Mention what is Active
Directory?
Active Directory (AD) is
a directory service developed by Microsoft and used to store objects like User,
Computer, printer, Network information, It facilitate to manage your network
effectively with multiple Domain Controllers in different location with AD
database, able to manage/change AD from any Domain Controllers and this will be
replicated to all other DC’s, centralized Administration with multiple
geographical location and authenticates users and computers in a Windows domain.
Mention what are the new
features in Active Directory (AD) of Windows Server 2012?
·
dcpromo (Domain Controller Promoter) with improved wizard: It
allows you to view all the steps and review the detailed results during the
installation process
·
Enhanced Administrative Center: Compared to the
earlier version of active directory, the administrative center is well designed
in Windows 2012. The exchange management console is well designed
·
Recycle bin goes GUI: In windows server 12,
there are now many ways to enable the active directory recycle bin through the
GUI in the Active Directory Administrative Center, which was not possible with
the earlier version
·
Fine grained password policies (FGPP): In
windows server 12 implementing FGPP is much easier compared to an earlier
It allows you to create different password policies in the same domain
·
Windows Power Shell History Viewer: You can
view the Windows PowerShell commands that relates to the actions you execute in
the Active Directory Administrative Center UI
Mention which is the default protocol used in directory services?
The default protocol used in directory services is LDAP (Lightweight
Directory Access Protocol).
Explain the term FOREST in AD?
Forest is used to define an assembly of AD domains that share a
single schema for the AD. All DC’s in the forest share this schema and is
replicated in a hierarchical fashion among them.
Explain what is SYSVOL?
The SysVOL folder keeps the server’s copy of the domain’s public
files. The contents such as users, group policy, etc. of the sysvol
folders are replicated to all domain controllers in the domain.
Mention what is the difference
between domain admin groups and enterprise admins group in AD?
Enterprise Admin
Group
|
Domain Admin Group
|
·
Members of this group have complete control
of all domains in the forest
·
By default, this group belongs to the
administrators group on all domain controllers in the forest
·
As such this group has full control of the
forest, add users with caution
|
·
Members of this group have complete
control of the domain
·
By default, this group is a member of the
administrators group on all domain controllers, workstations and member
servers at the time they are linked to the domain
·
As such the group has full control in the
domain, add users with caution
|
Mention what system state data
contains?
System state data contains
·
Contains startup files
·
Registry
·
Com + Registration Database
·
Memory page file
·
System files
·
AD information
·
SYSVOL Folder
·
Cluster service information
What is Tree?
Tree is a hierarchical arrangement of windows Domain that share
a contiguous name space
What is Domain?
Active Directory Domain Services is Microsoft’s Directory
Server. It provides authentication and authorization mechanisms as well as a
framework within which other related services can be deployed
Mention what is Kerberos?
Kerberos is an authentication protocol for network. It is
built to offer strong authentication for server/client applications by using
secret-key cryptography.
Explain where does the AD
database is held? What other folders are related to AD?
AD database is saved in %systemroot%/ntds.
In the same folder, you can also see other files; these are the main files
controlling the AD structures they are
·
dit
·
log
·
res 1.log
·
log
·
chk
·
What is Active Directory Domain
Controller (DC)?
Domain
Controller is the server which holds the AD database, All AD changes get
replicated to other DC and vise vase
What is Forest?
Forest
consists of multiple Domains trees. The Domain trees in a forest do not form a
contiguous name space however share a common schema and global catalog (GC)
What is Schema?
Active
directory schema is the set of definitions that define the kinds of object and
the type of information about those objects that can be stored in Active
Directory
Active
directory schema is Collection of object class and there attributes
Object
Class = User
Attributes
= first name, last name, email, and others
Mention what is PDC emulator
and how would one know whether PDC emulator is working or not?
PDC Emulators: There
is one PDC emulator per domain, and when there is a failed authentication
attempt, it is forwarded to PDC emulator. It acts as a “tie-breaker” and
it controls the time sync across the domain.
These are the parameters through which we can know whether PDC
emulator is working or not.
·
Time is not syncing
·
User’s accounts are not locked out
·
Windows NT BDCs are not getting updates
·
If pre-windows 2000 computers are unable to change their
passwords
Mention what are lingering
objects?
Lingering objects can exists if a domain controller does not
replicate for an interval of time that is longer than the tombstone lifetime
(TSL).
What is FSMO roles?
FSMO
: FLEXIBLE SINGLE MASTER OPERATIONS
Schema Master
Domain Naming Master
Infrastructure Master
RID Master
PDC
Schema Master and Domain Naming Master are forest wide role
and only available one on each Forest, Other roles are Domain wide and one for
each Domain
AD replication is multi master replication and change can be
done in any Domain Controller and will get replicated to others Domain
Controllers, except above file roles, this will be FLEXIBLE SINGLE MASTER
OPERATIONS (FSMO), these changes only be done on dedicated Domain
Controller so it’s single master replication
How to check which server holds
which role?
Netdom query FSMO
Mention what is TOMBSTONE
lifetime?
Tombstone lifetime in an Activ
e Directory determines how long a
deleted object is retained in Active Directory. The deleted
objects in Active Directory is stored in a special object referred as TOMBSTONE.
Usually, windows will use a 60- day tombstone lifetime if time is not set in
the forest configuration.
Explain what is Active
Directory Schema?
Schema is an active directory component describes all the
attributes and objects that the directory service uses to store data.
Explain what is a child DC?
CDC or child DC is a sub domain controller under root domain
controller which share name space
Explain what is RID Master?
RID master stands for Relative Identifier for assigning unique
IDs to the object created in AD.
Mention what are the components
of AD?
Components of AD includes
·
Logical Structure: Trees, Forest, Domains and OU
·
Physical Structures: Domain controller and Sites
Explain what is Infrastructure
Master?
Infrastructure Master is accountable for updating information
about the user and group and global catalogue.
Which FSMO role is the most important?
And why?
Interesting question which role is most important out of 5 FSMO
roles or if one role fails that will impact the end-user immediately
Most armature administrators pick the Schema master role, not
sure why maybe they though Schema is very critical to run the Active Directory
Correct answer is PDC, now the next question why? Will explain
role by role what happens when a FSMO role holder fails to find the answer
Schema Master –
Schema Master needed to update the Schema, we don’t update the schema daily
right, when will update the Schema? While the time of operating system
migration, installing new Exchange version and any other application which
requires extending the schema
So if are Schema Master Server is not available, we can’t able
to update the schema and no way this will going to affect the Active Directory
operation and the end-user
Schema Master needs to be online and ready to make a schema
change, we can plan and have more time to bring back the Schema Master Server
Domain Naming Master –
Domain Naming Master required to creating a new Domain and creating an
application partition, Like Schema Master we don’t cerate Domain and
application partition frequently
So if are Domain Naming Master Server is not available, we can’t
able to create a new Domain and application partition, it may not affect the
user, user event didn’t aware Domain Naming Master Server is down
Infrastructure Master –
Infrastructure Master updates the cross domain updates, what really
updates between Domains? Whenever user login to Domain the TGT has been created
with the list of access user got through group membership (user group
membership details) it also contain the user membership details from trusted
domain, Infrastructure Master keep this information up-to-date, it update
reference information every 2 days by comparing its data with the Global
Catalog (that’s why we don’t keep Infrastructure Master and GC in same
server)
In a single Domain and single Forest environment there is no
impact if the Infrastructure Master server is down
In a Multi Domain and Forest environment, there will be impact
and we have enough time to fix the issue before it affect the end-user
RID Master –Every
DC is initially issued 500 RID’s from RID Master Server. RID’s are used
to create a new object on Active Directory, all new objects are created with
Security ID (SID) and RID is the last part of a SID. The RID uniquely
identifies a security principal relative to the local or domain security
authority that issued the SID
When it gets down to 250
(50%) it requests a second pool of RID’s from the RID master. If RID Master Server is not available the RID
pools unable to be issued to DC’s and DC’s are only able to create a new
object depends on the available RID’s, every DC has anywhere between 250 and
750 RIDs available, so no immediate impact
PDC –
PDC required for Time sync, user login, password changes and Trust, now you
know why the PDC is important FSMO role holder to get back online, PDC role
will impact the end-user immediately and we need to recover ASAP
The PDC emulator Primary Domain Controller for backwards
compatibility and it’s responsible for time synchronizing within a domain, also
the password master. Any password change is replicated to the PDC emulator
ASAP. If a logon request fails due to a bad password the logon request is
passed to the PDC emulator to check the password before rejecting the login
request.
Tel me about Active Directory
Database and list the Active Directory Database files?
NTDS.DIT
EDB.Log
EDB.Che
Res1.log and Res2.log
All AD changes didn’t write directly to NTDS.DIT database file,
first write to EDB.Log and from log file to database, EDB.Che used to track the
database update from log file, to know what changes are copied to database
file.
NTDS.DIT: NTDS.DIT
is the AD database and store all AD objects, Default location is the %system
root%\nrds\nrds.dit, Active Directory database engine is the extensible storage
engine which us based on the Jet database
EDB.Log: EDB.Log
is the transaction log file when EDB.Log is full, it is renamed to EDB Num.log
where num is the increasing number starting from 1, like EDB1.Log
EDB.Che: EDB.Che
is the checkpoint file used to trace the data not yet written to database file
this indicate the starting point from which data is to be recovered from the
log file in case if failure
Res1.log and Res2.log: Res
is reserved transaction log file which provide the transaction log file enough
time to shutdown if the disk didn’t have enough space
What is Active Directory Domain Services ?
In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to AD DS, but the information is also applicable to Active Directory.
In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to AD DS, but the information is also applicable to Active Directory.
What is domain ?
A domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The 'domain' is simply your computer address not to confused with an URL. A domain address might look something like 211.170.469.
A domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The 'domain' is simply your computer address not to confused with an URL. A domain address might look something like 211.170.469.
What is domain controller ?
A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.
A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.
What is LDAP ?
Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.
Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.
What is KCC ?
KCC ( knowledge consistency checker ) - It generates the replication topology by specifying what domain controllers will replicate to which other domain controllers in the site. The KCC maintains a list of connections, called a replication topology, to other domain controllers in the site. The KCC ensures that changes to any object are replicated to all site domain controllers and updates go through no more than three connections. Also an administrator can configure connection objects..
Where is the AD database held ? What other folders are related to
AD?
By default AD data base is stored in c:\windows\ntds\NTDS.DIT. SYSVOL & NETLOGON are other folders related to AD DS.
By default AD data base is stored in c:\windows\ntds\NTDS.DIT. SYSVOL & NETLOGON are other folders related to AD DS.
What is the SYSVOL folder?
System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS). Network clients access the contents of the SYSVOL tree by using the NETLOGON and SYSVOL shared folders. Sysvol uses junction points-a physical location on a hard disk that points to data that is located elsewhere on your disk or other storage device-to manage a single instance store.
System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS). Network clients access the contents of the SYSVOL tree by using the NETLOGON and SYSVOL shared folders. Sysvol uses junction points-a physical location on a hard disk that points to data that is located elsewhere on your disk or other storage device-to manage a single instance store.
What is the Netlogon folder in AD DS and What is it used for?
The NETLOGON share is pointing to %SystemRoot%\sysvol\sysvol\{DOMAIN}\scripts folder on DC, and it's main purpose is for storing logon scripts.
The NETLOGON share is pointing to %SystemRoot%\sysvol\sysvol\{DOMAIN}\scripts folder on DC, and it's main purpose is for storing logon scripts.
By default %SystemRoot%\sysvol\sysvol\{DOMAIN}\scripts is empty.
When we are deployed any script via GPO that is the default location for
storing the script.
By default sysvol includes 2 folders, the scripts folder is
shared with the name NETLOGON
1.Policies - (Default location - %SystemRoot%\Sysvol\Sysvol\domain_name\Policies)
2.Scripts - (Default lcation - %SystemRoot%\Sysvol\Sysvol\domain_name\Scripts)
1.Policies - (Default location - %SystemRoot%\Sysvol\Sysvol\domain_name\Policies)
2.Scripts - (Default lcation - %SystemRoot%\Sysvol\Sysvol\domain_name\Scripts)
What are the difference between Enterprise Admins and Domain Admins
groups in AD ?
Enterprise Admins : Members of this group have full control of all domains in the forest. By default, this group is a member of the Administrators group on all domain controllers in the forest. By default, the Administrator account is a member of this group. Because this group has full control of the forest, add users with caution.
Enterprise Admins : Members of this group have full control of all domains in the forest. By default, this group is a member of the Administrators group on all domain controllers in the forest. By default, the Administrator account is a member of this group. Because this group has full control of the forest, add users with caution.
Domain Admins : Members of this group
have full control of the domain. By default, this group is a member of the
Administrators group on all domain controllers, all domain workstations, and
all domain member servers at the time they are joined to the domain. By
default, the Administrator account is a member of this group. Because the group
has full control in the domain, add users with caution.
Where are the Windows NT Primary Domain Controller (PDC) and its
Backup Domain Controller (BDC) in Server 2003 ?
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.
I am trying to create a new universal user group. Why can’t I ?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
What is LSDOU ?
It’s group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units.
It’s group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units.
Why doesn’t LSDOU work under Windows NT ?
If the NTConfig.pol file exist, it has the highest priority among the numerous policies.
If the NTConfig.pol file exist, it has the highest priority among the numerous policies.
What’s the number of permitted unsuccessful logons on Administrator
account?
Unlimited. Remember, though, that it’s the Administrator
account, not any account that’s part of the Administrators group.
What’s the difference between guest accounts in Server 2003 and
other editions?
More restrictive in Windows Server 2003.
More restrictive in Windows Server 2003.
How many
passwords by default are remembered when you check "Enforce Password
History Remembered"?
User’s last 6 passwords.
User’s last 6 passwords.
Can GC Server and
Infrastructure place in single server If not explain why ?
As a general rule, the infrastructure master should be located on a nonglobal catalog domain controller that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold.
As a general rule, the infrastructure master should be located on a nonglobal catalog domain controller that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold.
But there are exceptions to this “general rule”. Two exceptions
to the "do not place the infrastructure master on a global catalog
server" rule are:
Single domain forest:
In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
Single domain forest:
In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
Multidomain forest where every domain
controller in a domain holds the global catalog:
If every domain controller in a domain that is part of a multidomain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain.
If every domain controller in a domain that is part of a multidomain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain.
What Intrasite and Intersite Replication ?
Intrasite is the replication with in the same site & intersite the replication between sites.
Intrasite is the replication with in the same site & intersite the replication between sites.
What is
lost & found folder in ADS ?
It’s the folder where you can find the objects missed due to conflict.
Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find the OU then it will put that in Lost & Found Folder.
It’s the folder where you can find the objects missed due to conflict.
Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find the OU then it will put that in Lost & Found Folder.
What is Garbage collection ?
Garbage collection is a housekeeping process that is designed to free space within the Active Directory database. In Windows 2000 and in the original release version of Windows Server 2003, this process runs on every domain controller in the enterprise with a default lifetime interval of 12 hours. You can change this interval by modifying the garbageCollPeriod attribute in the enterprise-wide DS configuration object (NTDS).
Garbage collection is a housekeeping process that is designed to free space within the Active Directory database. In Windows 2000 and in the original release version of Windows Server 2003, this process runs on every domain controller in the enterprise with a default lifetime interval of 12 hours. You can change this interval by modifying the garbageCollPeriod attribute in the enterprise-wide DS configuration object (NTDS).
What System State data contains ?
Contains Startup files,
Registry
Com + Registration Database
Memory Page file
System files
AD information
Cluster Service information
SYSVOL Folder
Contains Startup files,
Registry
Com + Registration Database
Memory Page file
System files
AD information
Cluster Service information
SYSVOL Folder
Differences b/w Conditional Forwarding and
Stub Zones.
Ans:- Both do the same thing like forwarding the requests to
appropriate name servers who are authoritative for the domains in the queries.
However, there is difference in both, Stub Zone are Dynamic and Conditional
forwarder are static.
Conditional Forwarding – Where you want DNS
clients in separate networks to resolve each others’ names without having to
query DNS servers on the Internet, such as in the case of a company merger, you
should configure the DNS servers in each network to forward queries for names
in the other network. DNS servers in one network will forward names for clients
in the other network to a specific DNS server that will build up a large cache
of information about the other network. When forwarding in this way, you create
a direct point of contact between two networks’ DNS servers, reducing the need
for recursion.
Stub Zone– Stub-Zones
are dynamic -A stub zone is like a secondary zone in that it obtains its
resource records from other name servers (one or more master name servers). A
stub zone is also read-only like a secondary zone, so administrators can’t
manually add, remove, or modify resource records on it. But the differences end
here, as stub zones are quite different from secondary zones in a couple of
significant ways.First, while secondary zones contain copies of all the
resource records in the corresponding zone on the master name server, stub
zones contain only three kinds of resource records:
§
A copy of the SOA record for the zone.
§
Copies of NS records for all name servers authoritative for the
zone.
§
Copies of A records for all name servers authoritative for the
zone.
§
What
is GPT and GPC?
Ans:- A GPO (Group Policy Object) is a collection of Group
Policy settings, it consists of GPC and GPT.
GPC (Group Policy Container) contains the information of property of
GPO like Security Filtering, GPO Status, GPO GUID etc.
GPT (Group Policy Template) contains the data of GPO in Sysvol
folder that can be checked after the configuration of the GPO that what
settings have been configured to the client.
What
is Majority Node Set?
A majority node set is a single quorum resource, from a server
cluster perspective; however, the data is actually stored on multiple disks
across the cluster. Each cluster node stores the configuration on a local disk
it can have access to when it starts up. By default, the location is pointed to
%systemroot%\cluster\ResourceGUID
What is NLB?
NLB (Network Load Balance) is
a Microsoft implementation of clustering and load
balancing that is intended to provide high availability and high
reliability, as well as high scalability.
Difference Between Unicast and
Multicast
Unicast
Unicast is a one-to one connection between the client and the
server. Unicast uses IP delivery methods such as Transmission Control Protocol
(TCP) and User Datagram Protocol (UDP), which are session-based protocols. When
a Windows Media Player client connects using unicast to a Windows Media server,
that client has a direct relationship to the server. Each unicast client that
connects to the server takes up additional bandwidth. For example, if you have
10 clients all playing 100-kilobits per second (Kbps) streams, those clients as
a group are taking up 1,000 Kbps. If you have only one client playing the 100
Kbps stream, only 100 Kbps is being used.
Multicast
Multicast is a true broadcast. The multicast source relies on
multicast-enabled routers to forward the packets to all client subnets that
have clients listening. There is no direct relationship between the clients and
Windows Media server. The Windows Media server generates an .nsc (NetShow
channel) file when the multicast station is first created. Typically, the .nsc
file is delivered to the client from a Web server. This file contains
information that the Windows Media Player needs to listen for the multicast.
This is similar to tuning into a station on a radio. Each client that listens
to the multicast adds no additional overhead on the server. In fact, the server
sends out only one stream per multicast station. The same load is experienced
on the server whether only one client or 1,000 clients are listening
What is new in Windows 2008 AD?
Read-Only Domain Controllers
Fine-Grained Password Policies
Restartable Active Directory Service
Backup and Recovery
SYSVOL Replication with DFS-R
Auditing Improvements
UI Improvements
How to configure RODC to
replicate password of users?
Ans:- You can add users in the PASSWORD REPLICATION POLICY tab
of RODC computer properties
What
is Strict Replication?
Strict Replication is a mechanism developed by Microsoft
developers for Active Directory Replication. If a domain controller has the
Strict Replication enabled then that domain controller will not get “Lingering
Objects” from a domain controller which was isolated for more than the
TombStone Life Time. TSL is 180 days by default on a Forest created with
Windows Server 2003 SP1. A domain controller shouldn’t be outof sync for more
than this period. Lingering Objects may appear on other domain controllers if
replication happens with the outdated domain controllers. These domain
controllers will not replicate with the outdated domain controllers if you have
set the below mentioned registry key.You must set the following registry setting
on all the domain controllers to enable the Strict Replication:
§
KEY Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
§
Registry Entry: Strict
Replication Consistency
§
Value: 1
(enabled), 0 (disabled)
§
Type: REG_DWORD
What is Super Scope in DHCP?
A superscope is an administrative feature of
Dynamic Host Configuration Protocol (DHCP) servers running Windows
Server 2008 that you can create and manage by using the DHCP Microsoft
Management Console (MMC) snap-in. By using a superscope, you can group multiple
scopes as a single administrative entity. With this feature, a DHCP server can:
§
Support DHCP clients on a single physical network segment (such
as a single Ethernet LAN segment) where multiple logical IP networks are used.
When more than one logical IP network is used on each physical subnet or
network, such configurations are often called multinets.
§
Support remote DHCP clients located on the far side of DHCP and
BOOTP relay agents (where the network on the far side of the relay agent uses
multinets).
In
multinet configurations, you can use DHCP superscopes to group and activate
individual scope ranges of IP addresses used on your network. In this way, the
DHCP server can activate and provide leases from more than one scope to clients
on a single physical network.
Superscopes
can resolve specific types of DHCP deployment issues for multinets, including
situations in which:
§
The available address pool for a currently active scope is
nearly depleted, and more computers need to be added to the network. The original
scope includes the full addressable range for a single IP network of a
specified address class. You need to use another range of IP addresses to
extend the address space for the same physical network segment.
§
Clients must be migrated over time to a new scope (such as to
renumber the current IP network from an address range used in an existing
active scope to a new scope that contains another range of IP addresses).
§
You want to use two DHCP servers on the same physical network
segment to manage separate logical IP networks.
What is the requirement to
configure Full memory Dump in windows?
To generate a complete memory dump file:
1.
Click Start >
right-click Computer and
select Properties in
the menu.
2.
Click Advanced
> Settings > Startup and Recovery > Settings > Write debugging
information > Complete memory dump.
3.
Click OK twice.
4.
Which DNS record is required for Replication?
Ans:- Host A records of replication partners (Domain
Controllers), Srv Records to find out the Domain Controllers GUID in
_msdcs zone (DC Locator)
Tools to analyze Memory Dump?
Windows Debugger (WinDbg.exe) tool
Dumpchk,exe
Tools to troubleshoot Group
Policy issues?
Ans:- You can use AD inbuilt features to troubleshoot group
policy issue like RSOP.msc or can run RSOP by selecting users in Active
Directory users and computers, gpresult -v, gpt.ini in sysvol under Group Policy
GUID folder can be checked to find out the GPO settings configured
How to troubleshoot AD
replication issues?
It can be troubleshooted by repmon command that generates the error
result in eventvwr. DNS can be checked between two destination.
Network/Firewall issue
Booting sequence in windows
2008?
Here’s
the brief description of Windows Server 2008 Boot process.
1.
System is powered on
2.
The CMOS loads the BIOS and then runs POST
3.
Looks for the MBR on the bootable device
4.
Through the MBR the boot sector is located and the BOOTMGR is
loaded
5.
BOOTMGR looks for active partition
6.
BOOTMGR reads the BCD file from the \boot directory on the
active partition
7.
The BCD (boot configuration database) contains various
configuration parameters( this information was previously stored in the
boot.ini)
8.
BOOTMGR transfer control to the Windows Loader (winload.exe) or
winresume.exe in case the system was hibernated.
9.
Winloader loads drivers that are set to start at boot and then
transfers the control to the windows kernel.
How to edit Schema in AD?
Firstly, schmmgmt.dll has to be register. Then ADSIEdit
tool can be used to edit schema.
Difference between Windows 2003
& Windows 2008 boot process
Windows 2003 Boot Process:
1.POST
2.The MBR reads the boot sector which is the first sector of the active partition.
3.Ntldr looks path of os from boot.ini
4.Ntldr to run ntdedetect.com to get information about installed hardware.
5.Ntldr reads the registry files then select a hardware profile, control set and loads device
drivers.
6.After that Ntoskrnl.exe takes over and starts winlogon.exe which starts lsass.exe
2.The MBR reads the boot sector which is the first sector of the active partition.
3.Ntldr looks path of os from boot.ini
4.Ntldr to run ntdedetect.com to get information about installed hardware.
5.Ntldr reads the registry files then select a hardware profile, control set and loads device
drivers.
6.After that Ntoskrnl.exe takes over and starts winlogon.exe which starts lsass.exe
Windows
Server 2008 Boot process.
1.
System is powered on
2.
The CMOS loads the BIOS and then runs POST
3.
Looks for the MBR on the bootable device
4.
Through the MBR the boot sector is located and the BOOTMGR is
loaded
5.
BOOTMGR looks for active partition
6.
BOOTMGR reads the BCD file from the \boot directory on the
active partition
7.
The BCD (boot configuration database) contains various
configuration parameters( this information was previously stored in the
boot.ini)
8.
BOOTMGR transfer control to the Windows Loader (winload.exe) or
winresume.exe in case the system was hibernated.
9.
Winloader loads drivers that are set to start at boot and then
transfers the control to the windows kernel.
Name of utilities that is being
used to check multipathing
Ans:- FCInfo utility or Storage Explorer (windows 2008) can be
used to check the same.
How to create Host A record
remotely?
Ans:- dnscmd command can be used for creating a Resource
Record on DNS server. Below is the command:
dnscmd [<ServerName>] /recordadd <ZoneName> <NodeName> <RRType> <RRData>
What is glue record?
Name servers in delegations are
identified by name, rather than by IP address. This means that a resolving name
server must issue another DNS request to find out the IP address of the server
to which it has been referred. If the name given in the delegation is a
subdomain of the domain for which the delegation is being provided, there is
a circular dependency. In this case the name server providing the
delegation must also provide one or more IP addresses for the authoritative
name server mentioned in the delegation. This information is called glue. The delegating name server provides this glue in
the form of records in the additional section of
the DNS response, and provides the delegation in the answer section of the response.
For
example, if the authoritative name server for example.org is
ns1.example.org, a computer trying to resolve www.example.org first resolves
ns1.example.org. Since ns1 is contained in example.org, this requires resolving
example.org first, which presents a circular dependency. To break the
dependency, the name server for the top level domain org includes
glue along with the delegation for example.org. The glue records are address
records that provide IP addresses for ns1.example.org. The resolver uses one or
more of these IP addresses to query one of the domain’s authoritative servers,
which allows it to complete the DNS query.
What is Loopback Group Policy?
Ans:- Group
Policy applies to the user or computer in a manner that depends on where both
the user and the computer objects are located in Active Directory. However, in
some cases, users may need policy applied to them based on the location of the
computer object alone. You can use the Group Policy loopback feature to apply
Group Policy Objects (GPOs) that depend only on which computer the user logs on
to.
No comments:
Post a Comment