Documente Academic
Documente Profesional
Documente Cultură
Answer :
An active directory is a directory structure used on Micro-soft Windows based
servers and computers to store data and information about networks and domains.
2. Question 2. What Is Domains In Active Directory?
Answer :
In Windows 2000, a domain defines both an administrative boundary and a security
boundary for a collection of objects that are relevant to a specific group of users on a
network. A domain is an administrative boundary because administrative privileges
do not extend to other domains. It is a security boundary because each domain has a
security policy that extends to all security accounts within the domain. Active
Directory stores information about objects in one or more domains.
Domains can be organized into parent-child relationships to form a hierarchy. A
parent domain is the domain directly superior in the hierarchy to one or more
subordinate, or child, domains. A child domain also can be the parent of one or more
child domains.
System Administration Interview Questions
3. Question 3. Mention Which Is The Default Protocol Used In Directory Services?
Answer :
The default protocol used in directory services is LDAP ( Lightweight Directory
Access Protocol).
4. Question 4. What Is Mixed Mode?
Answer :
Allows domain controllers running both Windows 2000 and earlier versions of
Windows NT to co-exist in the domain. In mixed mode, the domain features from
previous versions of Windows NT Server are still enabled, while some Windows 2000
features are disabled. Windows 2000 Server domains are installed in mixed mode by
default. In mixed mode the domain may have Windows NT 4.0 backup domain
controllers present. Nested groups are not supported in mixed mode.
Windows 10 Tutorial
5. Question 5. Explain The Term Forest In Ad?
Answer :
Forest is used to define an assembly of AD domains that share a single schema for
the AD. All DC’s in the forest share this schema and is replicated in a hierarchical
fashion among them.
Windows Administration Interview Questions
6. Question 6. What Is Native Mode?
Answer :
When all the domain controllers in a given domain are running Windows 2000 Server.
This mode allows organizations to take advantage of new Active Directory features
such as Universal groups, nested group membership, and inter-domain group
membership.
7. Question 7. Explain What Is Sysvol?
Answer :
The SysVOL folder keeps the server’s copy of the domain’s public files. The contents
such as users, group policy, etc. of the sysvol folders are replicated to all domain
controllers in the domain.
Windows 10 Development Tutorial Emc Symmetrix Interview Questions
8. Question 8. What Is Ldap?
Answer :
LDAP is the directory service protocol that is used to query and update AD. LDAP
naming paths are used to access AD objects and include the following:
o Distinguished names
o Relative Distinguished names
9. Question 9. Mention What Is Kerberos?
Answer :
Kerberos is an authentication protocol for network. It is built to offer strong
authentication for server/client applications by using secret-key cryptography.
Group Policy Interview Questions
10. Question 10. Minimum Requirement For Installing Ad?
Answer :
o Windows Server, Advanced Server, Datacenter Server
o Minimum Disk space of 200MB for AD and 50MB for log files
o NTFS partition
o TCP/IP Installed and Configured to use DNS
o Administrative privilege for creating a domain in existing network
11. Question 11. Mention What Are Lingering Objects?
Answer :
Lingering objects can exists if a domain controller does not replicate for an interval
of time that is longer than the tombstone lifetime (TSL).
Wintel Administrator Interview Questions
12. Question 12. What Is Domain Controller?
Answer :
In an Active directory forest, the domain controller is a server that contains a writable
copy of the Active Directory Database participates in Active directory replication and
controls access to network resource.
System Administration Interview Questions
13. Question 13. Mention What Is Tombstone Lifetime?
Answer :
Tombstone lifetime in an Active Directory determines how long a deleted object is
retained in Active Directory. The deleted objects in Active Directory is stored in a
special object referred as TOMBSTONE. Usually, windows will use a 60- day
tombstone lifetime if time is not set in the forest configuration.
14. Question 14. Why We Need Netlogon?
Answer :
Maintains a secure channel between this computer and the domain controller for
authenticating users and services. If this service is stopped, the computer may not
authenticate users and services, and the domain controller cannot register DNS
records."
15. Question 15. Explain What Is Active Directory Schema?
Answer :
Schema is an active directory component describes all the attributes and objects that
the directory service uses to store data.
16. Question 16. What Is Dns Scavenging?
Answer :
Scavenging will help you clean up old unused records in DNS.
17. Question 17. Explain What Is A Child Dc?
Answer :
CDC or child DC is a sub domain controller under root domain controller which share
name space
18. Question 18. What Is New In Windows Server 2008 Active Directory Domain
Services?
Answer :
AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain
Controllers,Restartable Active Directory Domain Services
Windows Administration Interview Questions
19. Question 19. Explain What Is Rid Master?
Answer :
RID master stands for Relative Identifier for assigning unique IDs to the object
created in AD.
20. Question 20. Explain What Are Rodcs? And What Are The Major Benefits Of
Using Rodcs?
Answer :
Read only Domain Controller, organizations can easily deploy a domain controller in
locations where physical security cannot be guaranteed.
21. Question 21. Mention What Are The Components Of Ad?
Answer :
Components of AD includes
Logical Structure: Trees, Forest, Domains and OU.
Physical Structures: Domain controller and Sites.
22. Question 22. What Is The Number Of Permitted Unsuccessful Log Ons On
Administrator Account?
Answer :
Unlimited. Remember, though, that it’s the Administrator account, not any account
that’s part of the Administrators group.
23. Question 23. Explain What Is Infrastructure Master?
Answer :
Infrastructure Master is accountable for updating information about the user and
group and global catalogue.
24. Question 24. What Hidden Shares Exist On Windows Server 2003 Installation?
Answer :
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
Emc Symmetrix Interview Questions
25. Question 25. Can You Connect Active Directory To Other 3rd-party Directory
Services? Name A Few Options?
Answer :
Yes you can Connect Active Directory to other 3rd -party Directory Services such as
dictionaries used by SAP, Domino etc with the help of MIIS (Microsoft Identity
Integration Server).
26. Question 26. What Is The List Folder Contents Permission On The Folder In
Ntfs?
Answer :
Same as Read & Execute, but not inherited by files within a folder. However, newly
created subfolders will inherit this permission.
27. Question 27. How Do I Set Up Dns For Other Dcs In The Domain That Are
Running Dns?
Answer :
For each additional DC that is running DNS, the preferred DNS setting is the parent
DNS server (first DC in the domain), and the alternate DNS setting is the actual IP
address of network interface.
Group Policy Interview Questions
28. Question 28. Where Is Gpt Stored?
Answer :
%SystemRoot%SYSVOLsysvoldomainnamePoliciesGUID
29. Question 29. Tell Me What Should I Do If The Dc Points To Itself For Dns, But
The Srv Records Still Do Not Appear In The Zone?
Answer :
Check for a disjointed namespace, and then run Netdiag.exe /fix. You must install
Support Tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.
30. Question 30. Abbreviate Gpt And Gpc?
Answer :
GPT : Group policy template.
GPC : Group policy container.
31. Question 31. Tell Me What If My Windows 2000 Or Windows Server 2003 Dns
Server Is Behind A Proxy Server Or Firewall?
Answer :
If you are able to query the ISP's DNS servers from behind the proxy server or firewall,
Windows 2000 and Windows Server 2003 DNS server is able to query the root hint
servers. UDP and TCP Port 53 should be open on the proxy server or firewall.
32. Question 32. Explain What Is The Difference Between Local, Global And
Universal Groups?
Answer :
Domain local groups assign access permissions to global domain groups for local
domain resources. Global groups provide access to resources in other trusted
domains. Universal groups grant access to resources in all trusted domains.
33. Question 33. Do You Know What Is The "." Zone In My Forward Lookup Zone?
Answer :
This setting designates the Windows 2000 DNS server to be a root hint server and is
usually deleted. If you do not delete this setting, you may not be able to perform
external name resolution to the root hint servers on the Internet.
Wintel Administrator Interview Questions
34. Question 34. Define Lsdou?
Answer :
It’s group policy inheritance model, where the policies are applied to Local machines,
Sites, Domains and Organizational Units
35. Question 35. Define Attribute Value?
Answer :
An object's attribute is set concurrently to one value at one master, and another value
at a second master.
36. Question 36. What Is Netdom?
Answer :
NETDOM is a command-line tool that allows management of Windows domains and
trust relationships
37. Question 37. Do You Know How Kerberos V5 Works?
Answer :
The Kerberos V5 authentication mechanism issues tickets (A set of identification
data for a security principle, issued by a DC for purposes of user authentication. Two
forms of tickets in Windows 2000 are ticket-granting tickets (TGTs) and service
tickets) for accessing network services. These tickets contain encrypted data,
including an encrypted password, which confirms the user's identity to the requested
service.
38. Question 38. What Is Adsiedit?
Answer :
ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active
Directory tool lets you view objects and attributes that are not exposed in the Active
Directory Management Console.
39. Question 39. What Is Kerberos V5 Authentication Process?
Answer :
Kerberos V5 is the primary security protocol for authentication within a domain. The
Kerberos V5 protocol verifies both the identity of the user and network services. This
dual verification is known as mutual authentication.
40. Question 40. Define The Schema Master Failure?
Answer :
Temporary loss of the schema operations master will be visible only if we are trying
to modify the schema or install an application that modifies the schema during
installation. A DC whose schema master role has been seized must never be brought
back online.
41. Question 41. What Is Replmon?
Answer :
Replmon is the first tool you should use when troubleshooting Active Directory
replication issues
42. Question 42. How To Find Fsmo Roles?
Answer :
Netdom query fsmo OR Replmon.exe
43. Question 43. Describe The Infrastructure Fsmo Role?
Answer :
When an object in one domain is referenced by another object in another domain, it
represents the reference by the GUID, the SID (for references to security principals),
and the DN of the object being referenced. The infrastructure FSMO role holder is the
DC responsible for updating an object's SID and distinguished name in a cross-
domain object reference.
44. Question 44. What Are The Advantages Of Active Directory Sites?
Answer :
Active Directory Sites and Services allow you to specify site information. Active
Directory uses this information to determine how best to use available network
resources.
45. Question 45. Define Edb.chk?
Answer :
This is the checkpoint file used to track the data not yet written to database file. This
indicates the starting point from which data is to be recovered from the log file, in
case of failure.
46. Question 46. Define Edb.log?
Answer :
This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to
EDBnnnn.log. Where nnnn is the increasing number starting from 1.
47. Question 47. How To View All The Gcs In The Forest?
Answer :
repadmin.exe /options * and use IS_GC for current domain options.
nltest /dsgetdc:corp /GC
48. Question 48. How To Seize Fsmo Roles?
Answer :
ntdsutil - type roles - connections - connect servername - q - type seize role - at the
fsmo maintenance prompt - type seize rid master
49. Question 49. How To Transfer Fsmo Roles?
Answer :
ntdsutil - type roles - connections - connect servername - q - type transfer role - at the
fsmo maintenance prompt - type trasfer rid master
50. Question 50. What Is The Kcc (knowledge Consistency Checker)?
Answer :
The KCC generates and maintains the replication topology for replication within sites
and between sites. KCC runs every 15 minutes.
51. Question 51. What Is Schema Information In Active Directory?
Answer :
Definitional details about objects and attributes that one CAN store in the AD.
Replicates to all DCs. Static in nature.
52. Question 52. What Is Online Defragmentation In Active Directory?
Answer :
Online Defragmentation method that runs as part of the garbage collection process.
The only advantage to this method is that the server does not need to be taken
offline for it to run. However, this method does not shrink the Active Directory
database file (Ntds.dit).
53. Question 53. What Is Ads Database Garbage Collection Process?
Answer :
Garbage Collection is a process that is designed to free space within the Active
Directory database. This process runs independently on every DC with a default
lifetime interval of 12 hours.
54. Question 54. Define Res1.log And Res2.log?
Answer :
This is reserved transaction log files of 20 MB (10 MB each) which provides the
transaction log files enough room to shutdown if the other spaces are being used.
55. Question 55. What Is Domain Information In Active Directory?
Answer :
Object information for a domain. Replicates to all DCs within a domain. The object
portion becomes part of GC. The attribute values only replicates within the domain.
56. Question 56. What Is Lightweight Directory Access Protocol?
Answer :
LDAP is the directory service protocol that is used to query and update AD. LDAP
naming paths are used to access AD objects and include the following:
o Distinguished names
o Relative Distinguished names
57. Question 57. How Will You Verify Whether The Ad Installation Is Proper With
Srv Resource Records?
Answer :
Verify SRV Resource Records: After AD is installed, the DC will register SRV records in
DNS when it restarts. We can check this using DNS MMC or nslookup command.
58. Question 58. What Is Ntds.dit?
Answer :
This is the AD database and stores all AD objects. Default location is SystemRoot
%ntdsNTDS.DIT.
Active Directory's database engine is the Extensible Storage Engine which is based
on the Jet database and can grow up to 16 TB.
59. Question 59. What Is Ntds.dit Schema Table?
Answer :
The types of objects that can be created in the Active Directory, relationships
between them, and the attributes on each type of object. This table is fairly static and
much smaller than the data table.
60. Question 60. Mention What Is The Difference Between Domain Admin Groups
And Enterprise Admins Group In Ad?
Answer :
Enterprise Admin Group :
Members of this group have complete control of all domains in the forest By default,
this group belongs to the administrators group on all domain controllers in the forest
As such this group has full control of the forest, add users with caution
Domain Admin Group :
Members of this group have complete control of the domain By default, this group is
a member of the administrators group on all domain controllers, workstations and
member servers at the time they are linked to the domain As such the group has full
control in the domain, add users with caution
Active Directory (AD) Real Time Interview Questions
and Answers
I would like to share some of the Windows Active Directory Interview Questions
and answers, will start with basic questions and continue with L1, L2, L3 level
questions
Also Read: Windows Server Administrator Interview Questions and Answers
What is Active Directory?
Active Directory (AD) is a directory service developed by Microsoft and used to
store objects like User, Computer, printer, Network information, It facilitates to
manage your network effectively with multiple Domain Controllers in different
location with AD database, able to manage/change AD from any Domain
Controllers and this will be replicated to all other DC’s, centralized
Administration with multiple geographical locations and authenticates users and
computers in a Windows domain
What is LDAP and how the LDAP been used on Active Directory(AD)?
http://www.windowstricks.in/ldap-and-ldap-query
What is Tree?
What is Domain?
Domain Controller is the server which holds the AD database, All AD changes get
replicated to other DC and vise vase
What is Forest?
Forest consists of multiple Domain trees. The Domain trees in a forest do not
form a contiguous namespace however share a common schema and global
catalog (GC)
What is Schema?
Active Directory schema is the set of definitions that define the kinds of object
and the type of information about those objects that can be stored in Active
Directory
Schema Master
Infrastructure Master
RID Master
PDC
Schema Master and Domain Naming Master are the forest-wide roles and only
available one on each Forest, Other roles are Domain-wide and one for each
Domain
Most armature administrators pick the Schema master role, not sure why maybe
they though Schema is very critical to run the Active Directory
The correct answer is PDC, now the next question why? Will explain role by role
what happens when an FSMO role holder fails to find the answer
Schema Master – Schema Master needed to update the Schema, we don’t update
the schema daily right, when will update the Schema? While the time of
operating system migration, installing a new Exchange version and any other
application which requires extending the schema
So if are Schema Master Server is not available, we can’t able to update the
schema and no way this will going to affect the Active Directory operation and
the end-user
Schema Master needs to be online and ready to make a schema change, we can
plan and have more time to bring back the Schema Master Server
So if are Domain Naming Master Server is not available, we can’t able to create a
new Domain and application partition, it may not affect the user, user event
didn’t aware Domain Naming Master Server is down
The PDC emulator Primary Domain Controller for backward compatibility and it’s
responsible for time synchronizing within a domain, also the password master.
Any password change is replicated to the PDC emulator ASAP. If a login request
fails due to a bad password the login request is passed to the PDC emulator to
check the password before rejecting the login request.
Tel me about Active Directory Database and list the Active Directory Database
files?
NTDS.DIT
EDB.Log
EDB.Chk
All AD changes didn’t write directly to NTDS.DIT database file, first write to
EDB.Log and from the log file to the database, EDB.Chk used to track the
database update from the log file, to know what changes are copied to the
database file.
NTDS.DIT: NTDS.DIT is the AD database and stores all AD objects, the Default
location is the %system root%\nrds\nrds.dit, Active Directory database engine is
the extensible storage engine which is based on the Jet database
EDB.Log: EDB.Log is the transaction log file when EDB.Log is full, it is renamed
to EDB Num.log where num is the increasing number starting from 1, like
EDB1.Log
EDB.Che: EDB.Che is the checkpoint file used to trace the data not yet written to
database file this indicates the starting point from which data is to be recovered
from the log file in case if failure
Res1.log and Res2.log: Res is reserved transaction log file which provides the
transaction log file enough time to shut down if the disk didn’t have enough
space
What RAID configuration can be used in Domain Controllers?
http://www.windowstricks.in/2010/07/recommended-raid-configuration-and-
disk.html
Can we keep OS, log files, SYSVOL, AD database on same logical Disk?
http://www.windowstricks.in/2010/07/recommended-raid-configuration-and-
disk.html
Active Directory partition is how and where the AD information logically stored.
DN Location is CN=Configuration,DC=Domainname,DC=com
Domain Partitions – object information for a domain like a user, computer, group,
printer, and other Domain-specific information. Replicates to all domain
controllers within a domain
Sysvol share not sharing – Maybe a replication issue, please event log got more
information
D2 is the default method for restoring SYSVOL and occurs automatically when
you do a non-authoritative restore of the Active Directory
When you non-authoritatively restore the SYSVOL, the local copy of SYSVOL on
the restored domain controller is compared with that of its replication partners.
After the domain controller restarts, it replicates any necessary changes,
bringing it up-to-date with the other domain controllers within the domain.
Tel me about Authoritative restore of SYSVOL or D4 restore
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\B
ackup/Restore\Process at Startup
BurFlags
4 Comments
Many of my blog readers are asked to share couple of real time scenarios from
my past experience to preparing for an Windows and Active
Directory interview, list of articles from my previous post, read and understand
to face the interview confidently
Other real time issues and solutions, Printer, User Profile and
Account lockout
Account lockout
How to resolve the Print Spooler service crash issue (Print spooler service is not
running)
How to find the domain controller that contains the lingering object
Reconfigure roaming profile folder and home folder permission for all the users