Active Directory is a database which store a data base like your user information, computer information and also other network object info. It has capabilities to manage and administer the complete Network which connect with AD. 2. What is domain ? A domain is a named collection of hosts and subdomains, registered with a unique name by the InterNIC. 3. What is domain controller ? A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination 4. What is LDAP ? Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2. 5. What is KCC ? KCC ( knowledge consistency checker ) is used to generate replication topology for inter site replication and for intra site replication with in a site replication traffic is done via remote procedure calls over ip, while between site it is done through either RPC or SMTP. 6. Where is the AD database held? What other folders are related to AD? The AD data base is store in c:\windows\ntds\NTDS.DIT. 7. What is the use of SYSVOL folder? The SYSVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the SYSVOL folder are replicated to all domain controllers in the domain. 8. What is LSDOU ? Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units 9. What is lost & found folder in ADS ? Its the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didnt find the OU then it will put that in Lost & Found Folder. 10. What is Garbage collection ? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours 11. What System State data contains ? 1. Contains Startup files, 2. Registry 3. Com + Registration Database 4. Memory Page file 5. System files 6. AD information 7. Cluster Service information 8. SYSVOL Folder 12. What is the use of LDAP ? LDAP is designed to allow for the transfer of information between domain controllers and to allow users to query information about objects within the directory. 13. What is the purpose of replication in AD ? The purpose of replication is to distribute the data stored within the directory throughout the organization for increased availability, performance, and data protection. Systems administrators can tune replication to occur based on their physical network infrastructure and other constraints. 14. What is global catalog ? The Global Catalog is a database that contains all of the information pertaining to objects within all domains in the Active Directory environment. 15. What is DNS Zones ? A DNS zone is a portion of the DNS namespace over which a specific DNS server has authority. 16. What is a site ? one or more well-connected highly reliable and fast TCP/IP subnets. A site allows administrator to configure active directory access and replication topology to take advantage of the physical network.
17. What is Active Directory Schema ? The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest. it also contains formal definitions of every attribute that can exist in an Active Directory Object. 18. What are the benefits of AD integrated DNS ? 1. A few advantages that Acrive Directory-integrated zone implementations have over standard primary zone implementation are : 2. Active Directory replication is faster, which means that the time needed to transfer zone data between zones is farless. 3. The Active Directory replication topology is used for Active Directory replication, and for Active Directory- integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated. 19. What is File Replication Service (FRS) File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain controllers and distributed file system shared folders. This service is a part of Microsoft's Active Directory Service. 20. Explain different zone involved in DNS Server? DNS has two different Zones Forward Lookup Zone and Reverse Lookup Zone. There two Zones are categorized into three zones and are as follows: Primary zone: It contains the read and writable copy of the DNS Database. Secondary Zone: It acts as a backup for the primary zone and contains the read only copy of the DNS database. Stub zone: It is also read-only like a secondary zone; stub zone contains only SOA, copies of NS and A records for all name servers authoritative for the zone 21. What is the difference between local, global and universal groups ? Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resoures in all trusted domains. 22. What is RPC protocol ? A protocol RPC (Remote Procedure Call) used to allow communications between system process on remote computers. The RPC protocol is used by the Active Directory for intrasite replication.
23. What is Resource Record ? Resource Record (RR) is a DNS entry that specifies the availability of specific DNS services.For Example, an MX record specifies the IP address of a mail server, and Host (A) records specify the IP addresses of workstations on the network. 24. What is a Tree ? A set of Active Directory domains that share a common namespace and are connected by a transitive two-way trust. Resources can be shared between the domains in an Active Directory. 25. What is REPADMIN ? This command-line tool assists administrators in diagnosing replication problems between windows domain conrollers. Administrators can use Repadmin to view the replication topology as seen from the perspective of each domain contrsoller. 26. Is the DNS protocol involved when a user's pings a website name? Yes it is involved. When the user pings the website name, a DNS request packet is sent to the DNS server which would then respond with the IP address of the web server on which the website is hosted. 27. On a network, should the DNS server IP address be configured on the computer or the internet router for users to browse the internet? The DNS server IP address should be configured on the computer for the users to browse the internet. 28. In a LAN network should the DNS server be inside the network or can it reside on the internet? The DNS server can reside anywhere as long as the computers and devices requiring DNS service have network access to it. 29. How does a computer know to which DNS server it has to send the request? The DNS server IP address is configured on the TCP/IP adapter setting of the computer. With this information, the computer knows the DNS server to which the request has to be sent. 30. What are the requirements for installing AD on a new server? The Domain structure. The Domain Name . storage location of the database and log file. Location of the shared system volume folder. DNS config Methode. DNS configuration. 31. Which port does a DNS Server Use? UDP port 53
32. A user opens the browser and types the IP address of the webserver on which a website is hosted. Is DNS protocol involved during the scenario? The DNS protocol is used to resolve the website name into the corresponding IP address. In this case, since the IP address is already known, DNS protocol is not required and is not involved in the scenario.
33. Name two methods by which DNS can be configured on a computer. It can be manually configured on the TCP/IP adapter or by a DHCP server.
34. If a computer is configured with a default gateway address, should the same address be used as the DNS server IP address ? It is not mandatory. The DNS server IP address can be any value provided the computer has access to it.
35. What is sites ? What are they used for ? One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network. A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets. Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.
36. Trying to look at the Schema, how can I do that ? register schmmgmt.dll using this command c:\windows\system32>regsvr32 schmmgmt.dll Open mmc > add snapin > add Active directory schema name it as schema.msc Open administrative tool > schema.msc
37. What is the port no of Kerberos ? 88
38. What is the port no of Global catalog ? 3268 39. How can you forcibly remove AD from a server, and what do you do later? ? Can I get user passwords from the AD database? Dcpromo /forceremoval , an administrator can forcibly remove Active Directory and roll back the system without having to contact or replicate any locally held changes to another DC in the forest. Reboot the server then After you use the dcpromo /forceremoval command, all the remaining metadata for the demoted DC is not deleted on the surviving domain controllers, and therefore you must manually remove it by using the NTDSUTIL command. In the event that the NTDS Settings object is not removed correctly you can use the Ntdsutil.exe utility to manually remove the NTDS Settings object. You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active Directory Users and Computers. 40. How many root DNS servers are available in the world 13. 41. What are the FSMO roles? Flexible Single Master Operation (FSMO) role. Currently there are five FSMO roles: Schema master Domain naming master RID master PDC emulator Infrastructure master 42. What is domain tree ? Domain Trees: A domain tree comprises several domains that share a common schema and configuration, forming a contiguous namespace. Domains in a tree are also linked together by trust relationships. Active Directory is a set of one or more trees. Trees can be viewed two ways. One view is the trust relationships between domains. The other view is the namespace of the domain tree. 43. What is forests ? A collection of one or more domain trees with a common schema and implicit trust relationships between them. This arrangement would be used if you have multiple root DNS addresses. 44. How to Select the Appropriate Restore Method ? You select the appropriate restore method by considering: Circumstances and characteristics of the failure. The two major categories of failure, From an Active Directory perspective, are Active Directory data corruption and hardware failure. Active Directory data corruption occurs when the directory contains corrupt data that has been replicated to all domain controllers or when a large portion of the Active Directory hierarchy has been changed accidentally (such as deletion of an OU) and this change has replicated to other domain controllers. 45. Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003? The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory. 46. What is Global Catalog? The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network. 47. How long does it take for security changes to be replicated among the domain controllers? Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA). 48. When should you create a forest? Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions. 49. Describe the process of working with an external domain name ? If it is not possible for you to configure your internal domain as a subdomain of your external domain, use a stand-alone internal domain. This way, your internal and external domain names are unrelated. For example, an organization that uses the domain name contoso.com for their external namespace uses the name corp.internal for their internal namespace. The advantage to this approach is that it provides you with a unique internal domain name. The disadvantage is that this configuration requires you to manage two separate namespaces. Also, using a stand-alone internal domain that is unrelated to your external domain might create confusion for users because the namespaces do not reflect a relationship between resources within and outside of your network. In addition, you might have to register two DNS names with an Internet name authority if you want to make the internal domain publicly accessible.
50. One easiest way to check all the 5 FSMO roles ? Use netdom query /domain:YourDomain FSMO command. It will list all the FSMO role handling domain controllers. 51. Which FSMO role directly impacting the consistency of Group Policy ? PDC Emulator. 52. Explain the process between a user providing his Domain credential to his workstation and the desktop being loaded? Or how the AD authentication works ? When a user enters a user name and password, the computer sends the user name to the KDC. The KDC contains a master database of unique long term keys for every principal in its realm. The KDC looks up the user's master key (KA), which is based on the user's password. The KDC then creates two items: a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expiration time. The KDC encrypts this ticket by using its own master key (KKDC), which only the KDC knows. The client computer receives the information from the KDC and runs the user's password through a one-way hashing function, which converts the password into the user's KA. The client computer now has a session key and a TGT so that it can securely communicate with the KDC. The client is now authenticated to the domain and is ready to access other resources in the domain by using the Kerberos protocol. 53. Name few port numbers related to Active Directory ? Kerberos 88, LDAP 389, DNS 53, SMB 445. 54. Which version of Kerberos is used for Windows 2000/2003 and 2008 Active Directory ? All versions of Windows Server Active Directory use Kerberos 5. 55. How do you check currently forest and domain functional levels? Say both GUI and Command line. To find out forest and domain functional levels in GUI mode, open ADUC, right click on the domain name and take properties. Both domain and forest functional levels will be listed there. TO find out forest and domain functional levels, you can use DSQUERY command. 56. What is RODC ? Why do we configure RODC ? Read only domain controller (RODC) is a feature of Windows Server 2008 Operating System. RODC is a read only copy of Active Directory database and it can be deployed in a remote branch office where physical security cannot be guaranteed. RODC provides more improved security and faster log on time for the branch office.
57. What is Active Directory Recycle Bin ? Active Directory Recycle bin is a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backed up AD database, rebooting domain controller or restarting any services. 58. What is group nesting ? Adding one group as a member of another group is called 'group nesting'. This will help for easy administration and reduced replication traffic. 59. What are the logical components of Active Directory ? Domains, Organizational Units, trees and forests are logical components of Active Directory. 60. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options? Yes, you can use dirXML or LDAP to connect to other directories. In Novell you can use E-directory. 61. How do you create a new application partition ? Use the DnsCmd command to create an application directory partition. To do this, use the following syntax: DnsCmd ServerName /CreateDirectoryPartition FQDN of partition 62. Difference between LDIFDE and CSVDE? CSVDE is a command that can be used to import and export objects to and from the AD into a CSV- formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info. LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF- formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor, however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects. 63. What are the DS* commands ? The following DS commands: the DS family built in utility . 1. DSmod - modify Active Directory attributes. 2. DSrm - to delete Active Directory objects. 3. DSmove - to relocate objects 4. DSadd - create new accounts 5. DSquery - to find objects that match your query attributes. 6. DSget - list the properties of an object 64. What are System State data contains ? 1. Contains Startup files 2. Registry 3. Com + Registration Database 4. Memory Page file 5. System files 6. AD information 7. Cluster Service information 8. SYSVOL Folder 65. What is lost & found folder in ADS ? It's the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn't find the OU then it will put that in Lost & Found Folder. 66. What Intrasite and Intersite Replication ? Intrasite is the replication with in the same site & intersite the replication between sites. 67. Which is service in your windows is responsible for replication of Domain controller to another domain controller? KCC generates the replication topology. Use SMTP / RPC to replicate changes. 68. What is LSDOU ? It's group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units. 69. How to look at the Schema ? register schmmgmt.dll using this command c:\windows\system32>regsvr32 schmmgmt.dll Open mmc --> add snapin --> add Active directory schema name it as schema.msc Open administrative tool --> schema.msc 70. What is BridgeHead Server in AD ? A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.