1.

Windows 2003 vs Windows 2008

o
o
o
o
o
o
o
o
o
o
o
o
o

1.
o
o
o
o

1.
o
o

1.
o
o
o
o
o
o
o
o
o
o
o
o
o
o

1.
o
o
o
o
o

1.
o
o
o
o

RODC
WDS instead of RIS
Services have been changed as roles - server manager
Introduction of hyper V- only on 64 bit versions
Enhanced event viewer
Bitlocker feature
Server core installation without GUI
MMC 3.0, with three pane view
Key management services(KMS) to activate Windows OS without connecting to Microsoft site
Performance enhancement using technologies like Windows SuperFetch,ReadyBoost and
Readydrive
Windows Aero user interface
Instant search
Support for IPv6 in DNS
ESX vs ESXi
ESXi has no service console which is a modified version of RHEL
ESXi is extremely thin hence results in fast installation + fast boot
ESXi can be purchased as an embedded hypervisor on hardware
ESXi has builtin server health status check
ESXi 4.1 vs ESXi 5.0 - Migration
Local upgrade from CD
VMware update manager (only supports upgrade of ESX/ESXi 4.x to ESXi 5.0)
ESXi 4.1 vs ESXi 5.0 - Features
vSphere Auto deploy
Storage DRS
HA - Primary/secondary concept changed to master/slave
Profile driven storage
VMFS version - 3 5
ESXi firewall
VMware hardware version - 7 8
VMware tools version - 4.1 5
vCPU - 8 32
vRAM - 256 1 TB
VMs per host - 320 512
RAM per host - 1TB 2TB
USB 3.0 support
vApp
FSMO roles
Schema Master
Domain naming master
Infrastructure master
PDC Emulator
RID master
GPO
GPO
Templates (ADMX)
Block inheritance
Enforced

o Loopback policy

1. Forest and Domain concepts

1. OSI layer
o Application Layer
o Presentation Layer
o Sessions Layer
o Transport Layer
o Network Layer
o DataLink layer
o Physical Layer
1. ASA - site to site VPN
1. HA 5.0
o Uses an agent called FDM - Fault domain manager
o HA now talks directly to hostd instead of using vcenter agent vpxa
o Master/slave concept
o Master
monitors availability of hosts/VMs
manages VM restarts after host failure
maintains list of all VMs in each host
restarting failed VMs
exchanging state with vcenter
monitor state of slaves
o Slave
monitor running VMs and send status to master and performs restart on request from master
monitors master node health
if master fails, participates in election
o Two different heartbeat mechanisms - Network heartbeat and datastore heartbeat
o Network heartbeat
Sends between slave and master per second
When slave is not receiving heartbeat from master, checks whether it is isolated or master is
isolated or has failed
o Datastore heartbeat
To distinct between isolation and failure
Uses Power On file in datastore to determine isolation
This mechanism is used only when master loses network connectivity with hosts
2 datastores are chosen for this purpose
o Isolation response
PowerOff
Leave Powered On
Shutdown
1. vMotion
o vMotion enables live migration of running virtual machines from one host to another with zero
downtime
o Prerequisites
i. Host must be licensed for vMotion
ii. Configure host with at least one vMotion n/w interface (vmkernel port group)
iii. Shared storage (this has been compromised in 5.1)
iv. Same VLAN and VLAN label
v. GigaBit ethernet network required between hosts
vi. Processor compatibility between hosts
vii. vMotion does not support migration of applications clustered using Microsoft clustering service
viii. No CD ROM attached
ix. No affinity is enabled
x. vmware tools should be installed
1. RAID

o Redundant Array of Independent disks

o A category of disk drives that uses 2 or more drives in a combination for redundancy and

performance
o Most common RAIDs: RAID 0(Striped), RAID 1(Mirroring), RAID 5

1. Backup types
o Backup types
i. Full backup - Will take the backup of all selected files and reset the archive bit
ii. Copy backup - Will take the backup of all selected files but does not reset the archive bit
iii. Incremental backup - Will take the backup of files whose archive bits are set and resets it after
backup
iv. Differential backup - Will take the backup of files whose archive bits are set but does not reset it
after backup
1. 2003 2008 migration
o Can be done only by logging in to Windows 2003 server
o Min of Windows 2003 SP1 required
o Can be migrated only to same version, except for Windows server 2003 standard which can be
migrated to either standard or enterprise
o Extra space of 30 GB required prior migration
o Cannot upgrade to server core
o Perform forestprep and domainprep to 2008 using 2008 cd before migrating. (Copy sources/adprep
folder for this)
1. ESXi update manager
1. Global Catalog
o Global catalog (GC) is a role handled by domain controllers in an Active directory model.
o The global catalog stores a full copy of all objects in the directory for its host domain and a partial
copy of all objects for all other domains in the forest.
o Partial copy refers to the set of attributes that are most used for searching every object in every
domain.
o All domain controllers can be promoted as a GC.
o GC helps in faster search of AD objects.
o The replicas that are replicated to the global catalog also include the access permissions for each
object and attribute.
o If you are searching for an object that you do not have permission to access, you do not see the
object in the list of search results. Users can find only objects to which they are allowed access.
o Global catalog server clients depend on DNS to provide the IP address of global catalog servers.
DNS is required to advertise global catalog servers for domain controller location.
o By default, first DC of in a forest will be a global catalog server
1. Basic networking concepts
1. RODC
o New feature in Windows 2008
o Only have the read only copy of directory database
o RODC will have all the objects of a normal DC in read only mode. But this doesnt include
passwords. RODC does not store password of accounts.
o Updates are replicated to RODC by writable DC
o Password caching : A feature which enables RODC to cache password of the logged in users.
o Password Replication Policy: Determines whether the password can be cached or not.
o DNS can be integrated with RODC but will not directly register client updates. For any DNS
change, the RODC refers the client to DNS server that hosts a primary or AD integrated zone
1. NAS vs SAN
o Both used as storage solution
o NAS can be used by any device connected using LAN whereas SAN is used only by server class
devices with SCSI
o NAS is file based whereas SAN is block based storage
o NAS is cheap while SAN is expensive
o SAN is comparatively faster than NAS

1. What is DRS? Types of DRS

o Distributed Resource Scheduler
o It is a feature of a cluster
o DRS continuously monitors utilization across the hosts and moves virtual machines to balance the
computing capacity
o DRS uses vMotion for its functioning
o Types of DRS
i. Fully automated - The VMs are moved across the hosts automatically. No admin intervention
required.
ii. Partially automated - The VMs are moved across the hosts automatically during the time of VM
bootup. But once up, vCenter will provide DRS recommendations to admin and has to perform it
manually.
iii. Manual - Admin has to act according to the DRS recommendations
1. DRS prerequisites
o Shared storage
o Processor compatibility of hosts in the DRS cluster
o vMotion prerequisites
1. vMotion is not working. What are the possible reasons?
o Ensure vMotion is enabled on all ESX/ESXi hosts
o Ensure that all vmware pre requisites are met
o Verify if the ESXi/ESX host can be reconnected or if reconnecting the ESX/ESXi host resolves the
issue
o Verify that time is synchronized across environment
o Verify that the required disk space is available
1. What happens if a host is taken to maintenance mode
o Hosts are taken to maintenance mode during the course of maintenance
o In a single ESX/ESXi setup, all the VMs need to be shutdown before getting into maintenance
mode
o In a vCenter setup If DRS is enabled, the VMs will be migrated to other hosts automatically.
o

1. How will you clone a VM in an ESXi without vCenter

o Using vmkftools
o Copy the vmdk file and attach to a new VM
o Using VMware converter
1. Explain traverse folder
o Allows or denies moving through a restricted folder to reach files and folders beneath the restricted
folder in the folder hierarchy.
o Traverse folder takes effect only when the group or user is not granted the "Bypass traverse
checking user" right in the Group Policy snap-in. This permission does not automatically allow
running program files.
1. Maximum number of LUNs that can be attached to a host (ESXi 5.0)
o 256
1. Maximum number of vCPUs that can be assigned to a VM (ESXi 5.0)
o 32
1. What are the uses of ntdsutil tool?
o Some of the main uses of ntdsutil tool
i. Authoritative Restore - Authoritatively restores the Active Directory database or AD LDS instance
ii. ifm - Create installation media for writable and RODC setups (Offline DC provisioning)
iii. metadata cleanup - Cleans up objects of decommissioned servers
iv. roles - Transfers and seizes operations master roles
v. set DSRM password - Resets DSRM administrator password
vi. snapshot - Manages snapshots of the volumes that contain the Active Directory database and log
files
1. FSMO roles and its failure scenarios

o http://www.systemadminguide.in/2013/07/fsmo-roles-in-nutshell.html

1. IPv6 addresses and its DNS record

o 128 bit address
o Represented as 8 groups of 4 hexadecimel digits seperated by colons
o Represented by AAAA record in DNS
o Uses DHCP v6 for addressing
1. Loadbalancer vs Clustering
o Clustering
i. Cluster is a group of resources that are trying to achieve a common objective, and are aware of one
another.
ii. Clustering usually involves setting up the resources (servers usually) to exchange details on a
particular channel (port) and keep exchanging their states, so a resources state is replicated at
other places as well.
iii. It usually also includes load balancing, wherein, the request is routed to one of the resources in the
cluster as per the load balancing policy
o Load Balancing
i. Used to forward requests to either one server or other, but one server does not use the other
servers resources. Also, one resource does not share its state with other resources.
1. Software installation using group policy
o This can be done using 2 methods
i. Assigning
ii. Publishing
o Assign :
i. If you assign the program to a user, it is installed when the user logs on to the computer. When the
user first runs the program, the installation is completed.
ii. If you assign the program to a computer, it is installed when the computer starts, and it is available
to all users who log on to the computer. When a user first runs the program, the installation is
completed.
o Publish :
i. You can publish a program distribution to users.
ii. When the user logs on to the computer, the published program is displayed in the Add or Remove
Programs dialog box, and it can be installed from there.
o msi packages are used for installation. Normal exe would not work.
o Windows cannot install the software while the user is already logged on. The user need to log off
and log in
1. Group policy security filtering for users. Which all users are in there by default. Members of
Authenticated Users group
o Security filtering is a way of refining which users and computers will receive and apply the
settings in a Group Policy object (GPO)
o In order for the GPO to apply to a given user or computer, that user or computer must have both
Read and Apply Group Policy (AGP) permissions on the GPO, either explicitly, or effectively
through group membership
o By default, all GPOs have Read and AGP both Allowed for the Authenticated Users group.
o The Authenticated Users group includes both users and computers. This is how all authenticated
users receive the settings of a new GPO when it is applied to an organizational unit, domain or site
1. Relevance of host file and its location
o Came before the concept of DNS
o An FQDN is first checked in Host file
o Location : C:\Windows\System32\Drivers\etc
1. L3 switch vs Routers
o L3 switches just have the ethernet ports only whereas the routers have WAN interfaces
o QoS is not available with L3 switches whereas in routers it can be enabled
o Routers have expansion slots and cards that allow them to use different media types, like serial
connections for T1 and T3 circuits
o Routers are more intelligent in handling packets

o L3 switches does not support NAT

1. VLAN vs Subnet
o VLAN works at layer 2 while subnet is at layer 3
o Subnets are more concerned about IP addresses.
o VLANs bring more network efficiency
o Subnets have weaker security than VLANs as all the subnet uses the same physical network
1. Contents of System state backup
o Registry
o COM+ Class Registration database
o Boot files, including the system files
o System files that are under Windows File Protection
o Active Directory directory service (If it is domain controller)
o SYSVOL directory (If it is domain controller)
o Cluster service information (If it is a part of a cluster)
o IIS Metadirectory (If it is an IIS server)
o Certificate Services database (If it is a certificate server)
1. Incremental vs Differential backups
o Incremental backup - Will take the backup of files whose archive bits are set and resets it after
backup
o Differential backup - Will take the backup of files whose archive bits are set but does not reset it
after backup
1. Robocopy
o Microsoft tool used for copying files effectively
o It has plenty of options to manage the copy process
1. How do you patch microsoft applications? Frequency of patches released by Microsoft
o The Microsoft applications can be patched using WSUS
o In WSUS, we can create several computer groups to manage this patch process.
o MS patches are released once in a month
1. Explain GPO, GPC & GPT
o GPO - Group Policy Object : Refers to the policy that is configured at the Active Directory level
and is inherited by the domain member computers. You can configure a GPO at the site level,
domain level or OU level. GPO stores policy settings in two locations GPC and GPT
o GPO behaviour : Local Policy > Site GPO > Domain GPO > OU GPO > Child OU GPO
o GPC - Group Policy Container :This is the AD portion of the group policy. This can be viewed
using ADSI edit. It stores version information, status information, and other policy information.
When you create a new GPO, an AD object of class groupPolicyContainer gets created under the
System\Policies container within your AD domain
o GPT - Group Policy Template : The GPT is where the GPO stores the actual settings. It stores
software policy script, and deployment information.
o GPT is stored in SYSVOL share (\\DomainNameHere\SYSVOL\Policies) whereas GPC is stored
in the AD
1. What is CPU affinity in VMware? Its impact on DRS?
o CPU refers to a logical processor on a hyperthreaded system and refers to a core on a nonhyperthreaded system
o By setting CPU affinity for each VM, you can restrict the assignment of VMs to a subset of
available processors
o The main use of setting CPU affinity is when there are display intensive workloads which requires
additional threads with vCPUs.
o DRS will not work with CPU affinity
http://frankdenneman.nl/2011/01/11/beating-a-dead-horse-using-cpu-affinity/
1. VMversion 4 vs VMversion 7
o Version 4

i.
ii.
iii.
iv.
v.
vi.
o

i.
ii.
iii.
iv.
v.
vi.
1.
o
o
o

Runs on ESX 3.x

Max supported RAM 64 GB
Max vCPUs 4
MS cluster is not supported
4 NICs/VM
No USB Support
Version 7
Runs on vSphere 4.x
Max supported RAM 256 GB
Max vCPUs 8
MS cluster is supported
10 NICs/VM
USB support
What happens to the VMs if a standalone host is taken to maintenance mode?
In case of standalone servers , VMware recommends that VMs should be powered off before
putting the server in maintenance mode
If we put the standalone host in maintenance mode without powering off the VMs, it will remain in
the entering maintenance mode state until the VMs are all shutdown
When all the VMs are powered down, the host status changes to under maintenance
http://pubs.vmware.com/vsphere-4-esxvcenter/index.jsp#using_drs_clusters_to_manage_resources/c_using_maintenance_mode.html

1. What is new in Windows server 2012

o Server core improvements: no need of fresh installation, you can add/remove GUI from server
manager
o Remotely manage servers , add/remove roles etc using Server manager-manage 2008 and 2008 R2
with WMF 3.0 installation, installed by default in Server 2012
o Remote server administration tools available for windows 8 to manage Windows server 2012
infrastructure
o Powershell v3
o Hyper-V 3.0
i. supports upto 64 processors and 1 TB RAM per virtual machine
ii. upto 320 logical hardware processors and 4 TB RAM per host
iii. Shared nothing live migration, move around VMs without shared storage
o ReFS(Resilient file system), upgraded version of NTFS- supports larger file and directory sizes.
Removes the 255 character limitation on long file names and paths, the limit on the path/filename
size is now 32K characters!
o Improved CHKDSK utility that will fix disk corruptions in the background without disruption
1. How does the backup software recognize that a file has changed since last backup?
o The files use a bit called archive bit for tracking any change in the file.
o The backup softwares normally checks the archive bit of the file to determine whether the file has
to be backed up or not
1. How can you edit a vm template?
o The VM templates cannot be modified as such
o First , the VM template have to be converted to a virtual machine
o After making necessary machines in the virtual machine, convert the virtual machine back to
template
1. VMware configuration maximums
ESXi 5.5

ESXi 5.1

64
1 TB

64
1 TB

ESXi 5.0

ESXi 4.x

32
1 TB

8
255 GB

VMs
vCPU
RAM

vNIC
VMDK size

10
62 TB

10
1 TB

Logical CPU
Memory
LUNs
LUN size
Virtual Machines

320
4 TB
256
64 TB
512

160
2 TB
256
64 TB
512

10
1 TB

10
2 TB for 8MB block

160
2 TB
256
64 TB
512

160
1 TB
256
64 TB
320

Hosts

1. What is the major difference between Windows server 2008 and windows server 2012 in
terms of AD promotion?
In Win 2012, dcpromo has been depreciated. In order to make a Windows server 2012 to a
domain controller, the ADDS service has to be installed from the server manager. After
installation, run the post-deployment configuration wizard from server manager to promote the
server as AD
1. VMware hardware version comparison

1.

What is vSAN?
o

2.

Recommended iSCSI configuration?

o

3.

A separate vSwitch, and a separate network other than VMtraffic network for iSCSI traffic.
Dedicated physical NICs should be connected to vSwitch configured for iSCSI traffic.

What is iSCSI port binding ?

o

4.

It is a hypervisor-converged storage solution built by aggregating the local storage attached to

the ESXi hosts managed by a vCenter.

Port binding is used in iSCSI when multiple VMkernel ports for iSCSI reside in the same
broadcast domain and IP subnet, to allow multiple paths to an iSCSI array that broadcasts a
single IP address.

iSCSI port binding considerations ?

o

Array Target iSCSI ports must reside in the same broadcast domain and IP subnet as the
VMkernel port.

All VMkernel ports used for iSCSI connectivity must reside in the same broadcast domain and
IP subnet.

5.

6.

7.

All VMkernel ports used for iSCSI connectivity must reside in the same vSwitch.

Currently, port binding does not support network routing.

Recommended iSCSI configuration of a 6 NIC infrastructure ? (Answer changes as per the

infrastructure requirements)
o

2 NICs for VM traffic

2 NICs for iSCSI traffic

1 NIC for vMotion

1 NIC for management network

Post conversion steps in P2V

o

Adjust the virtual hardware settings as required

Remove non present device drivers

Remove all unnecessary devices such as serial ports, USB controllers, floppy drives etc..

Install VMware tools

Which esxtop metric will you use to confirm latency issue of storage ?
o

8.

What are standby NICs

o

9.

2.

2.

1.

Most Recently Used (MRU)

2.

Fixed

3.

Round Robin

Which networking features are recommended while using iSCSI traffic

o

iSCSI port binding

Jumbo Frames

Ports used by vCenter

vmware-cmd

Which is the command used in ESXi to view live performance data?

o

8.

ESX Admins

Which is the command used in ESXi to manage and retrieve information from virtual machines ?
o

7.

When the guest OS is first installed in the VM

The active directory group, where the members will be ESXi administrators by default.
o

6.

Users assigned with the 'No Access' role for an object, cannot view or change the object in any
way

When is a swap file created

o

5.

80,443,902

What is 'No Access' role

o

4.

These adapters will only become Active if the defined Active adapters have failed.

Path selection policies in ESXi

o
3.

esxtop --> d --> DAVG

esxtop

Command line tool used in ESXi to manage virtual disk files?

o

vmkfstools

9.

Port used for vMotion

o

8000

10. Log file location of VMware host

o

\var\log\vmware

11. Can you map a single physical NIC to multiple virtual switches ?
o

No

12. Can you map a single virtual switch to multiple physical NICs?
o

Yes. This method is called NIC teaming.

13. VMKernel portgroup can be used for:

o

vMotion

Fault Tolerance Logging

Management traffic

14. Major difference between ESXi 5.1 and ESXi 5.5 free versions
o

Till ESXi 5.1 free version there was a limit to the maximum physical memory to 32 GB. But
from 5.5 onwards this limit has been lifted.

15. What is IPAM server in Windows server 2012?

o

IPAM is IP Address Management server in Windows Server 2012. It enables central

management of both DHCP and DNS servers. It can also be used to discover, monitor, and
audit DHCP and DNS servers.

16. How to promote a server to domain controller in Windows server 2012?

o

DCPROMO was the conventional tool used to promote a normal server to DC. This is now
deprecated in Server 2012.

In Server 2012, you can convert a server into DC using the server manager console. Under
Server Manager, add a new role "Active Directory Domain Services"

Scenario
You have a single vmdk file of 200 GB and it has two logical volumes C & D with 100 GB each. Suppose you
need to add another 100 GB to the D drive making it 200 GB. What would you do ?
The steps are simple and straight forward.

Change the VMDK size using vSphere client to 300 GB (Exisiting 200 GB + required space).

Log in to the VM and ensure that the added disk space is available to the VM as 'Unallocated' space

Execute the below commands in command prompt

o

diskpart

list volume

select volume <volume id>

extend

Issue

When you boot your Windows 2008 R2 OS, the machine gets halted with a blue screen error. The
error will have the below information:
DRIVER_IRQL_NOT_LESS_OR_EQUAL
Technical Information:
*** STOP: 0x000000D1 (Some address values)
*** tcpip.sys Address information

Cause
This issue was addressed by Microsoft and as per them, this issue occurs because the TCP/IP driver does not
check whether a variable is NULL before accessing it.
They have released a hotfix for this issue. The hotfix is available here.
Resolution
As said earlier, Microsoft have a hotfix available for this issue. Below are the steps I followed to get it resolved.

For any system boot issues, take a note of the BSOD error information and try to boot using Last
Known Good Configuration Mode (Use F8 button during bootup to avail this option). [This resolved
the issue for me ]

If the step 1 did not resolve the issue, download the hotfix to a network location and boot the
machine in Safe Mode with Networking mode.

Assign an IP address and copy the hotfix to your machine.

When you try to install the hotfix, you will stuck up with the below information

Windows could not start the Windows Installer service on Local Computer.
Error 1084: The service cannot be started in Safe Mode.
In safe mode, only the essential Windows services will be started. If we try to start these services manually, you will
end up with the above notification again. This requires a registry tweak.

To enable the Windows installer in normal Safe Mode run the below:

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer" /VE /T

REG_SZ /F /D "Service"
Use Minimal instead of Network, if you booted in the normal Safe Mode.

To install Microsoft updates, the Windows Update service should be running. But
unfortunately this service also requires a tweak to get running. Run the below command :

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wuauserv" /VE /T

REG_SZ /F /D "Service"

Now you are all set to install the hotfix. Once installed, restart your machine.

Issue:

he memory usage of SQL servers is always a hot topic among the system administrators. Any system
administrator who handles a SQL server in their environment would have definitely faced this issue.
Before going on to the memory monitoring of SQL, we should have answers to the below questions :
1.

What does SQL do with the memory ?

2.

Does it handle memory in the same way as other applications do ?

SQL server uses memory for :

Caching raw data

Working on your queries

Caching execution plans

The memory management of SQL is different when compared to other applications. SQL is an application with
intense I/O operations. Since I/O operations on disk is time consuming, the SQL server uses 'Buffer
Management' mechanism.
Buffer management has two mechanisms :

'Buffer manager' to access and update database pages

'Buffer cache/pool' to reduce database file I/O

Buffer manager is responsible for handling all read/write operations in the buffer, whereas the normal select,
update etc..operations are handled by the database manager.
So when does a system administrator confirms that a memory upgrade is required?
There are performance counters which helps system administrator on this. Will discuss about the main
performance counters for analyzing this. (Performance monitors can be accessed by running 'perfmon' in run)
SQLServer:Buffer Manager
Buffer cache hit ratio
Represents the percentage of pages found in the buffer cache without having to read from disk. A higher value
for BCHR normally represents a better memory management. When this value dips, we should upgrade the
RAM. The value is expected to be 100%.
Page life expectancy
This metric represents the number of seconds a page will stay in the buffer pool without references. In other
words, this amount represents cached raw data. Higher the value, better it is. The metric is measured in secs. As
a thumb rule, the value should be above 300s.
SQLServer:SQL Statistics
Batch requests/sec
This metric represents the number of batch requests the server is receiving per second. In other words, how busy
is my sql server due to incoming requests.
Compilations/sec
This value represents the number of times SQL Server compiles an execution plan per second. We cannot judge
the performance with this metrix alone. The performance is deteremined when this metric is compared with
Batch requests/sec. As a thumb rule, if the value is less than 10% of the Batch requests/sec, then the
performance is desirable. Whereas if the sql server is forced to compile more than 10% of Batches requests/sec
then we should understand that there is not enough memory to store the execution plans and we should consider
a memory upgrade.
For example: If your Batch requests/sec is 2000 and if your compilations/sec is less than 200 , then the value is
desirable.
SQLServer:Memory Manager
Memory grants pending
Represents the number of queries that are waiting for memory before they can even start. Any value greater than
0 represents a memory issue.
Target Server Memory
This metric represents the ideal amount of memory the server can consume. This value is almost equal to the
RAM (if no limit is set using the SQL management studio).
Total server memory
This metric represents the amount of memory the server has committed using the memory manager. This
counter shows what is actually used and the value will be low upon starting, and will increase gradually as the
SQL server brings pages to its buffer pool and finally reaches a steady state. When this reaches steady state, this
will be almost equivalent to the Target Server Memory. Once it reaches the steady state, the value is not

expected to dip. If this dips, it represents the memory deallocation due to memory requirement from OS or other
applications. If this value is higher than target, then your server could benefit from additional RAM.
All these counters are just direction pointers. Please don't rely on one counter alone to confirm the requirement
of memory upgrade.
Issue:

As a system administrator it is quite often that you would experience disk space issues in OS. Most
often, the culprit would be Recycle Bin space.
When a user deletes a file, it is moved to Recycle Bin (Unless this is done with Shift key pressed).
Recycle Bin is specific to user profiles and therefore when we empty recycle bin, all the contents of
the particular user's recycle bin gets emptied.
How can we empty recycle bin of all users ?

rd /s c:\$Recycle.Bin
Change the drive letters according to your configuration.
Issue:
Active Directory Tombstone
When an object is removed from Active Directory, it is said to be tombstoned. Tombstone is
something which a Domain Controller uses to notify other Domain Controllers about an object
deletion.
The object which is tombstoned will be retained in AD for a specific amount of time defined by the
TombStone Lifetime (TSL). When an object is tombstoned, the object is moved to a special
container named Deleted Objects and will be invisible to normal directory operations.
Within the TSL, the object can be retreived anytime which is called as Tombstone reanimation. But
the retrieved object will lose some of its properties like its group membership details.
After TSL, the garbage collection process which runs every 12 hours deletes the object permanently
from Active Directory
Find TSL for your domain

1.

Open adsiedit.msc

2.

Select Configuration partition

3.

Right click CN=Directory Service and select Properties

4.

In the Attribute column look for tombstoneLifetime value

This value will be the TSL for your domain. If the value is <Not Set>, the TSL will be the default
value for that server class.
Default TSL
Windows 2000
Windows 2003 SP1

- 60 days
- 180 days

Windows 2003 R2
- 60 days
Windows 2008 and above - 180 days

Issue:
Software installation using group policy

This can be done in 2 methods

Assigning

Publishing

Assign :
If you assign the program to a user, it is installed when the user logs on to the computer. When the
user first runs the program, the installation is completed.
If you assign the program to a computer, it is installed when the computer starts, and it is available
to all users who log on to the computer. When a user first runs the program, the installation is
completed.
Publish :
You can publish a program distribution to users.
When the user logs on to the computer, the published program is displayed in the Add or Remove
Programs dialog box, and it can be installed from there.
MSI packages are used for installation, normal exe will not work.
Windows cannot install the software while the user is already logged on. The user need to log off
and log in

GPO, GPC & GPT

GPO - Group Policy Object : Refers to the policy that is configured at the Active Directory level and
is inherited by the domain member computers. You can configure a GPO at the site level, domain
level or OU level. GPO stores policy settings in two locations GPC and GPT
GPO behaviour : Local Policy > Site GPO > Domain GPO > OU GPO > Child OU GPO
GPC - Group Policy Container :This is the AD portion of the group policy. This can be viewed using
ADSI edit. It stores version information, status information, and other policy information. When
you create a new GPO, an AD object of class groupPolicyContainer gets created under the
System\Policies container within your AD domain
GPT - Group Policy Template : The GPT is where the GPO stores the actual settings. It stores
software policy script, and deployment information.
GPT is stored in SYSVOL share (\\DomainName\SYSVOL\Policies) whereas GPC is stored in the AD
Authoritative and Non Authoritative restoration
Non Authoritative Restore

Non-Authoritative restore brings back the DC to its state at the time of backup.

After the restoration, other DCs will replicate with the newly restored DC with the changes occurred
after the backup.

This method is mainly used when a DC fails due to hardware/software issue.

Non-Authoritative restore is performed in Directory Service Restore Mode (DSRM).

Authoritative Restore

Authoritative restore is to help administrators to revert or undo any change made in AD mainly caused
by human errors

The most common example is the restoration of a deleted object.

When an Authoritative restoration of an object is done, the version number of all attributes of that
object will be incremented thereby making it authoritative.

After restoration, as with the non authoritative restore, the restored DC contacts other DCs and the
newly restored object will be replicated to the other DCs due to its higher version number which makes
it appear to be more recent.

Authoritative restore makes use of ntdsutil tool for restoration.

Authoritative restore is performed in Directory Service Restore Mode (DSRM).

How to restore ?

First and foremost, a genuine backup should be there. Take the backup after installing Windows Server
Backup feature.

The account should have domain admin privilege

Restart the server in DSRM

Open Command prompt and execute the below command to get the list of available backups :
o

Once you get the list of available backups, restore using the below command:
o

wbadmin get versions

wbadmin start systemstaterecovery -version:<version id of the backup to be used>

Now you have completed the non authoritative restore of AD

If you want to authoritatively restore an object (testuser) follow the below steps as well in DSRM:

In command prompt type ntdsutil and press Enter

activate instance NTDS

Authoritative restore

Now restore the deleted object using the below command

Restore Object CN=Testuser,CN=Users,DC=testdomain,DC=com

Restart the DC

Issue:

SYSVOL Explained:

What is Sysvol ?

Sysvol is a special folder which is available in C:\Windows\SYSVOL directory in all domain

controllers within the domain. This special folder contains the domain's Group Policy settings, default
profiles and logon/logoff/startup/shutdown scripts.

When a user login to a client machine, it pulls all the group policy settings and logon scripts available
at its local DC's SYSVOL folder. For this reason, this folders keeps on replicating between each other
either using DFS-R (Distributed File System Replication Service) or the primitive FRS (File
Replication Service). Sysvol directory can be accessed using :
\\domain-name\SYSVOL or
\\DC-name\SYSVOL

Contents of SYSVOL

If you access the location C:\Windows\SYSVOL, you will see 4 folders - domain, staging, staging
areas & sysvol.

First we will discuss about, sysvol and domain folders. The folder 'sysvol' is a Junction Point (a kind
of soft link) to the folder 'domain'. That means the actual contents will be in 'domain' folder whereas
'sysvol' acts as a fake folder where you could browse as a normal folder.

Sysvol is the folder where you end up when you access \\domain name\SYSVOL or \\DC
name\SYSVOL. This folder contains Policies, scripts & StarterGPOs folders.

Policies folder contains all the group policy objects in the domain. For every new GPOs, a new folder
with unique GUID will be created in this folder. These are called Group Policy Templates (GPT). If
you make any changes to a particular group policy, the changes are made in this folder. Scripts folder
contains all scripts used.

Now comes the staging folder and staging areas.

Staging folder acts like a queue for changed files and folders which needs to be replicated to other
sysvols in the domain. This change will be normally due to some group policy changes. In short, the
folder will be empty if there are no group policy updates. Once the update is replicated the contents in
this folder will be deleted as well.