Active Directory Intervie Questions

Savios Suggestive & Informative Recipes from Ad Cookbook
Interview Questions
Q.1 Wat is te Active !irector"#
Ans$ Active Directory stores information about resources on the network and
makes it easy for users to locate, manage and use their resources.
Q.% Were is te Active !irector" database &ocated#
Ans$ The Active Directory database is located in the

%systemroot%\NTD\NTD.D!T"
!t is based on #et database.
Q.' Wat is te Active !irector" Scema#
Ans$ $. !t is dynamically u%datable.
&. !t is dynamically available.
'. DA().
Q.( Wat is )!A*# Wat is te port for )!A*#
Ans$ )DA* is a method of communication in Active Directory. )DA* is a
directory service %rotocol that is used to +uery and u%date Active Directory.
Q.+ Wat is a tree#
Ans$ A collection of domains which share a common names%ace.
Q., Wat is te function of -.s"stemroot./s"stem'%/dssec.dat0 fie#
Ans$ To delegate the right to unlock locked user accounts to a user or grou% in
Active Directory, you must first make the right visible.
The %ystemroot%\ystem'&\Dssec.dat file contains filters that control the
whether a right is revealed, and can be written. ,%en Dssec.dat in Note%ad
and find -.ser/. 0ithin -.ser/, the lockoutTime entry is listed al%habetically.
(hange the mask from 1 to 2, yielding lockoutTime32.
1
N,T45 The mask values a%%ears to be5
2 6 7ead and 0rite of %ro%erty unfiltered
$ 6 7ead of %ro%erty filtered
& 6 0rite of %ro%erty filtered
1 6 8ilter out %ro%erty.
Q.1 Wat are te core services in 23cange +.+# 23&p&ain te order of
starting te services#
Ans$ $. Directory service9D:5 net start mse;changeds"
&. !nformation tore9!:5 net start mse;changeis"
'. <essage Transfer Agent9<TA:5 net start mse;changemta"
=. !nternet <ail (onnector9!<(:5 net start mse;changeimc"
>. net start mse;changees"

Q.4 Wat is te si5e of 6ransaction &og fi&e#
Ans$ > <? 94;;;;.log:
Q.7 I8C service in 23cange +.+ does not start. 23p&ain te necessar" steps
"ou wou&d take to ceck and reso&ve te prob&em#
Ans$ $. !ncorrectly configured Address %ace.
&. .se a blank s%ace in the Address %ace field which will lets the
!nternet <ail (onnector send mail to all reci%ients and %rovides a basic
configuration on which to build after you know your service works. !f you have
entered anything in this bo;, try removing it and see if the !<( starts.
Q19. Wat are te core services in 23cange %999# 23p&ain te process of
starting te services#
Ans$ The core services are
2

$. <icrosoft 4;change <TA tack9mse;changemta:.
&. <icrosoft 4;change !nformation store9mse;changeis:.
'. <icrosoft 4;change 7outing 4ngine9revc:.
=. <icrosoft 4;change ysytem Attendant9mse;changesa:.
>. Network News Transfer *rotocol9NNT*vc:
@. im%le <ail Transfer *rotocol9<T*vc:.
Q11. 23p&ain te :ierarc" of te 23cange 8anagement Conso&e *rogram#
Ans$ ,rganisation Name
Alobal ettings
7ece%ients
Administrative Arou%s

Tools
3
Q1%. Wat is te &atest service pack for 23cange +.+ and 23cange %999#
Ans$ 4;change >.> 5 *=
4;change &222 5 *'
Q14. What is RUS? Which service is responsible for the RUS?
Ans: The Recipient Update Service(RUS) is a component in the Exchange 2000 System
Attendant service. The RUS creates and maintains Exchange 2000-specific attri!te va"!es
in the Active #irectory.
$f yo! create a mai"ox for a !ser% the RUS is responsi"e for the a!tomatic generation of
the !ser&s Simp"e 'ai" Transfer (rotoco"(S'T() address and any other proxy addresses
that yo! have defined for yo!r recipients. )o*ever% in Active #irectory Users and
+omp!ters too"% the proxy addresses are not disp"ayed immediate"y eca!se a short "atency
4
period occ!rs efore the Recipient Update Service prod!ces the ne* e-mai" addresses. This
"atency occ!rs even if yo! have config!red the RUS to r!n contin!o!s"y.
After yo! insta"" Exchange 2000% t*o instances of RUS are created,
-. The enterprise config!ration RUS%
2. The domain RUS
There is on"y one instance of the enterprise RUS in the organi.ation. /o! m!st have a RUS
for each domain that contains mai"ox-ena"ed !sers.
Each instance of the #omain RUS associates one Exchange 2000 comp!ter(*here the RUS
r!ns) *ith one 1indo*s 2000 or 1indo*s 2000 Server #omain contro""er(*here A# o2ects
are !pdated).
3n"y one RUS can e associated *ith any Active #irectory domain contro""er.
$f yo! have m!"tip"e sites% yo! can a"so add m!"tip"e instances of the RUS for each domain.
$n this scenario% an instance of the RUS is hosted on a #+ in each site% and mai"ox creation
does not depend on the inter-site rep"ication sched!"e of the A#.
$f yo! create a ne* mai"ox-ena"ed !ser% that !ser cannot "og on to their mai"ox !nti" the
RUS has generated the ne* proxy e-mai" addresses. $f yo! set the RUS to r!n on a sched!"e%
that !ser may have to *ait a short period efore they can !se Exchange 2000.
To !pdate addresses immediate"y% yo! can force the RUS to r!n man!a""y.
Q15. What is a recipient policy e!"ail policy an# "ailbo$ "ana%er policy?
Ans: Recipient po"icies are !sed in Exchange 200o server to a!tomatica""y contro" the
generation of e-mai" addresses for recipient o2ects
The fo""o*ing are recipient o2ects%
-. 'ai"-ena"es !sers
2. +ontacts
0. 4ro!ps
5. (!"ic 6o"ders.
Recipient po"icies are simi"ar to the 7Site-Addressing8 feat!re in Exchange 9.9% !t are
more f"exi"e. 6or e.g. recipient po"icies a""o* yo! to create m!"tip"e addresses for a given
address type.
They provide a set of :#A(-ased fi"ter r!"es. These r!"es a""o* yo! to se"ect the set of
recipients to *hich the recipient po"icy *i"" app"y.
'ai"ox manager po"icy is the po"icy in *hich the Exchange Administrator has the ai"ity to
contro" the content of !ser&s mai"ox.
Recipient po"icies are a set of config!ra"e r!"es that r!n on a sched!"e and eva"!ate a"" the
messaging-ena"ed o2ects in yo!r Active #irectory forest. The po"icy !ses the r!"es to fi"ter
a"" of the o2ects and to se"ective"y app"y e-mai" addresses of specific types to those instances
that fit the predefined r!"es.
Q1&. What is e#b.ch' file (se# for?
Ans: The chec;point fi"es are !sed to ;eep a trac; of transactions that are committed to the
dataase after ac;!p.
5
Q1). What is ese(til*# ese(til*p ese(til*% (se# for?
Ans, -. Ese!ti" <d , #efragmentation

0. Ese!ti" <p , Repair
5. Ese!ti" <g = $ntegrity chec;
Q1). What is the te"p.e#b file?
Ans: The fi"e TE'(.E#> is !sed to store transactions that are in progress. TE'(.E#>
is a"so !sed for some transient storage d!ring on"ine compaction.
Q1+. ,$plain the -./01/,2 (tility?
Ans: $t a""o*s yo! to import and export Active #irectory content in :#$6 format.
:#$6 fi"es are composed of "oc;s of entries. An entry can add% modify% or de"ete an
o2ect. The first "ine of an entry is the disting!ished name. The second "ine contains a
changetype% *hich can e add% modify% or de"ete. $f it is an o2ect addition% the rest of the
entry contains the attri!tes that sho!"d e initia""y set on the o2ect (one per "ine). 6or
o2ect de"etions% yo! do not need to specify any other attri!tes. And for o2ect
modifications% yo! need to specify at "east three more "ines. The first sho!"d contain the
type of modification yo! *ant to perform on the o2ect. This can e add (to set a
previo!s"y !nset attri!te or to add a ne* va"!e to a m!"tiva"!ed attri!te)% rep"ace (to
rep"ace an existing va"!e)% or de"ete (to remove a va"!e). The modification type sho!"d e
fo""o*ed y a co"on and the attri!te yo! *ant to perform the modification on. The next
"ine sho!"d contain the name of the attri!te fo""o*ed y a co"on% and the va"!e for the
attri!te. 6or examp"e% to rep"ace the "ast name attri!te *ith the va"!e Smith% yo!?d !se
the fo""o*ing :#$6
#n: cn34s"ithcn3(sers#c3rallencorp#c3co"
chan%etype: "o#ify
replace: sn
sn: S"ith
!
'odification entries m!st e fo""o*ed y a "ine that on"y contains a hyphen (-). /o! can
p!t additiona" modification actions fo""o*ing the hyphen% each separated y another
hyphen. )ere is a comp"ete :#$6 examp"e that adds a 2smith !ser o2ect and then
modifies the given@ame and sn attri!tes for that o2ect,
chan%etype: a##
&
ob4ect5lass: (ser
sa"acco(ntna"e: 4s"ith
sn: 6S"ith
(seracco(ntcontrol: 512
chan%etype: "o#ify
a##: %iven7a"e
%iven7a"e: 6i"
!
replace: sn
sn: S"ith
!
Q13. ,$plain the Anato"y of a /o"ain tr(st an# a forest in the Active /irectory?
Ans: 1. Anatomy of a #omain.

#omains are represented y #o"ain/7S ob4ects.
)
Q14. What are the 3 758s in a forest?
Ans: -. The 6orest Root #omain.

2. The +onfig!ration @+.
0. The Schema @+.
Q15. What are the #ifferent partitions associate# 9ith a 1orest?
Ans: -. 5onfi%(ration 75 , +ontains data that is app"ica"e across a"" of the
domains and% th!s% is rep"icated to a"" domain contro""ers in the forest. Some of this
data inc"!des the site topo"ogy% "ist of partitions% p!"ished services% disp"ay specifiers%
and extended rights.
2. Sche"a 75 , +ontains the o2ects that descrie ho* data can e str!ct!red
and stored in Active #irectory. The c"assSchema o2ects in the Schema @+
represent c"ass definitions for o2ects. The attri!teSchema o2ects descrie
*hat data can e stored *ith c"asses. The Schema @+ is rep"icated to a""
domain contro""ers in a forest.
0. /o"ain 75 , As descried ear"ier% a domain is a naming context that ho"ds
domain-specific data inc"!ding !ser% gro!p% and comp!ter o2ects.
5. Application partitions , +onfig!ra"e partitions that can e rooted any*here
in the forest and can e rep"icated to any domain contro""er in the forest. These
are not avai"a"e *ith 1indo*s 2000.
+
Q1&. After s(ccessf(lly #e"otin% a /5*re"ovin% the forest 9hich co""an#s help
#eter"ine if all entries have been re"ove#?
Ans,
A netsh 9ins server ::;W07SServer7a"e< sho9 na"e ;1orest/7S7a"e< 1c
A nsloo'(p ;/o"ain5ontroller/7S7a"e<
A nsloo'(p !type3SR= >l#ap.>tcp.%c.>"s#cs.;1orest/7S7a"e<
nsloo'(p ;1orest/7S7a"e<
Q1). What are the steps to re"ove a /o"ain fro" a 1orest?
Ans: -. Start from the "ast #+ of the #omain.
2. R!n 7#cpro"o8% and se"ect the option 7?his server is the last #o"ain controller
in the #o"ain8.
@ote , $f the domain yo! *ant to remove has s!domains% yo! have to remove the
s!domains efore proceeding.
0. After a"" domain contro""ers have een demoted and depending on ho* o!r
environment is config!red% yo! may need to remove 1$@S and @S entries that
*ere associated *ith the domain contro""ers and domain !n"ess they *ere
a!tomatica""y removed via 1$@S deregistration and ##@S d!ring the demotion
process.
5. Remove any tr!sts esta"ished for the domain.
Q1+. @o( 9ant to co"pletely re"ove a #o"ain that 9as orphane# beca(se A?his server is
the last #o"ain controller in the #o"ainA 9as not selecte# 9hen #e"otin% the last
#o"ain controller the #o"ain 9as forcibly re"ove# or the last #o"ain controller in the
#o"ain 9as #eco""issione# i"properly. ,$plain the proce#(re?
Ans: The fo""o*ing ntds!ti" commands (in o"d) *o!"d forci"y remove the
emea.ra""encorp.com domain from the ra""encorp.com forest. Rep"ace
;/o"ain5ontroller7a"e< *ith the hostname of the #omain @aming 6"exi"e Sing"e
'aster 3peration (6S'3) for the forest,
nt#s(til A"eta cleanA As o tA conn Acon to server ;/o"ain5ontroller7a"e<A B B
metadata c"ean!p, As o tA Alist #o"ainsA
C
6o!nd 5 domain(s)
0 - #+Bra""encorp%#+Bcom
- - #+Bamer%#+Bra""encorp%#+Bcom
2 - #+Bemea%#+Bra""encorp%#+Bcom
0 - #+Bapac%#+Bra""encorp%#+Bcom
Se"ect operation target, sel #o"ain 2
@o c!rrent site
#omain - #+Bemea%#+Bra""encorp%#+Bcom
@o c!rrent server
@o c!rrent @aming +ontext
Se"ect operation target: B
metadata c"ean!p, remove sel #o"ain
/o! *i"" receive a message indicating *hether the remova" *as s!ccessf!".
@ote, Removing an orphaned domain consists of removing the domain o2ect for the
domain (e.g.% dcBemea%dcBra""encorp%dcBcom)% a"" of its chi"d o2ects% and the associated
crossRef o2ect in the (artitions container. /o! need to target the #omain @aming 6S'3
*hen !sing the ntds!ti" command eca!se that server is responsi"e for creation and
remova" of domains.
$n the so"!tion% shortc!t parameters *ere !sed to red!ce the amo!nt of typing necessary. $f
each parameter *ere typed o!t f!""y% the commands *o!"d "oo; as fo""o*s,
nt#s(til A"eta#ata clean(pA Aselect operation tar%etA connections Aconnect to
server ;/o"ain5ontroller7a"e<A B(it B(it
metadata c"ean!p, Aselect operation tar%etA Alist #o"ainsA
6o!nd 5 domain(s)
0 - #+Bra""encorp%#+Bcom
- - #+Bamer%#+Bra""encorp%#+Bcom
2 - #+Bemea%#+Bra""encorp%#+Bcom
0 - #+Bapac%#+Bra""encorp%#+Bcom
Se"ect operation target, se"ect domain 2

@o c!rrent site
#omain - #+Bemea%#+Bra""encorp%#+Bcom
@o c!rrent server
@o c!rrent @aming +ontext
1D
Se"ect operation target, C!it
metadata c"ean!p: re"ove selecte# #o"ain
Q1C. @o( 9ant to fin# the 7etE0FS na"e of a #o"ain. Altho(%h Gicrosoft has "ove# to
(sin% /7S for pri"ary na"e resol(tion the 7etE0FS na"e of a #o"ain is still
i"portant especially 9ith #o9n!level clients that are still base# on 7etE0FS instea# of
/7S for na"in%. Ho9 can yo( achieve this?
Ans: A. Using 4raphica" User $nterface,
$. 3pen the Active #irectory #omains and Tr!sts snap-in.
&. Right-c"ic; the domain yo! *ant to vie* in the "eft pane and se"ect (roperties.
'. The @et>$3S name *i"" e sho*n in the A/o"ain na"e Ipre!Win#o9s
2DDDJA fie"d.
>. Using a +ommand-"ine $nterface,
-. < #sB(ery K cn3partitionscn3confi%(ration;1orestRoot/7< !filterLR,?UR7M
AINIob4ectcate%ory3crossrefJI#nsroot3;/o"ain/7S7a"e<JInetbiosna"e3KJJA
!attrLR,?UR7Mnetbiosna"e
7ote: Each domain has a crossRef o2ect that is !sed y Active #irectory to generate
referra"s. Referra"s are necessary *hen a c"ient performs a C!ery and the directory server
hand"ing the reC!est does not have the matching o2ect(s) in its domain. The @et>$3S name
of a domain is stored in the domain?s crossRef o2ect in the (artitions container in the
+onfig!ration @+. Each crossRef o2ect has a dnsRoot attri!te% *hich is the f!""y C!a"ified
#@S name of the domain. The net>$3S@ame attri!te contains the @et>$3S name for the
domain.
Q2D. @o( 9ant to rena"e a #o"ain #(e to or%aniOational chan%es or le%al restrictions
beca(se of an acB(isition. Rena"in% a #o"ain is a very involve# process an# sho(l# be
#one only 9hen absol(tely necessary. 5han%in% the na"e of a #o"ain can have an
i"pact on everythin% fro" /7S replication an# PQFs to /1S an# 5ertificate Services.
A #o"ain rena"e also reB(ires that all #o"ain controllers an# "e"ber co"p(ters in the
#o"ain are reboote#R 0s it possible in Win#o9s 2DDD?
Ans: Under 1indo*s 2000% there is no s!pported process to rename a domain. There is one
*or;aro!nd for mixed-mode domains in *hich yo! revert the domain and any of its chi"d
11
domains ac; to 1indo*s @T domains. This can e done y demoting a"" 1indo*s 2000
domain contro""ers and "eaving the 1indo*s @T domain contro""ers in p"ace. /o! co!"d
then reintrod!ce 1indo*s 2000 domain contro""ers and !se the ne* domain name *hen
setting !p Active #irectory.
A domain rename proced!re is s!pported if a forest is r!nning a"" 1indo*s Server 2000
domain contro""ers and is at the 1indo*s Server 2000 forest f!nctiona" "eve".
The too" is -ren#o".e$e2.
D2-. @o( 9ant to create a one!9ay or t9o!9ay nontransitive tr(st fro" an A/ #o"ain to
a Win#o9s 7? #o"ain.Ho9 #o 9e create a ?r(st Eet9een a Win#o9s 7? /o"ain an#
an A/ /o"ain ?
Ans. Using a graphica" !ser interface,
-. 3pen the Active #irectory #omains and Tr!sts snap-in.
2. $n the "eft pane% right-c"ic; the domain yo! *ant to add a tr!st for and se"ect
(roperties.
0. +"ic; on the Tr!sts ta.
5. +"ic; the @e* Tr!st !tton.
9. After the @e* Tr!st 1i.ard opens% c"ic; @ext.
E. Type the @et>$3S name of the @T domain and c"ic; @ext.
F. Ass!ming the @T domain *as reso"va"e via its @et>$3S name% the next screen *i""
as; for the #irection of Tr!st. Se"ect T*o-*ay% 3ne-*ay incoming% or 3ne-*ay
o!tgoing% and c"ic; @ext.
G. $f yo! se"ected T*o-*ay or 3ne-*ay 3!tgoing% yo!?"" need to se"ect the scope of
a!thentication% *hich can e either #omain-*ide or Se"ective% and c"ic; @ext.
H. Enter and re-type the tr!st pass*ord and c"ic; @ext.
-0. +"ic; @ext t*ice to finish.
Using a command-"ine interface
< net#o" tr(st ;7?4/o"ain7a"e< */o"ain:;A//o"ain7a"e< *A//LR,?UR7M
L*User/:;A//o"ain7a"e<:A/User< *Qass9or#/:KMLR,?UR7M
L*UserF:;7?4/o"ain7a"e<:7?4User< *Qass9or#F:KMLR,?UR7M
L*?WFWA@M
12
6or examp"e% to create a tr!st from the @T5 domain RA::E@+3R(I@T5 to the A#
domain RA::E@+3R(% !se the fo""o*ing command,
< net#o" tr(st RA..,75FRQ>7?4 */o"ain:RA..,75FRQ *A//LR,?UR7M
*User/:RA..,75FRQ:a#"inistrator *Qass9or#/:KLR,?UR7M
*UserF:RA..,75FRQ>7?4:a#"inistrator *Qass9or#F:K
/o! can ma;e the tr!st idirectiona"% i.e.% t*o-*ay% y adding a <T*o1ay s*itch to the
examp"e.
Q 22 .Ho9 to 5reate a ?ransitive ?r(st Eet9een ?9o A/ 1orests ?
Ans: Using a graphica" !ser interface
-. 3pen the Active #irectory #omains and Tr!sts snap-in.
2. $n the "eft pane% right c"ic; the forest root domain and se"ect (roperties.
0. +"ic; on the Tr!sts ta.
5. +"ic; the @e* Tr!st !tton.
9. After the @e* Tr!st 1i.ard opens% c"ic; @ext.
E. Type the #@S name of the A# forest and c"ic; @ext.
F. Se"ect 6orest tr!st and c"ic; @ext.
G. +omp"ete the *i.ard y stepping thro!gh the rest of the config!ration screens.
< net#o" tr(st ;1orest1/7S7a"e< */o"ain:;1orest2/7S7a"e< *?9o9ay
*?ransitive *A//LR,?UR7M
L*User/:;1orest2A#"inUser< *Qass9or#/:KMLR,?UR7M
L*UserF:;1orest1A#"inUser< *Qass9or#F:KM
6or examp"e% to create a t*o-*ay forest tr!st from the A# forest ra""encorp.com to the A#
forest othercorp.com% !se the fo""o*ing command,
< net#o" tr(st rallencorp.co" */o"ain:othercorp.co" *?9o9ay *?ransitive
*A//LR,?UR7M
*User/:a#"inistratorSothercorp.co" *Qass9or#/:KLR,?UR7M
*UserF:a#"inistratorSrallencorp.co" *Qass9or#F:K
7ote: A ne* type of tr!st ca""ed a forest tr!st *as introd!ced in 1indo*s Server 2000.
Under 1indo*s 2000% if yo! *anted to create a f!""y tr!sted environment et*een t*o
13
forests% yo! *o!"d have to set !p individ!a" externa" t*o-*ay tr!sts et*een every domain
in oth forests. $f yo! have t*o forests *ith three domains each and *anted to set !p a f!""y
tr!sted mode"% yo! *o!"d need nine individ!a" tr!sts. 6ig!re 2-5 i""!strates ho* this *o!"d
"oo;.
6ig!re 2-5. Tr!sts necessary for t*o 1indo*s 2000 forests to tr!st each other
1ith a forest tr!st% yo! can define a sing"e one-*ay or t*o-*ay transitive tr!st re"ationship
that extends to a"" the domains in oth forests. /o! may *ant to imp"ement a forest tr!st if
yo! merge or acC!ire a company and yo! *ant a"" of the ne* company?s Active #irectory
reso!rces to e accessi"e for !sers in yo!r Active #irectory environment and vice versa.
6ig!re 2-9 sho*s a forest tr!st scenario. To create a forest tr!st% yo! need to !se acco!nts
from the Enterprise Admins gro!p in each forest.
6ig!re 2-9. Tr!st necessary for t*o 1indo*s Server 2000 forests to tr!st each other
Q23. @o( 9ant to create a shortc(t tr(st bet9een t9o A/ #o"ains in the sa"e forest or
in #ifferent forests. Shortc(t tr(sts can "a'e the a(thentication process "ore efficient
bet9een t9o #o"ains in a forest.
Q.23 Ho9 to =ie9 the ?r(sts for a /o"ain ?
(ro"em
@o( 9ant to vie9 the tr(sts for a #o"ain.
So"!tion
Using a graphica" !ser interface
1. Fpen the Active /irectory /o"ains an# ?r(sts snap!in.
2. 0n the left pane ri%ht!clic' the #o"ain yo( 9ant to vie9 an# select Qroperties.
14
3. 5lic' on the ?r(sts tab.
net#o" B(ery tr(st */o"ain:;/o"ain/7S7a"e<
D.20 )o* to Jerify a Tr!st K
(ro"em
@o( 9ant to verify that a tr(st is 9or'in% correctly. ?his is the first #ia%nostics step to
ta'e if (sers notify yo( that a(thentication to a re"ote #o"ain appears to be failin%.
So"!tion
1or the Win#o9s 2DDD version of the Active /irectory /o"ains an# ?r(sts snap!in:
1. 0n the left pane ri%ht!clic' on the tr(stin% #o"ain an# select Qroperties.
2. 5lic' the ?r(sts tab.
3. 5lic' the #o"ain that is associate# 9ith the tr(st yo( 9ant to verify.
4. 5lic' the ,#it b(tton.
5. 5lic' the =erify b(tton.
1or the Win#o9s Server 2DD3 version of the Active /irectory /o"ains an# ?r(sts snap!
in:
3. 5lic' the #o"ain that is associate# 9ith the tr(st yo( 9ant to verify.
4. 5lic' the Qroperties b(tton.
5. 5lic' the =ali#ate b(tton.
< net#o" tr(st ;?r(stin%/o"ain< */o"ain:;?r(ste#/o"ain< *=erify *verboseLR,?UR7M
L*UserF:;?r(stin%/o"ainUser< *Qass9or#F:KMLR,?UR7M
L*User/:;?r(ste#/o"ainUser< *Qass9or#/:KM
15
D29. )o* to Reset a Tr!st K
(ro"em
@o( 9ant to reset a tr(st pass9or#. 0f yo(Tve #eter"ine# a tr(st is bro'en yo( nee# to
reset it 9hich 9ill allo9 (sers to a(thenticate across it a%ain.
So"!tion
1ollo9 the sa"e #irections as Recipe 2.2D. ?he option to reset the tr(st 9ill only be
presente# if the =erify*=ali#ate #i# not s(ccee#.
< net#o" tr(st ;?r(stin%/o"ain< */o"ain:;?r(ste#/o"ain< *Reset *verboseLR,?UR7M
L*UserF:;?r(stin%/o"ainUser< *Qass9or#F:KMLR,?UR7M
L*User/:;?r(ste#/o"ainUser< *Qass9or#/:KM
Q26. How to Remove a Trust ?
(ro"em
@o( 9ant to re"ove a tr(st. ?his is co""only #one 9hen the re"ote #o"ain has been
#eco""issione# or access to it is no lon%er reB(ire#.
So"!tion
4. 5lic' on the #o"ain that is associate# 9ith the tr(st yo( 9ant to re"ove.
5. 5lic' the Re"ove b(tton.
&. 5lic' FU.
1&
> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Remove
/verbose[RETURN]
[/UserO:<TrustingDomainUser> /PasswordO:*][RETURN]
[/UserD:<TrustedDomainUser> /PasswordD:*]
D2F .)o* to 6ind #!p"icate S$#s in a #omain K
(ro"em
@o( 9ant to fin# any #(plicate S0/s in a #o"ain. Penerally yo( sho(l# never fin#
#(plicate S0/s in a #o"ain b(t it is possible in so"e sit(ations s(ch as 9hen the relative
i#entifier IR0/J 1SGF role o9ner has to be seiOe# or yo( are "i%ratin% (sers fro"
Win#o9s 7? #o"ains.
So"!tion
?o fin# #(plicate S0/s r(n the follo9in% co""an# replacin% <DomainControllerName>
9ith a #o"ain controller or #o"ain na"e:
> ntdsutil se! a!! man !o to se <DomainControllerName> !"e!# du$
sid % %
?he follo9in% "essa%e 9ill be ret(rne#:
Du$li!ate &'D !"e!# !om$leted su!!ess(ull)* +"e!# du$sid*lo, (or an)
du$li!ates
?he #(psi#.lo% file 9ill be in the #irectory 9here yo( starte# ntdsutil.
0f yo( 9ant to #elete any ob4ects that have #(plicate S0/s yo( can (se the follo9in%
co""an#:
> ntdsutil se! a!! man !o to se <DomainControllerName> !lean du$
sid % %
.i'e the chec' co""an# the clean co""an# 9ill %enerate a "essa%e li'e the follo9in%
(pon co"pletion:
Du$li!ate &'D !leanu$ !om$leted su!!ess(ull)* +"e!# du$sid*lo, (or an)
du$li!ate
D.2G )o* to 6ind the #omain +ontro""ers for a #omainK
(ro"em
@o( 9ant to fin# the #o"ain controllers in a #o"ain.
1)
So"!tion
1. Fpen the Active /irectory Users an# 5o"p(ters snap!in.
2. 5onnect to the tar%et #o"ain.
3. 5lic' on the Domain +ontrollers FU.
4. ?he list of #o"ain controllers for the #o"ain 9ill be present in the ri%ht pane.
> netdom %uer) d! /Domain:<DomainDNSName>
Q29. How to Find a Domain Controller's Site?
(ro"em
@o( nee# to #eter"ine the site of 9hich a #o"ain controller is a "e"ber.
So"!tion
1. Fpen ./Q an# fro" the "en( select 5onnection !5onnect.
2. 1or Server enter the na"e of a #o"ain controller Ior leave blan' to #o a
serverless bin#J.
3. 1or Qort enter 3+C.
4. 5lic' FU.
5. 1ro" the "en( select 5onnection Ein#.
&. ,nter cre#entials of a #o"ain (ser.
). 5lic' FU.
+. 1ro" the "en( select Ero9se Search.
C. 1or Ease/7 type the #istin%(ishe# na"e of the &ites container Ie.%.
cn3sitescn3confi%(ration#c3rallencorp #c3co"J.
1D. 1or Scope select S(btree.
1+
11. 1or 1ilter enter:
-.-ob/e!t!ate,or)0server1-dns2ostName0<DomainControllerName>11
12. 5lic' R(n.
> nltest /ds,etsite /server:<DomainControllerName>
Q 30. How to ove a Domain Controller to a Di!!erent Site?
(ro"em
@o( 9ant to "ove a #o"ain controller to a #ifferent site.
So"!tion
1. Fpen the Active /irectory Sites an# Services snap!in.
2. 0n the left pane e$pan# the site that contains the #o"ain controller.
3. ,$pan# the &ervers container.
4. Ri%ht!clic' on the #o"ain controller yo( 9ant to "ove an# select Gove.
5. 0n the Gove Server bo$ select the site to 9hich the #o"ain controller 9ill be
"ove# an# clic' FU.
When (sin% the dsmove co""an# yo( "(st specify the /7 of the ob4ect yo( 9ant to
"ove. 0n this case it nee#s to be the #istin%(ishe# na"e of the server ob4ect for the
#o"ain controller. ?he val(e for the !new$arent option is the #istin%(ishe# na"e of the
&ervers container yo( 9ant to "ove the #o"ain controller to.
> dsmove <ServerDN> 3new$arent <NewServersContainerDN>
1or e$a"ple the follo9in% co""an# 9o(l# "ove #c2 fro" the De(ault34irst3&ite3
Name site to the Ralei," site.
> dsmove !n0d!56!n0servers6!n0De(ault34irst3&ite3
Name6!n0sites6!n0!on(i,uration6[RETURN]
rallen!or$ 3new$arent
!n0servers6!n0Ralei,"6!n0sites6!n0!on(i,uration6rallen!or$
1C
Q3". How to Find t#e $lo%al Catalo& Servers in a Forest?
(ro"em
@o( 9ant a list of the %lobal catalo% servers in a forest.
So"!tion
1. Fpen ./Q an# fro" the "en( select 5onnection 5onnect.
2. 1or Server enter the na"e of a /5.
4. 5lic' FU.
5. 1ro" the "en( select 5onnection Ein#.
&. ,nter cre#entials of a #o"ain (ser.
). 5lic' FU.
+. 1ro" the "en( select Ero9se Search.
C. 1or Ease/7 type the /7 of the Sites container Ie.%.
cn3sitescn3confi%(ration#c3rallencorp #c3co"J.
1D. 1or Scope select S(btree.
11. 1or 1ilter enter -.-ob/e!t!ate,or)0ntdsdsa1-o$tions0711.
12. 5lic' R(n.
> ds%uer) server 3(orest 3is,!
Q32. How to Find Domain Controllers and $lo%al Catalo&s via D'S?
(ro"em
@o( 9ant to fin# #o"ain controllers or %lobal catalo%s (sin% /7S loo'(ps.
2D
So"!tion
/o"ain controllers an# %lobal catalo% servers are represente# in /7S as SR= recor#s.
@o( can B(ery SR= recor#s (sin% nsloo#u$ by settin% the t)$e0&R8 s(ch as the
follo9in%:
> nsloo#u$
De(ault &erver: dns97*rallen!or$*!om
:ddress: 79*7*5*;
> set t)$e0&R8
@o( then nee# to iss(e the follo9in% B(ery to retrieve all #o"ain controllers for the
specifie# #o"ain.
> <lda$*<t!$*<DomainDNSName>
@o( can iss(e a si"ilar B(ery to retrieve %lobal catalo%s b(t since they are forest!9i#e
the B(ery is base# on the forest na"e.
> <,!*<t!$*<ForestDNSName>
@o( can even fin# the #o"ain controllers or %lobal catalo%s that are in a partic(lar site or
that cover a partic(lar site by B(eryin% the follo9in%:
> <lda$*<t!$*<SiteName>*<sites*<DomainDNSName>
> <,!*<t!$*<SiteName>*<sites*<ForestDNSName>
See Recipe 11.1+ for "ore infor"ation on site covera%e.
B''. Cow about Findin& t#e FS( Role Holders ????
0.29.- (ro"em
@o( 9ant to fin# the #o"ain controllers that are actin% as one of the 1SGF roles.
0.29.2 So"!tion
0.29.2.- Using a graphica" !ser interface
1or the Sche"a Gaster:
21
1. Fpen the Active /irectory Sche"a snap!in.
2. Ri%ht!clic' on Active /irectory Sche"a in the left pane an# select Fperations
Gaster.
1or the /o"ain 7a"in% Gaster:
2. Ri%ht!clic' on Active /irectory /o"ains an# ?r(sts in the left pane an# select
Fperations Gaster.
1or the Q/5 ,"(lator R0/ Gaster an# 0nfrastr(ct(re Gaster:
2. Ga'e s(re yo(Tve tar%ete# the correct #o"ain.
3. Ri%ht!clic' on Active /irectory Users an# 5o"p(ters in the left pane an# select
Fperations Gaster.
4. ?here are in#ivi#(al tabs for the Q/5 R0/ an# 0nfrastr(ct(re roles.
0.29.2.2 Using a command-"ine interface
0n the follo9in% co""an# yo( can leave o(t the /Domain <DomainDNSName> option to
B(ery the #o"ain yo( are c(rrently lo%%e# on.
> netdom %uer) (smo /Domain:<DomainDNSName>
1or so"e reason this co""an# ret(rns a A?he para"eter is incorrectA error on Win#o9s
Server 2DD3. Until that is resolve# yo( can (se the ds%uer) server co""an# sho9n
here 9here <Role> can be s!"ema name in(r $d! or rid:
> ds%uer) server 3"as(smo <Role>
Q'(. How to Trans!er a FS( Role?
0.2E.- (ro"em
@o( 9ant to transfer a 1SGF role to a #ifferent #o"ain controller. ?his "ay be necessary
if yo( nee# to ta'e a c(rrent 1SGF role hol#er #o9n for "aintenance.
0.2E.2 So"!tion
0.2E.2.- Using a graphica" !ser interface
22
1. Use the sa"e #irections as #escribe# in Recipe 3.25 for vie9in% a specific 1SGF
e$cept tar%et Ii.e. ri%ht!clic' an# select 5onnect to /o"ain 5ontrollerJ the
#o"ain controller yo( 9ant to transfer the 1SGF to before selectin% Fperations
Gaster.
2. 5lic' the 5han%e b(tton.
3. 5lic' FU t9ice.
4. @o( sho(l# then see a "essa%e statin% 9hether the transfer 9as s(ccessf(l.
0.2E.2.2 Using a command-"ine interface
?he follo9in% 9o(l# transfer the Q/5 ,"(lator role to <NewRoleOwner>. See the
#isc(ssion to see abo(t transferrin% the other roles.
> ntdsutil roles !onn !o t s <NewRoleOwner> % trans(er PD+ % %
B'>. Cow to Sei)e a FS( Role?
0.2F.- (ro"em
@o( nee# to seiOe a 1SGF role beca(se the c(rrent role hol#er is #o9n an# 9ill not be
restore#.
0.2F.2 So"!tion
0.2F.2.- Using a command-"ine interface
?he follo9in% 9o(l# seiOe the Q/5 ,"(lator role to <NewRoleOwner>:
> ntdsutil roles !onn !o t s <NewRoleOwner> % sei=e PD+ % %
Any of the other roles can be transferre# as 9ell (sin% ntdsutil by replacin% Atransfer
Q/5A in the previo(s sol(tion 9ith one of the follo9in%:
AseiOe #o"ain na"in% "asterA
AseiOe infrastr(ct(re "asterA
AseiOe R0/ "asterA
AseiOe sche"a "asterA
Q36. How on Findin& t#e *DC +mulator FS( Role (wner via D'S?
0.2G.- (ro"em
23
@o( 9ant to fin# the Q/5 ,"(lator for a #o"ain (sin% /7S.
0.2G.2 So"!tion
0.2G.2.- Using a command-"ine interface
> nsloo#u$ 3t)$e0&R8 <lda$*<t!$*$d!*<msd!s*<DomainDNSName>
B'1. How to,iew t#e -ttri%utes o! an (%.e/t usin& 0D*?
5.2.- (ro"em
@o( 9ant to vie9 one or "ore attrib(tes of an ob4ect (sin% ./Q
5.2.2 So"!tion
1. Fpen ./Q.
2. 1ro" the "en( select 5onnection 5onnect.
3. 1or Server enter the na"e of a #o"ain controller or #o"ain that contains the
ob4ect.
5. 5lic' FU.
&. 1ro" the "en( select 5onnection Ein#.
). ,nter cre#entials of a (ser that can vie9 the ob4ect Iif necessaryJ.
+. 5lic' FU.
C. 1ro" the "en( select =ie9 ?ree.
1D. 1or Ease/7 type the /7 of the ob4ect yo( 9ant to vie9.
11. 1or Scope select Ease.
12. 5lic' FU.
24
> ds%uer) * <ObjectDN> 3s!o$e base 3attr *
1or Win#o9s 2DDD (se this co""an#:
> enum$ro$ >D:P://<ObjectDN>
B'D. Cow to 1se 0D-* Controls?
5.0.- (ro"em
@o( 9ant to (se an ./AQ control as part of an ./AQ operation.
5.0.2 So"!tion
1. Fpen ./Q.
2. 1ro" the "en( select Fptions 5ontrols.
3. 1or the Win#o9s Server 2DD3 version of ./Q select the control yo( 9ant to (se
(n#er .oa# Qre#efine#. ?he control sho(l# a(to"atically be a##e# to the list of
Active 5ontrols.
1or the Win#o9s 2DDD version of ./Q yo(Tll nee# to type the ob4ect i#entifier
IF0/J of the control (n#er Fb4ect 0#entifier.
4. ,nter the val(e for the control (n#er =al(e.
5. Select 9hether the control is server! or client!si#e (n#er 5ontrol ?ype.
&. 5hec' the bo$ besi#e 5ritical if the control is critical.
). 5lic' the 5hec'!in b(tton.
+. 5lic' FU.
C. At this point yo( 9ill nee# to invo'e the ./AQ operation Ifor e$a"ple SearchJ
that 9ill (se the control. 0n the #ialo% bo$ for any operation be s(re that the
A,$ten#e#A option is chec'e# before initiatin% the operation.
D0H. )o* to !se :#( for Searching for 32ects in a #omainK
5.9.- (ro"em
@o( 9ant to fin# ob4ects that "atch certain criteria in a #o"ain.
5.9.2 So"!tion
25
1. Fpen ./Q.
serverless bin#J.
5. 5lic' FU.
). ,nter cre#entials of a (ser.
+. 5lic' FU.
C. 1ro" the "en( select Ero9se Search.
1D. 1or Ease/7 type the base #istin%(ishe# na"e 9here the search 9ill start.
11. 1or Scope select the appropriate scope.
12. 1or 1ilter enter an ./AQ filter.
13. 5lic' R(n.
> ds%uer) * <BaseDN> 3s!o$e <Scoe> 3(ilter <Filter> 3attr
<!ttr"ist>
D50. )o* to !se :#( for searching the 4"oa" +ata"ogK
5.E.- (ro"em
@o( 9ant to perfor" a forest!9i#e search (sin% the %lobal catalo%.
5.E.2 So"!tion
5.E.2.- Using a graphica" !ser interface
1. Fpen ./Q.
2&
3. 1or Server enter the na"e of a %lobal catalo% server.
4. 1or Qort enter 32&+.
5. 5lic' FU.
). ,nter cre#entials of a (ser.
+. 5lic' FU.
1D. 1or Ease/7 type the base #istin%(ishe# na"e 9here to start the search.
12. 1or 1ilter enter an ./AQ filter.
13. 5lic' R(n.
5.E.2.2 Using a command-"ine interface
> ds%uer) * <BaseDN> 3,! 3s!o$e <Scoe> 3(ilter <Filter> 3attr
<!ttr"ist>
D5- .)o* to #e"egate +ontro" of an 3UK
9.H.- (ro"em
@o( 9ant to #ele%ate a#"inistrative access of an FU to allo9 a %ro(p of (sers to "ana%e
ob4ects in the FU.
9.H.2 So"!tion
9.H.2.- Using a graphica" !ser interface
2. 0f yo( nee# to chan%e #o"ains ri%ht!clic' on AActive /irectory Users an#
5o"p(tersA in the left pane select 5onnect to /o"ain enter the #o"ain na"e
an# clic' FU.
2)
3. 0n the left pane bro9se to the tar%et FU ri%ht!clic' on it an# select /ele%ate
5ontrol.
4. Select the (sers an#*or %ro(ps to #ele%ate control to by (sin% the A## b(tton an#
clic' 7e$t.
5. Select the type of privile%e to %rant the (sers*%ro(ps an# clic' 7e$t.
&. 5lic' 1inish.
9.H.2.2 Using a command-"ine interface
A5.s can be set via a co""an#!line 9ith the dsa!ls (tility fro" the S(pport ?ools. See
Recipe 14.1D for "ore infor"ation.
D52. )o* to :in; a 4(3 to an 3UK
9.--.- (ro"em
@o( 9ant to apply the settin%s in a PQF to the (sers an#*or co"p(ters 9ithin an FU also
'no9n as lin'in% the PQF to the FU.
9.--.2 So"!tion
9.--.2.- Using a graphica" !ser interface
1. Fpen the Pro(p Qolicy Gana%e"ent IPQG5J snap!in.
2. ,$pan# 1orest in the left pane.
3. ,$pan# /o"ain an# navi%ate #o9n to the FU in the #o"ain yo( 9ant to lin' the
PQF to.
4. Ri%ht!clic' on the FU an# select either 5reate an# .in' a PQF Here Iif the PQF
#oes not alrea#y e$istJ or .in' an ,$istin% PQF Iif yo( have alrea#y create# the
PQFJ.
D50. )o* to +reate a SiteK
--.-.- (ro"em
@o( 9ant to create a site.
--.-.2 So"!tion
--.-.2.- Using a graphica" !ser interface
2+
2. Ri%ht!clic' on the &ites container an# select 7e9 Site.
3. Eesi#e 7a"e enter the na"e of the ne9 site.
4. Un#er .in' 7a"e select a site lin' for the site.
5. 5lic' FU t9ice.
--.-.2.2 Using a command-"ine interface
5reate an ./01 file calle# create>site.l#f 9ith the follo9in% contents:
dn: !n0<SiteName>6!n0sites6!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: add
ob/e!t!lass: site
dn: !n0>i!ensin, &ite &ettin,s6!n0<SiteName>6!n0sites6!n0!on(i,uration6
<ForestRootDN>
!"an,et)$e: add
ob/e!t!lass: li!ensin,&ite&ettin,s
dn: !n0NTD& &ite
&ettin,s6!n0<SiteName>6!n0sites6!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: add
ob/e!t!lass: nTD&&ite&ettin,s
dn: !n0&ervers6!n0<SiteName>6!n0sites6!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: add
ob/e!t!lass: servers+ontainer
then r(n the follo9in% co""an#:
> ldi(de 3v 3i 3( !reate<site*ld(
D55. )o* to +reate a S!netK
--.5.- (ro"em
@o( 9ant to create a s(bnet.
--.5.2 So"!tion
--.5.2.- Using a graphica" !ser interface
2. Ri%ht!clic' on the S(bnets container an# select 7e9 S(bnet.
3. ,nter the A##ress an# Gas' an# then select 9hich site the s(bnet is part of.
2C
4. 5lic' FU.
--.5.2.2 Using a command-"ine interface
5reate an ./01 file calle# create>s(bnet.l#f 9ith the follo9in% contents:
dn: !n0<Subnet>6!n0subnets6!n0sites6!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: add
ob/e!t!lass: subnet
siteOb/e!t: !n0<SiteName>6!n0sites6!n0!on(i,uration6<ForestRootDN>
> ldi(de 3v 3i 3( !reate<subnet*ld(
D59. )o* to +reate a Site :in; K
--.F.- (ro"em
@o( 9ant to create a site lin' to connect t9o or "ore sites to%ether.
--.F.2 So"!tion
--.F.2.- Using a graphica" !ser interface
2. ,$pan# the &ites container.
3. ,$pan# the 'nter3&ite Trans$orts container.
4. Ri%ht!clic' on 'P Ior &?TPJ an# select 7e9 Site .in'.
5. 1or 7a"e enter the na"e for the site lin'.
&. Un#er Site is not in this site lin' select at least t9o sites an# clic' the A## b(tton.
). 5lic' FU.
--.F.2.2 Using a command-"ine interface
?he follo9in% ./01 9o(l# create a site lin' connectin% the S65 an# /allas sites:
dn: !n0Dallas3&@+6!n0'P6!n0inter3site
trans$orts6!n0sites6!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: add
ob/e!t!lass: site>in#
siteOb/e!t: !n0&@+6!n0sites6!n0!on(i,uration6<ForestRootDN>
siteOb/e!t: !n0Dallas6!n0sites6!n0!on(i,uration6<ForestRootDN>
3D
0f the ./01 file 9ere na"e# create>site>lin'.l#f yo(T# then r(n the follo9in% co""an#:
> ldi(de 3v 3i 3( !reate<site<lin#*ld(
Q26 .How to Create a Site 0in3 4rid&e ?
--.-2.- (ro"em
@o( 9ant to create a site lin' bri#%e beca(se yo(Tve #isable# site lin' transitivity.
--.-2.2 So"!tion
--.-2.2.- Using a graphica" !ser interface
2. 0n the left pane e$pan# &ites 'nter3&ite Trans$orts.
3. Ri%ht!clic' either the 'P or &?TP fol#er #epen#in% 9hich protocol yo( 9ant to
create a site lin' bri#%e for.
4. Select 7e9 Site .in' Eri#%e.
5. Hi%hli%ht t9o or "ore sites in the left bo$.
&. 5lic' the A## b(tton.
). 5lic' FU.
--.-2.2.2 Using a command-"ine interface
5reate an ./01 file calle# create>site>lin'>bri#%e.l#f 9ith the follo9in% contents 9here
<"in#$> an# <"in#%> refer to the site lin's to be bri#%e#:
dn: !n0<BridgeName>6!n0'P6!n0inter3site
trans$orts6!n0sites6!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: add
ob/e!t!lass: site>in#Arid,e
site>in#>ist: !n0<"in#$>6!n0'P6!n0'nter3site
Trans$orts6!n0sites6!n0!on(i,uration6
<ForestRootDN>
site>in#>ist: !n0<"in#%>6!n0'P6!n0'nter3site
Trans$orts6!n0sites6!n0!on(i,uration6
<ForestRootDN>
?hen r(n the follo9in% co""an#:
> ldi(de 3v 3i 3( !reate<site<lin#<brid,e*ld(
31
D5F. )o* to 6ind the >ridgehead Servers for a SiteK
--.-0.- (ro"em
@o( 9ant to fin# the bri#%ehea# servers for a site.
--.-0.2 So"!tion
--.-0.2.- Using a graphica" !ser interface
1. Fpen the Replication Gonitor fro" the S(pport ?ools Ire$lmon*eBeJ.
2. 1ro" the "en( select =ie9 Fptions.
3. 0n the left pane ri%ht!clic' on Gonitore# Servers an# select A## Gonitore#
Server.
4. Use the A## Gonitore# Server WiOar# to a## a server in the site yo( 9ant to fin#
the bri#%ehea# serverIsJ for.
5. 0n the left pane ri%ht!clic' on the server an# select Sho9 Eri#%eHea# Servers
0n ?his ServerTs Site.
--.-0.2.2 Using a command-"ine interface
> re$admin /brid,e"eads [<ServerName>] [/verbose]
?he /brid,e"eads option is vali# only 9ith the Win#o9s Server 2DD3 version of
re$admin. ?here is no s(ch option in the Win#o9s 2DDD version.
--.-0.2.0 Using J>Script
B=D. How to ove a Domain Controller to a Di!!erent Site?
(ro"em
@o( 9ant to "ove a #o"ain controller to a #ifferent site. ?his "ay be necessary if yo(
pro"ote# the #o"ain controller 9itho(t first a##in% its s(bnet to Active /irectory. 0n that
case the #o"ain controller 9ill be a##e# to the De(ault34irst3&ite3Name site.
So"!tion
32
2. 0n the left pane e$pan# &ites e$pan# the site 9here the server yo( 9ant to "ove
is containe# an# e$pan# the &ervers container.
3. Ri%ht!clic' on the server yo( 9ant to "ove an# select Gove.
4. Select the site to "ove the server to.
5. 5lic' FU.
> dsmove !n0<ServerName>6!n0servers6!n0<CurrentSite>6[RETURN]
!n0sites6!n0!on(i,uration6<ForestRootDN> 3new$arent
!n0servers6!n0<NewSite>6[RETURN]
!n0sites6!n0!on(i,uration6<ForestRootDN>
D5H. )o* to +onfig!re a #omain +ontro""er to +over '!"tip"e SitesK
--.-F.- (ro"em
@o( 9ant to confi%(re a #o"ain controller to cover "(ltiple sites 9hich 9ill ca(se
clients in those sites to (se that #o"ain controller for a(thentication an# #irectory
loo'(ps.
--.-F.2 So"!tion
--.-F.2.- Using a graphica" !ser interface
1. R(n re,edit*eBe fro" the co""an# line or Start R(n.
2. 0n the left pane e$pan# HU,@>.F5A.>GA5H07, S@S?,G
5(rrent5ontrolSet Services 7etlo%on Qara"eters.
3. 0f the Site5overa%e val(e #oes not e$ist ri%ht!clic' on Qara"eters in the left pane
an# select 7e9 G(lti!Strin% =al(e. 1or the na"e enter Site5overa%e.
4. 0n the ri%ht pane #o(ble!clic' on the val(e an# on a separate line enter each site
the server sho(l# cover.
5. 5lic' FU.
--.-F.2.2 Using a command-"ine interface
> re, add
2C>?D&)stemD+urrent+ontrol&etD&ervi!esDNetlo,onDParameters /v[RETURN]
33
&ite+overa,e /t REE<?U>T'<&F /d <Site$>D9<Site%>
D90. )o* to Trigger the L++K
--.2F.- (ro"em
@o( 9ant to tri%%er the U55.
--.2F.2 So"!tion
--.2F.2.- Using a graphica" !ser interface
2. 0n the left pane bro9se to the NTD& &ettin,s ob4ect for the server yo( 9ant to
tri%%er the U55 for.
3. Ri%ht!clic' on NTD& &ettin,s select All ?as's an# 5hec' Replication
?opolo%y.
4. 5lic' FU.
--.2F.2.2 Using a command-"ine interface
> re$admin /#!! <DomainControllerName>
D9-. )o* to #etermine if the L++ $s +omp"eting S!ccessf!""yK
--.2G.- (ro"em
@o( 9ant to #eter"ine if the U55 is co"pletin% s(ccessf(lly.
--.2G.2 So"!tion
--.2G.2.- Using a graphica" !ser interface
1. Fpen the ,vent =ie9er of the tar%et #o"ain controller.
2. 5lic' on the /irectory Service lo%.
3. 0n the ri%ht pane clic' on the So(rce hea#in% to sort by that col("n.
4. Scroll #o9n to vie9 any events 9ith So(rce: 7?/S U55.
--.2G.2.2 Using a command-"ine interface
?he follo9in% co""an# 9ill #isplay any U55 errors fo(n# in the /irectory Service lo%:
> d!dia, /v /test:#!!event /s:<DomainControllerName>
34
D9-. )o* to #isa"e the L++ for a SiteK
--.2H.- (ro"em
@o( 9ant to #isable the U55 for a site an# %enerate yo(r o9n replication connections
bet9een #o"ain controllers.
--.2H.2 So"!tion
--.2H.2.- Using a graphica" !ser interface
1. Fpen A/S0 ,#it.
2. 5onnect to the 5onfi%(ration 7a"in% 5onte$t if it is not alrea#y #isplaye#.
3. 0n the left pane bro9se the 5onfi%(ration 7a"in% 5onte$t Sites.
4. 5lic' on the site yo( 9ant to #isable the U55 for.
5. 0n the ri%ht pane #o(ble!clic' +N0NTD& &ite &ettin,s.
&. Go#ify the o$tions attrib(te. ?o #isable only intra!site topolo%y %eneration
enable the DDDD1 bit I#eci"al 1J. ?o #isable inter!site topolo%y %eneration enable
the 1DDDD bit I#eci"al 1&J. ?o #isable both enable the 1DDD1 bits I#eci"al 1)J.
). 5lic' FU.
--.2H.2.2 Using a command-"ine interface
@o( can #isable the U55 for <SiteName> by (sin% the ldi(de (tility an# an ./01 file
that contains the follo9in%:
dn: !n0NTD& &ite
&ettin,s6<SiteName>6!n0sites6!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: modi()
re$la!e: o$tions
o$tions: <Otions&alue>
3
0f the ./01 file 9ere na"e# #isable>'cc.l#f yo( 9o(l# r(n the follo9in% co""an#:
> ldi(de 3v 3i 3( disable<#!!*ld(
B>& . How to C#an&e t#e 5nterval at 6#i/# t#e 7CC Runs?
--.00.- (ro"em
@o( 9ant to chan%e the interval at 9hich the U55 r(ns.
35
--.00.2 So"!tion
--.00.2.- Using a graphica" !ser interface
2. ,$pan# HU,@>.F5A.>GA5H07, S@S?,G 5(rrent5ontrolSet
Services 7?/S Qara"eters.
3. Ri%ht!clic' on Qara"eters an# select 7e9 /WFR/ =al(e.
4. ,nter the follo9in% for the na"e: Re$l to$olo,) u$date $eriod -se!sJ.
5. /o(ble!clic' on the ne9 val(e an# (n#er =al(e #ata enter the U55 interval in
n("ber of secon#s ICDD is the #efa(ltJ.
&. 5lic' FU.
--.00.2.2 Using a command-"ine interface
> re, add 2C>?D&)stemD+urrent+ontrol&etD&ervi!esDNTD&DParameters /v
Re$l to$olo,)[RETURN]
u$date $eriod -se!s1 /t REE<DGORD /d <NumSecs>
B>'. How to Determine i! Two Domain Controllers -re in S8n/?
-2.-.- (ro"em
@o( 9ant to #eter"ine if t9o #o"ain controllers are in sync an# have no ob4ects to
replicate to each other.
-2.-.2 So"!tion
-2.-.2.- Using a command-"ine interface
Ey r(nnin% the follo9in% t9o co""an#s yo( can co"pare the (p!to!#ateness vector on
the t9o /5s:
> re$admin /s"owutdve! <DC$Name> <NamingConte'tDN>
> re$admin /s"owutdve! <DC%Name> <NamingConte'tDN>
?he Win#o9s 2DDD version of re$admin (se# a #ifferent synta$ to acco"plish the sa"e
thin%. Here is the eB(ivalent synta$:
> re$admin /s"owve!tor <NamingConte'tDN> <DC$Name>
3&
> re$admin /s"owve!tor <NamingConte'tDN> <DC%Name>
B>=.)o* to Jie* the Rep"ication Stat!s of Severa" #omain +ontro""ers
-2.2.- (ro"em
@o( 9ant to ta'e a B(ic' snap!shot of replication activity for one or "ore #o"ain
controllers.
-2.2.2 So"!tion
-2.2.2.- Using a command-"ine interface
?he follo9in% co""an# 9ill sho9 the replication stat(s of all the #o"ain controllers in
the forest:
> re$admin /re$lsum
@o( can also (se * as a 9il#car# character to vie9 the stat(s of a s(bset of #o"ain
controllers. ?he follo9in% co""an# 9ill #isplay the replication stat(s of only the servers
that be%in 9ith the na"e d!3rt$:
> re$admin /re$lsum d!3rt$*
D99 . )o* to Jie* Unrep"icated +hanges >et*een T*o #omain +ontro""ersK
-2.0.- (ro"em
@o( 9ant to fin# the (nreplicate# chan%es bet9een t9o #o"ain controllers.
-2.0.2 So"!tion
-2.0.2.- Using a graphica" !ser interface
1. Fpen the Replication Gonitor fro" the S(pport ?ools Ire$lmon*eBeJ.
2. 1ro" the "en( select =ie9 Fptions.
3. Fn the Peneral tab chec' the bo$ besi#e Sho9 ?ransitive Replication Qartners
an# ,$ten#e# /ata.
4. 5lic' FU.
5. 0n the left pane ri%ht!clic' on Gonitore# Servers an# select A## Gonitore#
Server.
3)
&. Use the A## Gonitore# Server WiOar# to a## one of the #o"ain controllers yo(
9ant to co"pare I0Tll call it #c1J.
). 0n the left pane (n#er the server yo( 4(st a##e# e$pan# the na"in% conte$t that
yo( 9ant to chec' for (nreplicate# chan%es.
+. Ri%ht!clic' on the other #o"ain controller yo( 9ant to co"pare I0Tll call it #c2J
an# select 5hec' 5(rrent US7 an# Un!replicate# Fb4ects.
C. ,nter cre#entials if necessary an# clic' FU.
1D. 0f so"e chan%es have not yet replicate# fro" #c2 to #c1 a bo$ 9ill pop (p that
lists the (nreplicate# ob4ects.
11. ?o fin# o(t 9hat chan%es have yet to replicate fro" #c1 to #c2 repeat the sa"e
steps e$cept a## #c2 as a "onitore# server an# chec' for (nreplicate# chan%es
a%ainst #c1.
-2.0.2.2 Using a command-"ine interface
R(n the follo9in% t9o co""an#s to fin# the #ifferences bet9een t9o #o"ain controllers.
Use the /statisti!s option to vie9 a s(""ary of the chan%es:
> re$admin /s"ow!"an,es <DC$Name> <DC%(U)D> <NamingConte'tDN>
> re$admin /s"ow!"an,es <DC%Name> <DC$(U)D> <NamingConte'tDN>
?he Win#o9s 2DDD version of re$admin has a #ifferent synta$ to acco"plish the sa"e
> re$admin /,et!"an,es <NamingConte'tDN> <DC$Name> <DC%(U)D>
> re$admin /,et!"an,es <NamingConte'tDN> <DC%Name> <DC$(U)D>
D 9E.)o* to 6orce Rep"ication from 3ne #omain +ontro""er to Another
-2.5.- (ro"em
@o( 9ant to force replication bet9een t9o partners.
-2.5.2 So"!tion
2. Ero9se to the NTD& &ettin, ob4ect for the #o"ain controller yo( 9ant to
replicate to.
3+
3. 0n the ri%ht pane ri%ht!clic' on the connection ob4ect to the #o"ain controller yo(
9ant to replicate fro" an# select Replicate 7o9.
?he follo9in% co""an# 9ill perfor" a replication sync of the na"in% conte$t specifie#
by <NamingConte'tDN> fro" <DC%Name> to <DC$Name>:
> re$admin /re$li!ate <DC$Name> <DC%Name> <NamingConte'tDN>
?he Win#o9s 2DDD version of re$admin has a #ifferent synta$ to acco"plish the sa"e
> re$admin /s)n! <NamingConte'tDN> <DC$Name> <DC%(U)D>
D9F. )o* to +hange the $ntra-Site Rep"ication $nterva"K
-2.9.- (ro"em
@o( 9ant to chan%e the n("ber of secon#s that a #o"ain controller in a site 9aits before
replicatin% 9ithin the site.
-2.9.2 So"!tion
2. ,$pan# HU,@>.F5A.>GA5H07, S@S?,G 5(rrent5ontrolSet
Services 7?/S Qara"eters.
3. 0f a val(e entry for Replicator notify pa(se after "o#ify IsecsJ #oes not e$ist
ri%ht!clic' on Qara"eters an# select 7e9 /WFR/ =al(e. 1or the na"e
enter: Re$li!ator noti() $ause a(ter modi() -se!s1.
4. /o(ble!clic' on the val(e an# enter the n("ber of secon#s to 9ait before
notifyin% intra!site replication partners.
5. 5lic' FU.
With the follo9in% co""an# chan%e <NumSeconds> to the n("ber of secon#s to set the
intra!site replication #elay to:
3C
> re, add 2C>?D&)stemD+urrent+ontrol&etD&ervi!esDNTD&DParameters /v
Re$li!ator[RETURN]
noti() $ause a(ter modi() -se!s1 /t REE<DGORD /d <NumSeconds>
D9G. )o* to +hange the $nter-Site Rep"ication $nterva" K
-2.E.- (ro"em
@o( 9ant to set the sche#(le for replication for a site lin'.
-2.E.2 So"!tion
?hese sol(tions ass("e the 0Q transport b(t the SG?Q transport co(l# be (se# as 9ell.
-2.E.2.- Using a graphica" !ser interface
2. ,$pan# the 'nter3&ite Trans$ort container.
3. 5lic' on the 'P container.
4. 0n the ri%ht pane #o(ble!clic' on the site lin' yo( 9ant to "o#ify the replication
interval for.
5. ,nter the ne9 interval besi#e Replicate every.
&. 5lic' FU.
-2.E.2.2 Using a command-"ine interface
?o chan%e the replication interval create an ./01 file na"e# set>lin'>rep>interval.l#f
9ith the follo9in% contents:
dn: !n0<"in#Name>6!n0i$6!n0'nter3&ite Trans$orts6!n0sites6
!n0!on(i,uration6<ForestRootDN>
!"an,et)$e: modi()
re$la!e: re$l'nterval
re$l'nterval: <New)nterval>
3
> ldi(de 3v 3i 3( set<lin#<re$<interval*ld(
D9H. )o* to +hec; for (otentia" Rep"ication (ro"emsK
-2.G.- (ro"em
4D
@o( 9ant to #eter"ine if replication is s(ccee#in%.
-2.G.2 So"!tion
?he follo9in% t9o co""an#s 9ill help i#entify proble"s 9ith replication on a so(rce
#o"ain controller:
> d!dia, /test:re$li!ations
> re$admin /s"owre$l /errorsonl)
-2.G.0 #isc!ssion
1or a "ore #etaile# report yo( can (se the Replication Gonitor Ire$lmon*eBeJ. ?he
Penerate Stat(s Report option 9ill pro#(ce a len%thy report of site topolo%y replication
infor"ation an# provi#e #etails on any errors enco(ntere#. ?he /irectory Service event
lo% can also be an inval(able so(rce of replication an# U55 proble"s.
DE0. )o* to 6ind +onf"ict 32ects K
-2.--.- (ro"em
@o( 9ant to fin# conflict ob4ects that are a res(lt of replication collisions.
-2.--.2 So"!tion
-2.--.2.- Using a graphica" !ser interface
1. Fpen ./Q.
serverless bin#J.
4. 1or Qort enter 3+C or 32&+ for the %lobal catalo%.
5. 5lic' FU.
). ,nter cre#entials Iif necessaryJ of a (ser that can vie9 the ob4ect.
+. 5lic' FU.
41
1D. 1or Ease/7 type the base /7 fro" 9here yo( 9ant to start the search.
12. 1or 1ilter enter -H-!n0*D9:+N4:*1-ou0*D9:+N4:*11.
13. 5lic' R(n.
-2.--.2.2 Using a command-"ine interface
?he follo9in% co""an# fin#s all conflict ob4ects 9ithin the 9hole forest:
> ds%uer) * (orestroot 3,! 3attr distin,uis"edName 3s!o$e subtree
3(ilter[RETURN]
-H-!n0*D9:+N4:*1-ou0*D9:+N4:*11
DE-. )o* to Jie* 32ect 'etadataK
-2.-2.- (ro"em
@o( 9ant to vie9 "eta#ata for an ob4ect. ?he ob4ectTs re$lPro$ert)?etaData attrib(te
stores "eta#ata infor"ation abo(t the "ost recent (p#ates to every attrib(te that has been
set on the ob4ect.
-2.-2.2 So"!tion
-2.-2.2.- Using a graphica" !ser interface
1. Fpen ./Q.
3. 1or Server enter the na"e of a #o"ain controller or #o"ain that contains the
ob4ect.
5. 5lic' FU.
). ,nter cre#entials Iif necessaryJ of a (ser that can vie9 the ob4ect.
+. 5lic' FU.
42
C. 1ro" the "en( select Ero9se Replication =ie9 Geta#ata.
1D. 1or Fb4ect /7 type the #istin%(ishe# na"e of the ob4ect yo( 9ant to vie9.
11. 5lic' FU.
-2.-2.2.2 Using a command-"ine interface
0n the follo9in% co""an# replace <ObjectDN> 9ith the #istin%(ishe# na"e of the
ob4ect for 9hich yo( 9ant to vie9 "eta#ata:
> re$admin /s"owob/meta <DomainControllerName> <ObjectDN>
?his co""an# 9as calle# /s"owmeta in the Win#o9s 2DDD version of re$admin. Also
the para"eters are s9itche# in that version 9here <ObjectDN> co"es before
<DomainControllerName>.
Q,%.

$. 0hatEs the difference between local, global and universal grou%sF
!omain &oca& groups assign access permissions to g&oba& domain groups
for &oca& domain resources. ;&oba& groups provide access to resources
in oter trusted domains. <niversa& groups grant access to resources in
a&& trusted domains.
&. ! am trying to create a new universal user grou%. 0hy canEt !F
<niversa& groups are a&&owed on&" in native=mode Windows Server %99'
environments. >ative mode re?uires tat a&& domain contro&&ers be
promoted to Windows Server %99' Active !irector".
'. 0hat is )D,.F
It@s group po&ic" ineritance mode&A were te po&icies are app&ied
to )oca& macinesA SitesA !omains and Brgani5ationa& <nits.
43
=. 0hy doesnEt )D,. work under 0indows NTF
If te >6Config.po& fi&e e3istA it as te igest priorit" among te
numerous po&icies.
>. 0here are grou% %olicies storedF
.S"stemRoot.S"stem'%/;roup*o&ic"
@. 0hat is A*T and A*(F
;roup po&ic" temp&ate and group po&ic" container.
1. 0here is A*T storedF
.S"stemRoot./SCSDB)/s"svo&/domainname/*o&icies/;<I!
D. Gou change the grou% %olicies, and now the com%uter and user settings are in
conflict. 0hich one has the highest %riorityF
6e computer settings take priorit".
H. Gou want to set u% remote installation %rocedure, but do not want
the user to gain access over it. 0hat do you doF
gponame=E <ser Configuration=E Windows Settings=E Remote Insta&&ation Services=E
Coice Bptions is "our friend.
$2. 0hatEs contained in administrative tem%late conf.admF
8icrosoft >et8eeting po&icies
$$. Cow can you restrict running certain a%%lications on a machineF
Dia group po&ic"A securit" settings for te groupA ten Software
Restriction *o&icies.
$&. Gou need to automatically install an a%%, but <! file is not available. 0hat do
you doF
A .5ap te3t fi&e can be used to add app&ications using te Software
Insta&&erA rater tan te Windows Insta&&er.
$'. 0hatEs the difference between oftware !nstaller and 0indows !nstallerF
44
6e former as fewer privi&eges and wi&& probab&" re?uire user
Intervention. *&usA it uses .5ap fi&es.
$=. 0hat can be restricted on 0indows erver &22' that wasnEt there in %revious
%roductsF
;roup *o&ic" in Windows Server %99' determines a users rigt to modif" network and dia&=
up 6C*FI* properties. <sers ma" be se&ective&" restricted from modif"ing teir I* address
and oter network configuration parameters.
$>. 0hat does !ntelli<irror doF
It e&ps to reconci&e desktop settingsA app&icationsA and stored fi&es
for usersA particu&ar&" tose wo move between workstations or tose
wo must periodica&&" work off&ine.
$@. 0here is seceditF
It@s now gpupdate.
$1. Gou want to create a new grou% %olicy but do not wish to inherit.
8ake sure "ou ceck G&ock ineritance among te options wen creating
te po&ic".
$D. 0hat is ItattooingI the 7egistryF
6e user can view and modif" user preferences tat are not stored in
maintained portions of te Registr". If te group po&ic" is removed or
cangedA te user preference wi&& persist in te Registr".
$H. Cow do you fight tattooing in NTJ&222 installationsF
Cou can@t.
&2. Cow do you fight tattooing in &22' installationsF
<ser Configuration = Administrative 6emp&ates = S"stem = ;roup *o&ic" =
enab&e = 2nforce Sow *o&icies Bn&".
&$. 0hat does !ntelli<irror doF
45
It e&ps to reconci&e desktop settingsAapp&icationsA and stored fi&es for usersA particu&ar&"
tose wo move between workstations or tose wo must periodica&&" work off&ine.
&&. 0hatEs the maKor difference between 8AT and NT8 on a local machineF
HA6 and HA6'% provide no securit" over &oca&&" &ogged=on users. Bn&" native >6HS provides
e3tensive permission contro& on bot remote and &oca& fi&es.
&'. Cow do 8AT and NT8 differ in a%%roach to user sharesF
6e" don@tA bot ave support for saring.
&=. 4;%lan the )ist 8older (ontents %ermission on the folder in NT8.
Same as Read & 23ecuteA but not inerited b" fi&es witin a fo&der. :oweverA new&" created
subfo&ders wi&& inerit tis permission.
&>. ! have a file to which the user has access, but he has no folder %ermission to
read it. (an he access itF
It is possib&e for a user to navigate to a fi&e for wic e does not ave fo&der permission.
6is invo&ves simp&" knowing te pat of te fi&e obIect. 2ven if te user can@t dri&& down
te fi&eFfo&der tree using 8" ComputerA e can sti&& gain access to te fi&e using te
<niversa& >aming Convention J<>CK. 6e best wa" to start wou&d be to t"pe te fu&& pat of
a fi&e into Run... window.
&@. 8or a user in several grou%s, are Allow %ermissions restrictive or %ermissiveF
*ermissiveA if at &east one group as A&&ow permission for te fi&eFfo&derA user wi&& ave te
same permission.
&1. 8or a user in several grou%s, are Deny %ermissions restrictive or %ermissiveF
RestrictiveA if at &east one group as !en" permission for te fi&eFfo&derA user wi&& be
denied accessA regard&ess of oter group permissions.
&D. 0hat hidden shares e;ist on 0indows erver &22' installationF
AdminLA !riveLA I*CLA >26)B;B>A printL and SCSDB).
&H. 0hatEs the difference between standalone and fault6tolerant D8 9Distributed
8ile ystem: installationsF
6e standa&one server stores te !fs director" tree structure or topo&og" &oca&&". 6usA if
a sared fo&der is inaccessib&e or if te !fs root server is downA users are &eft wit no &ink
4&
to te sared resources. A fau&t=to&erant root node stores te !fs topo&og" in te Active
!irector"A wic is rep&icated to oter domain contro&&ers. 6usA redundant root nodes ma"
inc&ude mu&tip&e connections to te same data residing in different sared fo&ders.
'2. 0eEre using the D8 fault6tolerant installation, but cannot access it from a
0inHD bo;.
<se te <>C patA not c&ientA on&" %999 and %99' c&ients can access Server %99' fau&t=
to&erant sares.
'$. 0here e;actly do fault6tolerant D8 shares store information in Active
DirectoryF
In *artition Mnow&edge 6ab&eA wic is ten rep&icated to oter domain contro&&ers.
'&. (an you use tart6Learch with D8 sharesF
Ces.
''. 0hat %roblems can you have with D8 installedF
6wo users opening te redundant copies of te fi&e at te same timeA wit no fi&e=&ocking
invo&ved in !HSA canging te contents and ten saving. Bn&" one fi&e wi&& be propagated
troug !HS.
'=. ! run <icrosoft (luster erver and cannot install fault6tolerant D8.
CeaA "ou can@t. Insta&& a standa&one one.
'>. !s Merberos encry%tion symmetric or asymmetricF
S"mmetric.
'@. Cow does 0indows &22' erver try to %revent a middle6man attack on encry%ted
lineF
6ime stamp is attaced to te initia& c&ient re?uestA encr"pted wit te sared ke".
'1. 0hat hashing algorithms are used in 0indows &22' erverF
RSA !ata Securit"@s 8essage !igest + J8!+KA produces a 1%4=bit asA and te
Secure :as A&goritm 1 JS:A=1KA produces a 1,9=bit as.
'D. 0hat third6%arty certificate e;change %rotocols are used by 0indows &22'
erverF
4)
Windows Server %99' uses te industr" standard *MCS=19 certificate re?uest and *MCS=1
certificate response to e3cange CA certificates wit tird=part" certificate autorities.
'H. 0hatEs the number of %ermitted unsuccessful logons on Administrator accountF
<n&imited. RememberA tougA tat it@s te Administrator accountA not an" account tat@s
part of te Administrators group.
=2. !f hashing is one6way function and 0indows erver uses hashing for storing
%asswords, how is it %ossible to attack the %assword lists,s%ecifically the ones using
NT)<v$F
A cracker wou&d &aunc a dictionar" attack b" asing ever" imaginab&e term used for
password and ten compare te ases.
=$. 0hatEs the difference between guest accounts in erver &22' and other editionsF
8ore restrictive in Windows Server %99'.
=&. Cow many %asswords by default are remembered when you check I4nforce
*assword Cistory 7ememberedIF
<ser@s &ast , passwords.

4+

4C

Active Directory Intervie Questions

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Active Directory Intervie Questions

Uploaded by

Copyright:

Available Formats

Savios Suggestive & Informative Recipes from Ad Cookbook

You might also like