-only file, deleting a system file in the winnt\system32 folder, and creating a simple batch file on the users computer. What tools would you use to resolve this problem? A. This question tests your ability for remote troubleshooting. An administrator can edit these files on the users computer by connecting to it over the network via the Computer Management console in Windows 2000. Using this console, you can access the administrative shares (C$, D$, and so on) that represent the partitions on the users computer. From there, you can edit or create any files necessary to repair the problem.

Windows NT Networking Questions


Windows NT is still the most popular operating system around. You should be comfortable with this environment to be able to respond to the following questions that an interviewer may ask you. Q. Why is Windows Internet Name Server needed in a Windows NT domain? A. An important part of network administration is setting up the server and clients so they can find one another. WINS is necessary to achieve NetBIOS name resolution. Your desktop clients can then log on to the domain, and the domain controllers can authenticate to one another. Q. What is the normal replication interval between the primary domain controll er and the backup domain controller? A. The PDC waits five minutes after a change in the domain database before pulsing, or notifying, the BDCs.

Q. How can you synchronize a BDC immediately? A. Within the server manager, select the BDCs account, choose the Computer menu, and select Synchronize With Primary Domain Controller. Q. Users change their passwords in the NT domain every 30 days. Our primary domain controller is in New York, but we have users in our California office. When a California user changes their password, will they be able to use the new password immediately, or must they wait for replication to occur to a backup domain controller in California? A. You must have a firm grasp of replication. In this case, waiting for a replication will not be necessary. If a BDC doesnt recognize a users password, it will automatically appeal to the PDC to establish its validity. Q. Ive created logon scripts for my users on the primary domain controller. Ive correctly mapped them in the properties of my users accounts. Some run, some do not. What should I check next? A. The scripts should be replicated to all of your backup domain controllers. The domain controller that validates the logon is the one that runs the script. Q. Is it possible to create a domain account from an NT member server? A. Yes. By using User Manager for Domains, you can create the account from the member server. The account will actually be created on the primary domain controller, however. Q. Someone just dropped a safe on our primary domain controller. What should we do next? A. You should promote one of your backup domain controllers to become the primary domain controller. Q. After the promotion, what happens if we bring the old PDC back online? A. When the old PDC gets back online, its Netlogon service will fail. You can resolve this through Server Manager by first demoting it to a backup domain controller and then promoting it to a primary domain controller. Q. One of your users logs on to the domain from his NT Workstation. Due to a network failure the following day, he is unable to contact a domain controller when he tries to log on. Can the user log on with his domain account? A. Yes. He will be able to log on with locally cached credentials. Q. Someone deleted the account of one of my backup domain controllers in Server Manager. When the BDC boots up, it is unable to authenticate to the primary domain controller, and its Netlogon service fails. What can I do? A. Either restore the account from a backup or reinstall the backup domain controller from scratch. Q. How can I promote one of my member servers to become a backup domain controller? A. You cant. You must reinstall the entire operating system as a domain controller (either a backup or primary domain controller).

Q. Does it matter which of my domain controllers I upgrade to Windows 2000 first? A. Yes. You must upgrade the primary domain controller to Windows 2000 before any of the backup domain controllers. Q. What about the member servers and workstations? Must I upgrade them in any particular order? A. No. member servers and workstations can be upgraded in any order.

Active Directory
In order to manage an Active Directory Services environment, you must be comfortable with planning, security and permissions, authentication, and synchronization. The following questions may be asked by the interviewer to assess your experience with performing these functions. Q. What rights must your logged-in account have when creating a Windows 2000 forest? A. You must understand rights and permissions thoroughly. In this instance, the account must have administrative rights on the Windows 2000 server used to create the new forest. Q. What rights must your account have when adding a domain to an existing forest? A. In this case, you must be a member of the Enterprise Administrators group. Q. My account has the proper rights, but when I try to create a new domain I get an error message stating that the Domain Naming Master cannot be contacted. What does this mean? A. An experienced network administrator will be able to readily troubleshoot for problems such as this one. This scenario can mean network connectivity issues or a failed Domain Naming Master, which is the domain controller for the forest root domain. Q. Why is Domain Name System (DNS) so important to an Active Directory forest? A. As a network administrator you must understand name resolution. DNS is critical to your forest because it possesses all of the service (SRV) records. These records indicate the TCP/IP address and port necessary to locate a specific service offered by a server. Q. Does the DNS server have to be a Windows 2000 server? A. This is a trick question. DNS is independent of Windows 2000 and so the answer is no. To support Active Directory, the DNS server must support two BIND (Berkeley Internet Name Domain) version standards: 4.9.6 (SRV records) and 8.1.2 (dynamic updates). Q. What rights does a user need in order to create computer accounts in an Active Directory domain? A. By default, a user only needs to be recognized as a member of the Authenticated Users group to add workstations to a domain. This permission is established in the Default Domain Controllers policy, and permits users to create up to ten accounts.

Q. Is it possible to have entirely separate domain name spaces within the same forest? A. When it comes to Active Directory, you must have a thorough understanding of forest limitations. In this case, you can have multiple domain name spaces within the same forest. Q. Do clocks synchronize automatically between Windows 2000 computers? A. This question tests your understanding of Active Directory synchronization. Clocks do synchronize only within a domain. The Primary Domain Controller Emulator handles this task for you. But there is no server that automatically synchronizes clocks between your separate domains. Q. To create Group Policy objects in a domain, what group must you be a member of? A. You must be a member of the Group Policy Creator Owners group in your domain to create these objects. Q. Is it possible to prevent the application of a Group Policy to a user account within one of our organizational units? A. To prevent the application of a Group Policy to a user, you would deny the Read and Apply Group Policy permissions to the user in that organizational unit. Q. Is it possible to schedule replication between two domain controllers in Active Directory? A. This question assesses your knowledge of configuration options for domain controllers within Active Directory. In this case, place the domain controllers in different sites. Then set the schedule on the Site Link object that connects the sites. Q. My Windows 98 users cannot search for published objects in our Active Directory domain. How do I add this capability to their computers? A. Add the DSClient utility to their computers from the Windows 2000 Server CD. Q. What are some of the ways of propagating permissions set on an Active Directory object to lower-level child objects? A. Administering security is a big part of an administrators job. One way to accomplish this task is the following: On the Security tab of the parent object, click the Advanced button. Using the special permissions list, be sure to select Apply ontoThis object and all child objects. Another method is to use the Delegation of Control Wizard. Q. An organization is running a web site using Internet Information Server 5.0 on a Windows 2000 Server. The site allows both Anonymous and Integrated Windows authentication. When our domain users connect to the site, which authentication method is used? A. Understanding authentication modes is a critical part to troubleshooting and effectively securing resources. In this case, they will authenticate as the Anonymous account. An exception to this would be seen if the Anonymous account lacked permissions to a particular resource on the web site, in which case Integrated Windows authentication would be attempted.

Q. How can I move the Active Directory database and log files to a different drive on the domain controller? A. This can be accomplished by rebooting the domain controller using Directory Services Restore Mode and running the ntdsutil tool. Q. An administrator accidentally deleted an entire organizational unit containing 200 users from our domain. How can you recover the organizational unit? A. Everyone has these types of situations. You must know how to recover from these mistakes. In this case, rebooting a domain controller using Directory Services Restore Mode and conducting an authoritative restore of the OU from a backup will solve the problem. Q. We demoted our Primary Domain Controller Emulator to become a member server in our domain. What do we need to do to transfer the PDC Emulator role to another domain controller? A. This question tests how well you understand how the PDC Emulator works. In this situation, the role was automatically transferred when the former PDC Emulator was demoted. 1.Q: How do you manage your home network? A: This answer will prove the employer that you love technology and that all your life it had a great impact on you, helping you to develop great knowledge even since childhood. Employer look for people to have in their teams that have enthusiasm in their domain, they should have a native attraction for the thing involved in the job. People who dont get enough of the things they love at work, try to make those things at home as well to feel complete, these people are the best candidates for the job. So the candidate is using for sure wireless technology at home especially for the family network and any other last hour high tech gadgets. This is a basic an imp network administrator interview questions asked. 2.Q: How is UDP different from TCP? A: While TCP is a network protocol that is based on connection, UDP is not connection based. Connection means that the transfer of data between two points on a network is made with the acknowledgement of the success of the process. TCP is used if we want to transfer data and receive confirmation that the data was really sent, no matter in what time period it was made. For example UDP is used when a movie is streamed and we need continuous frame play without interruptions.

3.Q: What was the strangest situation that you had to deal with regarding managing a network? A: The candidate will answer to this question mentioning an experience in which he/she had difficulties being understood by the other workers in the company and his/her suggestions were not followed as they were explained, leading to a network fail or other severe problems. This is best among network administrator interview questions as the answer tell the interviewer about your strengths and challenging nature. 4.Q: How a network maintenance operation is made? A: The maintenance of a network is made by running tests for the purpose of detecting viruses, breakdowns, hackers or bugs. A network administrator should always stay updated with the latest technology and this can be made only through constant market research. Staying up-to-date helps the administrator to improve the network and to maintain it in a good state all the time. 5.Q: Can you explain about the biggest error that you have made as a network administrator? A: This question is a check by the interviewer to see if the candidate is honest so you must admit you have made some errors in the past , everybody makes mistakes, but these are meant to makes us better, we have to learn from them. If the candidate says he/she never failed it is a big lie, everyone makes something wrong at a point. It is impossible not to make a mistake from the multitude of options and data that are to be found in a network. Be cautious while answering this type of generic network administrator interview questions as a wrong answer might screw up your interview. Answer wisely and dont mention even though you did a blunder in previous project. 6.Q: What is the meaning of a database server? A: When a database server exists, it receives the SQL requests in form of messages and each SQL reaches the entire network. The data is processed by the server itself and doesnt have to be

returned to the client for processing. This makes things more efficient. This is the most simplest network administrator interview questions among all. 7.Q: Which are, in your opinion the best traits of a network administrator? A: The guys that are involved in network administration in most cases they are natural fixers, they were passionate about computers since they were kids and they know when a problem appears before it makes much damage, they are able to prevent it so it is not necessary to repair it. Typical Network Administrator Interview Questions: 8.Q: How can you explain the meaning of a Remote Procedure Call or RPC? A: A Remote Procedure Call makes the complexity of the network hidden. It actually invokes a remote server function and closes itself until the results come back. This process is a synchronous one. 9.Q: What is the meaning of Middleware? A: For the good communication between servers and clients there is a software called Middleware. Its behavior is just like the one of a bridge. The application from the client calls a service and Middleware manages the transfer through the network and receiving results. Middleware doesnt contain any additional software, the other applications are found on the server or on the client. Middleware is a compulsory asked network administrator interview questions in any interview. 10.Q: Do you difficult for a network administrator to stay so much in front of the computer? A: When a person decides to become a network administrator he/she must be aware that physical effort will not take part of the job and even if it is , in rare occasions, it is minimal. The work of a network administrator resumes to doing different tasks on the computer and giving phone calls for support. In rare occasions he may act as a system administrator but this is due to urgency. 11.Q: What is an object server doing? A: With the aid of an object server the application from the client or from the server is a group of communicating objects. The Objects Request Broker or ORB facilitates the communication between client objects and server objects. 12.Q: What is the Routing Information Protocol or RIP? A: RIP is a is an interior gateway protocol that was often used in interior networks and in some degree in internet networks. It helps the router adapt to the modifications that are made in a network regarding connections. Now it become less used since more efficient protocols were implemented like OSPF or IS-IS. It is limited to a lower number of routers, a maximum of fifteen router. 13.Q: What is the difference between these three: encryption, encoding and hashing?

A: Encryption is used for keeping data intact and safe and is not so easy to reverse because it requires a certain key. Encoding is used to protect data as it passed through the network and after reaching the destination the data returns to the initial state because it is easy reversible process; being easy reversible makes it not so good for data protection. Hashing is a protection method that is not reversible and the data comes under the form of a string named the hash value. 14.Q: How can we explain the following terms: gateway and router? A: A gateway is like a door that opens for a data package to exit the interior network and step outside the network. The Router handles the transportation of data packages over the interior network. 15.Q: What is the way in which the Asynchronous Transfer Mode works? A: The Asynchronous Transfer Mode or ATM is a connection technology that works by transmitting data into organized 53 bytes (small) packages through a physical environment with a high efficiency. Packing data into small cells reduces transportation delay so the speeds reached by this technology are very high; it can reach even 10 Gb per second. 16. What types of Transmission media do exist? A: The signals transported through Transmission media care have two types: Guided media Guided media are the conduit types that allow transmission through coaxial cables, fiber optics and twisted-pairs. In this type of transmission the data flow is dependable of the physical limits of the conducting material. The signal is transported over the metallic conductor as an electric current, this is the case for coaxial cables and twisted pairs. In the case of fiber optics lights signals are transmitted through a plastics or glass cable. Unguided media This type refers to wireless communication which uses the air to propagate the signal, along with the cellular phone technology, satellite technology and radio technology. The signal takes the form of electromagnetic waves and travels on the air without the need of a solid conductor. Senior Network administrator interview questions: 17.Q: What is a broadcast storm? A: We say we have a broadcast storm when the traffic or broadcasting on the network has reached certain limits, meaning that its overwhelmed and this can make the network loose the connection. In order for the network to be protected against broadcast storm a firewall must be installed. 18.Q: How can we explain what a Protocol Data Unit is? A: The Protocol Data Unit or PDU is the data unit from the LLC level and has four fields: a)the source service access point or SSAP b)the destination service access point or DSAP

c)the information field d) the control field The first two are used for finding the protocol stacks by the LLC on the machines that send or receive data, they are addresses. The control field states when a PDU frame is a supervisory or an information frame. 19.Q: What difference there is between these terms: RARP and ARP? A: RARP or the reverse address protocol determines a host to find the internet address when only a physical address is known. ARP or the address resolution protocol brings together the IP address which is 32 bit with the physical address which is 48 bit. It is used for finding the physical address when the IP is known. 20.Q: What is the meaning of FTP and TFTP application layer protocols? A: FTP or File Transfer Protocol is the process file transfer between hosts and its provided by the TCP/IP. Two connections are made that are secure over the TCP: one for file copying and one for information control. These connections are also called virtual circuits. TFTP or the Trivial Transfer Protocol is using UDP to transfer file form a remote host to a local host but without the advantages of security and reliability. 21.Q: Can you give me a list of priorities concerning network support? A: Usually a network administrator doesnt receive a single call when a problem arises. The problems in most cases affect multiple employees so we must learn how to make a list of priorities. The major problems that we must take into consideration are the following: a)Minor problem- these come from a single user and happen quite often, the user can continue working but with some lacks. b)Partial failure of a workstation- in this case a single user is affected and almost all the tasks are compromised c)Small failure of a network- this affects a group of users, not just an individual d)Partial failure of a network- this has an impact on multiple user groups e)Total failure of a workstation- in this case an individual cant work at all f)Total failure of a network- when everybody gets the problem and nothing works. 22.Q: Which are the tools you carry usually for troubleshooting? A: A generic question from the interviewer that wants to verify if the flow of the answer remains the same no matter what question is asked, so the details of the answer are not the ones that really count here. The gear of a network admin must include CD-ROMs, technical support links, networks analyzers, server log files, telephone numbers, README files and so on. Subscriptions to certain support companies are important to be declared. 23.Q: What meaning has ICMP?

A: The Internet Control Message Protocol or ICMP is belonging to the TCP/IP set and has the role of testing the notifications transmissions of hosts and gateways and manages the messages of error and control. 24.Q: How do you resolve a problem with a printer when a user says that it just prints trash? A: Even if you dont really know the answer for this problem from your head without having a real life situation to verify for real this question is meant to discover to the interviewer you reactions to possible uncertain problems and what you may thing is the solution to the issue. 25.Q: Which are the known network topologies? A: The following topologies apply to networks: a)the ring topology: a loop connection is made between computers and it has the advantages that the signal is generated from every computer, so we have a strong signal, a simple install process and equal access to media. b)the star topology: the connection is made with a central hub and the advantages are the low cost and easiness in installation and problem solving. c)the bus topology: every computer connects to the main network cable and has the advantages of easiness in installation, understanding, extension and low cost. This is one of most asked network administrator interview questions. Prepare well for this.
What is the SYSVOL folder? The sysVOL folder stores the servers copy of the domains public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume. Que.: What is Active Directory? Ans. Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user information, computer information and also other network object info. It has capabilities to manage and administor the complite Network which connect with AD. Que.: What is the Global Catalog? Ans.: Global Catalog is a server which maintains the information about multiple domain with trust relationship agreement.. Que: What is Active Directory? Ans: Active Directory directory service is an extensible and scalable directory service that enables you to manage network resources efficiently. Q01: What is Active Directory? Ans:Active Directory is directory service that stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration 3for all network objects. Q; What is active directory?

Ans: active directory is a domain controller which is use to authenticate and administrate the group of computer,user,server etc. remotely. all the policies and security will be applicable on the client machine which one is join the domain.and all this policies and security is defined in active directory. Q2: What is LDAP? Ans2: LDAP(light weight directory accerss protocol) is an internet protocol which Email and other services is used to look up information from the server. Q 18: What is KCC ? Ans 18: KCC ( knowledge consistency checker ) is used to generate replication topology for inter site replication and for intrasite replication.with in a site replication traffic is done via remote procedure calls over ip, while between site it is done through either RPC or SMTP. Q 10: What is Global Catalog Server ? Ans 10 : Global Catalog Server is basically a container where you put the same type of member ,computer etc and applied the policies and security on the catalog server in place of individual user or computer. Q; What is active directory? active directory is a domain controller which is use to authenticate and administrate the group of computer,user,server etc. remotely. all the policies and security will be applicable on the client machine which one is join the domain.and all this policies and security is defined in active directory. Q 10 : what is Global catalog server GC? Ans : i m sorry i was given wrong ans of this question above but now im giving the exact ans of this question, and th ans which iwas given previously is the ans of Organisatinal Unit not of GC.. and the ans is The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers. Q 4: Where is the AD database held? What other folders are related to AD? A 4: The AD data base is store in NTDS.DIT. Q 5 : What is the SYSVOL folder? A 5; The sysVOL folder stores the servers copy of the domains public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. Q 19: What is the ISTG? Who has that role by default? A 19: Windows 2000 Domain controllers each create Active Directory Replication connection objects representing inbound replication from intra-site replication partners. For inter-site replication, one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG). Q :15 What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN? A 15 : LDP : Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network. Replmon : Replmon displays information about Active Directory Replication. ADSIEDIT :ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL ADSIEDIT.MSCNETDOM : NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels.

REPADMIN : This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers.Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-dateness vectors. Q 36: how to take backup of AD ? A 36 : for taking backup of active directory you have to do this : first go to START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the syatem including AD backup , DNS ETC. Q 37 : how to restore the AD ? a 37 : For ths do the same as above in the question 36 but in place of backup you select the restore option and restore the system state . Q 19: What is the ISTG? Who has that role by default? A 19: Inter-Site Topology Generator(istg) is responsible for managing the inbound replication connection objects for all bridgehead servers in the site in which it is located. This domain controller is known as the Inter-Site Topology Generator (ISTG). The domain controller holding this role may not necessarily also be a bridgehead server. Q 29 :What are the DS* commands A 29 : You really are spoilt for choice when it comes to scripting tools for creating Active Directory objects. In addition to CSVDE, LDIFDE and VBScript, we now have the following DS commands: the da family built in utility DSmod - modify Active Directory attributesDSrm - to delete Active Directory objectsDSmove - to relocate objectsDSadd - create new accountsDSquery - to find objects that match your query attributesDSget - list the properties of an object Q 30 :Whats the difference between LDIFDE and CSVDE? Usage considerations? A 30 : CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info. Like CSVDE, LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor, however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects. Q 25 : What is tombstone lifetime attribute? A 25 : The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and preventing restores from reintroducing a deleted object. This value is in the Directory Service object in the configuration NIC. You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that? How it is possibal (20)What are the requirements for installing AD on a new server? Ans:1)The Domain structure2)The Domain Name3)storage location of the database and log file4)Location of the shared system volume folder5)DNS config Methode6)DNS configuration 7. What are application partitions? When do I use them. Ans: AN application diretcory partition is a directory partition that is replicated only to specific domain controller.Only domain controller running windows Server 2003 can host a replica of application directory partition. Using an application directory partition provides redundany,availabiltiy or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest Q:You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that? How it is possibal.

Ans:Login on client as Domain Admin user change whatever you need add printers etc go to system-User profiles copy this user profile to any location by select Everyone in permitted to use after copy change ntuser.dat to ntuser.man and assgin this path under user profile Q. 8. How do you create a new application partition ANS: Use the DnsCmd command to create an application directory partition. To do this, use the following syntax: DnsCmd ServerName /CreateDirectoryPartition FQDN of partition Global catalog provides a central repository of domain information for the forest by storing partial replicas of all domain directory partitions. These partial replicas are distributed by multimaster replication to all global catalog servers in a forest.

How do you view all the GCs in the forest? Ans C:\>repadmin /showreps domain_controller where domain_controller is the DC you want to query to determine whether its a GC. The output will include the text DSA Options: IS_GC if the DC is a GC. . . . Trying to look at the Schema, how can I do that Ans: type adsiedit.msc in run or command prompt Q. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options. Ans. Yes, you can use dirXML or LDAP to connect to other directories In Novell you can use E-directory Q 38 :How do you change the DS Restore admin password ? Ans 38: A. In Windows 2000 Server, you used to have to boot the computer whose password you wanted to change in Directory Restore mode, then use either the Microsoft Management Console (MMC) Local User and Groups snap-in or the command net user administrator * to change the Administrator password. Win2K Server Service Pack 2 (SP2) introduced the Setpwd utility, which lets you reset the Directory Service Restore Mode password without having to reboot the computer. (Microsoft refreshed Setpwd in SP4 to improve the utilitys scripting options.) In Windows Server 2003, you use the Ntdsutil utility to modify the Directory Service Restore Mode Administrator password. To do so, follow these steps: 1. Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe). 2. Start the Directory Service Restore Mode Administrator password-reset utility by entering the argument set dsrm password at the ntdsutil prompt: ntdsutil: set dsrm password 3. Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine. For example, to reset the password on server thanos, enter the following argument at the Reset DSRM Administrator Password prompt: Reset DSRM Administrator Password: reset password on server thanos To reset the password on the local machine, specify null as the server name: Reset DSRM Administrator Password: reset password on server null 4. Youll be prompted twice to enter the new password. Youll see the following messages: 5. Please type password for DS Restore Mode Administrator Account: 6. Please confirm new password: Password has been set successfully. 7. Exit the password-reset utility by typing quit at the following prompts: 8. Reset DSRM Administrator Password: quit ntdsutil: quit Q.40: What are Group Policy objects (GPOs)? A.40: Group Policy objects, other than the local Group Policy object, are virtual objects. The policy setting

information of a GPO is actually stored in two locations: the Group Policy container and the Group Policy template. The Group Policy container is an Active Directory container that stores GPO properties, including information on version, GPO status, and a list of components that have settings in the GPO. The Group Policy template is a folder structure within the file system that stores Administrative Templatebased policies, security settings, script files, and information regarding applications that are available for Group Policy Software Installation. The Group Policy template is located in the system volume folder (Sysvol) in the \Policies subfolder for its domain. Q 41 :What is the order in which GPOs are applied ? A 41: Group Policy settings are processed in the following order: 1. Local Group Policy objectEach computer has exactly one Group Policy object that is stored locally. This processes for both computer and user Group Policy processing. 2. SiteAny GPOs that have been linked to the site that the computer belongs to are processed next. Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed last, and therefore has the highest precedence. 3. DomainProcessing of multiple domain-linked GPOs is in the order specified by the administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence. 4. Organizational unitsGPOs that are linked to the organizational unit that is highest in the Active Directory hierarchy are processed first, then GPOs that are linked to its child organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit that contains the user or computer are processed. At the level of each organizational unit in the Active Directory hierarchy, one, many, or no GPOs can be linked. If several GPOs are linked to an organizational unit, their processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence. This order means that the local GPO is processed first, and GPOs that are linked to the organizational unit of which the computer or user is a direct member are processed last, which overwrites settings in the earlier GPOs if there are conflicts. (If there are no conflicts, then the earlier and later settings are merely aggregated.) What is LDAP? Lightweight Directory Access Protocol This article will tell you how to add your first Windows 2003 DC to an existing Windows 2000 domain. This article is particularly useful if you have Windows 2000 servers that will be replaced by new hardware running Windows Server 2003. The first step is to install Windows 2003 on your new DC. This is a straighforward process, so we arent going to discuss that here. Because significant changes have been made to the Active Directory schema in Windows 2003, we need to make our Windows 2000 Active Directory compatible with the new version. If you already have Windows 2003 DCs running with Windows 2000 DCs, then you can skip down to the part about DNS. Before you attempt this step, you should make sure that you have service pack 4 installed on your Windows 2000 DC. Next, make sure that you are logged in as a user that is a member of the Schema Admin and Enterprise Admin groups. Next, insert the Windows 2003 Server installation CD into the Windows 2000 Server. Bring up a command line and change directories to the I386 directory on the installation CD. At the command prompt, type: Code : adprep /forestprep After running this command, make sure that the updates have been replicated to all existing Windows 2000 DCs in the forest. Next, we need to run the following command: Code : adprep /domainprep

The above command must be run on the Infrastructure Master of the domain by someone who is a member of the Domain Admins group. Once this is complete, we move back to the Windows 2003 Server. Click start then run - type in dcpromo and click OK. During the ensuing wizard, make sure that you select that you are adding this DC to an existing domain. After this process is complete, the server will reboot. When it comes back online, check and make sure that the AD database has been replicated to your new server. Next, you will want to check and make sure that DNS was installed on your new server. If not, go to the control panel, click on Add or Remove Programs, and click the Add/Remove Windows Components button. In the Windows Components screen, click on Networking Services and click the details button. In the new window check Domain Name System (DNS) and then click the OK button. Click Next in the Windows Components screen. This will install DNS and the server will reboot. After reboot, pull up the DNS Management window and make sure that your DNS settings have replicated from the Windows 2000 Server. You will need to re-enter any forwarders or other properties you had set up, but the DNS records should replicate on their own. The next 2 items, global catalog and FSMO roles, are important if you plan on decomissioning your Windows 2000 server(s). If this is the case, you need to transfer the global catalog from the old server to the new one. First, lets create a global catalog on our new server. Here are the steps: 1. On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services. 2. In the console tree, double-click Sites, and then double-click sitename. 3. Double-click Servers, click your domain controller, right-click NTDS Settings, and then click Properties. 4. On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server. 5. Restart the domain controller. Make sure you allow sufficient time for the account and the schema information to replicate to the new global catalog server before you remove the global catalog from the original DC or take the DC offline. After this is complete, you will want to transfer or seize the FSMO roles for your new server. For instructions, read Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller. After this step is complete, we can now run DCPROMO on the Windows 2000 Servers in order to demote them. Once this is complete, copy over any files you need to your new server and you should have successfully replaced your Windows 2000 server(s) with a new Windows 2003 server(s Global Catalyst is the one where the authentication happens, by default primary domain controller is Global Catalyst, we can add global catalyst to improve the Netwrk Performance What is Active Directory? Its a Directory Service which stores and manages the information of Objects(User,computer,printer shared folder etc) What are the requirements for installing AD on a new server? Win2K3 CD DNS Static IP You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that? go to Start->programs->Administrative tools->Active Directory Users and Computers Right Click on Domain->click on preoperties On New windows Click on Group Policy Select Default Policy->click on Edit on group Policy console go to User Configuration->Administrative Template->Start menu and Taskbar Select each property you want to modify and do the same 1. What are the required components of Windows Server 2003 for installing Exchange 2003? - ASP.NET, SMTP, NNTP, W3SVC

2. What must be done to an AD forest before Exchange can be deployed? - Setup /forestprep 3. What Exchange process is responsible for communication with AD? - DSACCESS 4. What 3 types of domain controller does Exchange access? - Normal Domain Controller, Global Catalog, Configuration Domain Controller 5. What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route to each address 6. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini 7. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other servers. This can be explained by outages or performance issues with the network or remote servers. 8. What would a rise in the Local Delivery queue generally mean? - This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space. 9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? - SMTP 25, POP3 110, IMAP4 143, RPC 135, LDAP 389, Global Catalog 3268 10. Name the process names for the following: System Attendant? MAD.EXE, Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE 11. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20 databases. 4 SGs x 5 DBs. 12. What are the disadvantages of circular logging? - In the event of a corrupt database, data can only be restored to the last backup. 19 Responses to Windows sysadmin interview questions 1) How windows server will configure? Tell them that you have 400 pc based network, and you configure a Active Directory domain on windows servers to centralize administration tasks. 1) How windows server will configure? Its depends on the role of the server. If you installing Active Directory, you have to run DCPROMO on commond prompt, and followed instructions. Over all its depends on the role. Simply you can say there is an option in windows Manage Server once you follow the instructions it will guide you to configure your server. 2) How many types of servers? If they are concern with Hardware server, tell them the hardware configuration and vendor of the server. If they are asking about the types of windows server, tell them Standard, enterprise, or Small business server etc. start > Run > Cmd > Type net send Computername type ur msg Question 2: What must be done to an AD forest before Exchange can be deployed? - Setup /forestprep

question 2 is incorrect, in order for ms exchange 2k or 2003 to be sucessfully deployed both forestprep and domain prep must successfuly complete first, before the setup.exe of the actual exchange install, or the install and will error out if attempted. .

DNS Interview Questions and Answers


Posted on 24/09/2012

Interview questions and answers on dns server n Windows 2003 and 2008 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Q1. What is DNS? Domain Name System is a service that can be installed on any windows server operating system to resolve the Name to IPAddress and vice-versa. TCP/IP networks, such as the Internet, use DNS to locate computers and services through user-friendly names Q2. What is DDNS? Dynamic DNS or DDNS is a method of updating, in real time, a Domain Name System to point to a changing IP address on the Internet. This is used to provide a persistent domain name for a resource that may change location on the network. Q3. What are the resource records in DNS?

A (Address) Maps a host name to an IP address. When a computer has multiple adapter cards and IP addresses, it should have multiple address records. CNAME (Canonical Name) Sets an alias for a host name. For example, using this record, zeta.tvpress.com can have an alias as www.tvpress.com. MX (Mail Exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain. NS (Name Server) Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record. PTR (Pointer) Creates a pointer that maps an IP address to a host name for reverse lookups. SOA (Start of Authority) Declares the host that is the most authoritative for the zone and, as such, is the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone).

Q4. What are a Forward and Reverse Lookup?

Forward Lookup: When a name query is send to the DNS server against to IP address, it is generally said a forward lookup. Reverse Lookup: DNS also provides a reverse lookup process, enabling clients to use a known IP address during a name query and look up a computer name based on its address.

Q5. What is Primary zone? This is the read and writable copy of a zone file in the DNS namespace. This is primary source for information about the zone and it stores the master copy of zone data in a local file or in AD DS. Dy default the primary zone file is named as zone_name.dns in %windir%\System32\DNS folder on the server. Q6. What id Secondary zone? This is the read only copy of a zone file in the DNS namespace. This is secondary source for information about the zone and it get the updated information from the master copy of primary zone. The network access must be available to connect with primary server. As secondary zone is merely a copy of a primary zone that is hosted on another server, it cannot be stored in AD DS. Q7. What is stub Zone? A stub zone is a read only copy of a zone that contains only those resource records which are necessary to identify the authoritative DNS servers for that particular zone. A stub zone is practically used to resolve names between separate DNS namespaces. This type of zone is generally created when a corporate merger or acquire and DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. A stub zone contains: The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub zone. Q8. What is Caching Only Server? Caching-only servers are those DNS servers that only perform name resolution queries, cache the answers, and return the results to the client. Once the query is stored in cache, next time the query in resolved locally from cached instead of going to the actual site. Q9. What is Aging and Scavenging? DNS servers running Windows Server support aging and scavenging features. These features are provided as a mechanism to perform cleanup and removal of stale resource records from the server and zone. This feature removes the dynamically created records when they are stamped as stale. By default, the aging and scavenging mechanism for the DNS Server service is disabled. Scavenging and aging must be enabled both at the DNS server and on the zone

Q10. What is SRV record in DNS? The SRV record is a resource record in DNS that is used to identify or point to a computer that host specific services i.e Active directory. Q11. What is Forwarding in DNS? A forwarder is a feature in DNS server that is used to forward DNS queries for external DNS names to DNS servers outside of that network. We ca configure a DNS server as a forwarder to forward the name query to other DNS servers in the network when they cannot resolve locally to that DNS server. Q12. What is Conditional Forwarding in DNS? We can configure the DNS server to forward queries according to specific domain names using conditional forwarders. In this case query is forward to an IP address against a DNS domain name.

Q13. What are Queries types in DNS? Recursive Query: This name queries are generally made by a DNS client to a DNS server or by a DNS server that is configured to pass unresolved name queries to another DNS server, in the case of a DNS server configured to use a forwarder. Iterative Query: An iterative name query is one in which a DNS client allows the DNS server to return the best answer it can give based on its cache or zone data. If the queried DNS server does not have an exact match for the queried name, the best possible information it can return is a referral. The DNS client can then query the DNS server for which it obtained a referral. It continues this process until it locates a DNS server that is authoritative for the queried name, or until an error or time-out condition is met.

Q13. What are Tools for troubleshooting of DNS? DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, DNS Logs. Q14. How to check DNS health? Using the DCdiag. i.e. (dcdiag /test:dns /v /e)

You might also like