IT Interview Questions and Answers: September 2013

Monday, September 30, 2013

How do you create a new application directory partition?

Use the DnsCmd command to create an application directory partition. To do this, use the following syntax:

DnsCmd ServerName /CreateDirectoryPartition FQDN of partition

To create an application directory partition that is named CustomDNSPartition on a domain controller that is named DC-1, follow these steps:

· Click Start, click Run, type cmd, and then click OK.

· Type the following command, and then press ENTER:

dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com When the application directory partition has been successfully created, the following information appears: DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed successfully.

What are application directory partitions?

Application Directory Partition is a partition space in Active Directory which an application can use to store that application specific data. This partition is then replicated only to some specific domain controllers. The application directory partition can contain any type of data except security principles (users, computers, groups).

Talk about all the AD-related roles in Windows Server 2008/R2.

Windows Server 2008 has five Active directory related roles. below are the list

Active Directory Domain Services (Identity): AD DS it provides the functionality of an identity and access (IDA) solution for enterprise networks. It also provides the mechanisms to support, manage, and configure resources in distribution network environments.
Active Directory Lightweight Directory Services (Applications): AD LDS formerly known as Active directory application mode (ADAM), provides support for directory-enabled applications.
Active Directory Certificate Services (Trust): AD CS to set up a certificate authority for issuing digital certificates as a part of a public key infrastructure (PKI) that binds the identity of a person, device or service to corresponding private key. Certificates can be used to authenticate users and computers, provide web-based authentication, support smart card authentication, and support application, including secure wireless n/w, vpn, Ipsec, EFS, and more.
Active Directory Rights management Services (Integrity): AD RMS is an information-protection technology that enables you to implement persistent usage policy templates (for documents) that define allowed and unauthorized use whether online, offline, inside, or outside the firewall.
Active Directory Federation Services (Partnership): AD FS enable an organization to extend IDA across multiple platforms, including both window and non-windows environments, and to project identity and access rights across security boundaries to trusted partners.

What is the SYSVOL folder?

All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition.

Where is the AD database held?

The AD database is stored in c:\windows\ntds\NTDS.DIT.

What is BridgeHead Server in AD ?

A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.

How to look at the Schema ?

c:\windows\system32>regsvr32 schmmgmt.dll

Open mmc --> add snapin --> add Active directory schema

name it as schema.msc

Open administrative tool --> schema.msc

What is LSDOU ?

It's group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.

Which is service in your windows is responsible for replication of Domain controller to another domain controller?

KCC generates the replication topology.

Use SMTP / RPC to replicate changes.

What Intrasite and Intersite Replication ?

Intrasite is the replication with in the same site & intersite the replication between sites.

What is lost & found folder in ADS ?

It's the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn't find the OU then it will put that in Lost & Found Folder.

What are System State data contains ?

1. Contains Startup files

2. Registry

3. Com + Registration Database

4. Memory Page file

5. System files

6. AD information

7. Cluster Service information

8. SYSVOL Folder

What are the DS* commands ?

The following DS commands: the DS family built in utility .

1. DSmod - modify Active Directory attributes.

2. DSrm - to delete Active Directory objects.

3. DSmove - to relocate objects

4. DSadd - create new accounts

5. DSquery - to find objects that match your query attributes.

6. DSget - list the properties of an object

Difference between LDIFDE and CSVDE?

CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info.

LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor, however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects.

How do you create a new application partition ?

Use the DnsCmd command to create an application directory partition.

To do this, use the following syntax:

DnsCmd ServerName /CreateDirectoryPartition FQDN of partition

Can you connect Active Directory to other 3rd-party Directory Services? Name a few options?

Yes, you can use dirXML or LDAP to connect to other directories. In Novell you can use E-directory.

What are the logical components of Active Directory ?

Domains, Organizational Units, trees and forests are logical components of Active Directory.

What is group nesting ?

Adding one group as a member of another group is called 'group nesting'. This will help for easy administration and reduced replication traffic.

What is Active Directory Recycle Bin ?

Active Directory Recycle bin is a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backed up AD database, rebooting domain controller or restarting any services.

What is RODC ? Why do we configure RODC ?

Read only domain controller (RODC) is a feature of Windows Server 2008 Operating System. RODC is a read only copy of Active Directory database and it can be deployed in a remote branch office where physical security cannot be guaranteed. RODC provides more improved security and faster log on time for the branch office.

How do you check currently forest and domain functional levels? Say both GUI and Command line.

To find out forest and domain functional levels in GUI mode, open ADUC, right click on the domain name and take properties. Both domain and forest functional levels will be listed there. TO find out forest and domain functional levels, you can use DSQUERY command.

Which version of Kerberos is used for Windows 2000/2003 and 2008 Active Directory ?

All versions of Windows Server Active Directory use Kerberos 5.

Name few port numbers related to Active Directory ?

Kerberos 88, LDAP 389, DNS 53, SMB 445.

Explain the process between a user providing his Domain credential to his workstation and the desktop being loaded? Or how the AD authentication works?

When a user enters a user name and password, the computer sends the user name to the KDC. The KDC contains a master database of unique long term keys for every principal in its realm. The KDC looks up the user's master key (KA), which is based on the user's password. The KDC then creates two items: a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expiration time. The KDC encrypts this ticket by using its own master key (KKDC), which only the KDC knows. The client computer receives the information from the KDC and runs the user's password through a one-way hashing function, which converts the password into the user's KA. The client computer now has a session key and a TGT so that it can securely communicate with the KDC. The client is now authenticated to the domain and is ready to access other resources in the domain by using the Kerberos protocol.

Which FSMO role directly impacting the consistency of Group Policy?

PDC Emulator.

One easiest way to check all the 5 FSMO roles ?

Use netdom query /domain:YourDomain FSMO command. It will list all the FSMO role handling domain controllers.

Describe the process of working with an external domain name ?

If it is not possible for you to configure your internal domain as a subdomain of your external domain, use a stand-alone internal domain. This way, your internal and external domain names are unrelated. For example, an organization that uses the domain name contoso.com for their external namespace uses the name corp.internal for their internal namespace.

The advantage to this approach is that it provides you with a unique internal domain name. The disadvantage is that this configuration requires you to manage two separate namespaces. Also, using a stand-alone internal domain that is unrelated to your external domain might create confusion for users because the namespaces do not reflect a relationship between resources within and outside of your network.

In addition, you might have to register two DNS names with an Internet name authority if you want to make the internal domain publicly accessible.

When should you create a forest?

Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.

How long does it take for security changes to be replicated among the domain controllers?

Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).

What is Global Catalog?

The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.

Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003?

The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.

How to Select the Appropriate Restore Method?

You select the appropriate restore method by considering:

Circumstances and characteristics of the failure. The two major categories of failure, From an Active Directory perspective, are Active Directory data corruption and hardware failure.

Active Directory data corruption occurs when the directory contains corrupt data that has been replicated to all domain controllers or when a large portion of the Active Directory hierarchy has been changed accidentally (such as deletion of an OU) and this change has replicated to other domain controllers.

What is forests ?

A collection of one or more domain trees with a common schema and implicit trust relationships between them. This arrangement would be used if you have multiple root DNS addresses.

What is domain tree ?

Domain Trees: A domain tree comprises several domains that share a common schema and configuration, forming a contiguous namespace. Domains in a tree are also linked together by trust relationships. Active Directory is a set of one or more trees.

Trees can be viewed two ways. One view is the trust relationships between domains. The other view is the namespace of the domain tree.

What are the FSMO roles?

Flexible Single Master Operation (FSMO) role. Currently there are five FSMO roles:

· Schema master

· Domain naming master

· RID master

· PDC emulator

· Infrastructure master

Sunday, September 29, 2013

How many root DNS servers are available in the world

How can you forcibly remove AD from a server, and what do you do later? ? Can I get user passwords from the AD database?

Dcpromo /forceremoval , an administrator can forcibly remove Active Directory and roll back the system without having to contact or replicate any locally held changes to another DC in the forest. Reboot the server then After you use the dcpromo /forceremoval command, all the remaining metadata for the demoted DC is not deleted on the surviving domain controllers, and therefore you must manually remove it by using the NTDSUTIL command.

In the event that the NTDS Settings object is not removed correctly you can use the Ntdsutil.exe utility to manually remove the NTDS Settings object. You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active Directory Users and Computers.

What is the port no of Global catalog ?

3268

What is the port no of Kerberos ?

Trying to look at the Schema, how can I do that ?

c:\windows\system32>regsvr32 schmmgmt.dll

Open mmc â€“> add snapin â€“> add Active directory schema

name it as schema.msc

Open administrative tool â€“> schema.msc

What is sites ? What are they used for ?

One or more well-connected (highly reliable and fast) TCP/IP subnets.

A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.

A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets.

Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.

If a computer is configured with a default gateway address, should the same address be used as the DNS server IP address ?

It is not mandatory. The DNS server IP address can be any value provided the computer has access to it.

Name two methods by which DNS can be configured on a computer.

It can be manually configured on the TCP/IP adapter or by a DHCP server.

A user opens the browser and types the IP address of the web server on which a website is hosted. Is DNS protocol involved during the scenario?

The DNS protocol is used to resolve the website name into the corresponding IP address. In this case, since the IP address is already known, DNS protocol is not required and is not involved in the scenario.

Which port does a DNS Server Use?

· UDP port 53

What are the requirements for installing AD on a new server?

· The Domain structure.

· The Domain Name .

· Storage location of the database and log file.

· Location of the shared system volume folder.

· DNS config Methode.

· DNS configuration.

How does a computer know to which DNS server it has to send the request?

The DNS server IP address is configured on the TCP/IP adapter setting of the computer. With this information, the computer knows the DNS server to which the request has to be sent.

In a LAN network should the DNS server be inside the network or can it reside on the internet?

The DNS server can reside anywhere as long as the computers and devices requiring DNS service have network access to it.

On a network, should the DNS server IP address be configured on the computer or the internet router for users to browse the internet?

The DNS server IP address should be configured on the computer for the users to browse the internet.

Is the DNS protocol involved when a user's pings a website name?

Yes it is involved. When the user pings the website name, a DNS request packet is sent to the DNS server which would then respond with the IP address of the web server on which the website is hosted.

What is REPADMIN ?

This command-line tool assists administrators in diagnosing replication problems between windows domain controllers. Administrators can use Repadmin to view the replication topology as seen from the perspective of each domain controller.

What is a Tree ?

A set of Active Directory domains that share a common namespace and are connected by a transitive two-way trust.

What is Resource Record?

Resource Record (RR) is a DNS entry that specifies the availability of specific DNS services. For Example, an MX record specifies the IP address of a mail server, and Host (A) records specify the IP addresses of workstations on the network.

What is RPC protocol?

A protocol RPC (Remote Procedure Call) used to allow communications between system processes on remote computers. The RPC protocol is used by the Active Directory for intrasite replication.

What is the difference between local, global and universal groups ?

Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.

Explain different zone involved in DNS Server?

DNS has two different Zones Forward Lookup Zone and Reverse Lookup Zone. Those two Zones are categorized into three zones and are as follows:

Primary zone: It contains the read and writable copy of the DNS Database.

Secondary Zone: It acts as a backup for the primary zone and contains the read only copy of the DNS database.

Stub zone: It is also read-only like a secondary zone; stub zone contains only SOA, copies of NS and A records for all name servers authoritative for the zone.

What is File Replication Service (FRS)

File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain controllers and distributed file system shared folders. This service is a part of Microsoft's Active Directory Service.

What are the benefits of AD integrated DNS?

A few advantages that Active Directory-integrated zone implementations have over standard primary zone implementation are :

Active Directory replication is faster, which means that the time needed to transfer zone data between zones is farless.
The Active Directory replication topology is used for Active Directory replication, and for Active Directory- integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated.

What is Active Directory Schema?

The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest. It also contains formal definitions of every attribute that can exist in an Active Directory Object.

What is a site?

Active directory sites are physical location on the network’s physical topology. A site typically represents one or more IP subnet that are connected by IP routers. A site allows administrator to configure active directory access and replication topology to take advantage of the physical network.

What is DNS Zones?

A DNS zone is a portion of the DNS namespace over which a specific DNS server has authority.

What is global catalog?

The Global Catalog acts as a domain controller that store object data and manages queries about objects and there most common attributes. The global catalog provide data that permits network logon and query GC for any information needed.

What is the purpose of replication in AD?

The purpose of replication is to distribute the data stored within the directory throughout the organization for increased availability, performance, and data protection. Systems administrators can tune replication to occur based on their physical network infrastructure and other constraints.

What is the use of LDAP?

LDAP is designed to allow for the transfer of information between domain controllers and to allow users to query information about objects within the directory.

What System State data contains?

1. Contains Startup files,

2. Registry

3. Com + Registration Database

4. Memory Page file

5. System files

6. AD information

7. Cluster Service information

8. SYSVOL Folder

What is Garbage collection?

Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours.

What is lost & found folder in ADS ?

It’s the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happened ADS didn’t find the OU then it will put that in Lost & Found Folder.

What is LSDOU?

It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.

What is the use of SYSVOL folder?

The SYSVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the SYSVOL folder are replicated to all domain controllers in the domain.

Where is the AD database held? What other folders are related to AD?

The AD data base is store in c:\windows\ntds\NTDS.DIT.

What is LDAP?

Lightweight Directory Access Protocol. LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.

What is domain controller?

A Domain controller (DC) is a server that store directory data and manage communication between user and domain including user login process, security authentication and directory search within the Windows Server domain.

What is domain?

A domain is a logical group of computer hosts and sub domains, registered with a unique name by the Inter NIC. User need only to log in to the domain to gain access to the network resources.

What is Active Directory?

Active Directory is a database which stores a data base like user information, computer information , group and also other network object info. It has capabilities to manage and administer the complete Network which connect with AD.

What hidden shares exist on Windows Server 2003 installation?

Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?

The computer settings take priority.

Where is GPT stored?

%System Root%\SYSVOL\sysvol\domain name\Policies\GUID

What are GPT and GPC?

Group policy template and group policy container.

Where are group policies stored?

%SystemRoot%System32\Group Policy

What is the difference between DNS in Windows 2000 & Windows 2003 Server?

We can rename or moved the domain name without rebuilding in windows 2003 server, but in windows 2000 server, we can't do that.

What is Page File and Virtual Memory?

Page File Is Storage Space For The Virtual Memory, Page File Uses Hard Disk Space As a Memory To Provide Memory Allocation...

How do you configure mandatory profiles?

Rename ntuser.dat to ntuser.man

We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of it.

The server must be authorized first with the Active Directory.

I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254... What happened?

The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).

Friday, September 27, 2013

You are administering a network connected to the Internet. Your users complain that everything is slow. Preliminary research of the problem indicates that it takes a considerable amount of time to resolve names of resources on the Internet. What is the most likely reason for this?

DNS Issues

Describe how the DHCP lease is obtained.

It’s a four-step process consisting of (a) IP request, (b) IP offer, (c) IP selection and (d) acknowledgement.

By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address?

Create a record in DNS Server

You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that?

Configure Group Policy based on OU.

Name a few benefits of using GPMC.

GPMC is used to customize group policy.
It is easy to maintain different OU policy effectively.
Provide option to take backup and restore group policy.

Name some OU design considerations.

It is used to design an organization structure, Restrict user’s visibility and to delegate control.

Explain About Global Catalog.

Global catalog contains a complete replica of all objects in Active Directory for its Host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.

What is lmhosts files?

The lmhosts files are a computer file used in an operating system to map NetBIOS name. It is equivalent that of WINS.

What is “hosts” files?

The hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is traditionally named hosts.

What is maximum Size of file system NTFS and FAT32?

NTFS - 16TB
FAT32 - 4GB

What is the difference between Dynamic Disk and Basic Disk?

Basic Disk: Basic Disk uses a partition table to manage all partitions on the disk, and it is supported by DOS and all Windows versions. A disk with installed OS would be default initialized to a basic one. A basic disk contains basic volumes, such as primary partitions, extended partition, and all logical partitions are contained in extended partition.

Dynamic Disk: Dynamic Disk is supported in Windows 2000 and later operating system. Dynamic disks do not use a partition table to track all partitions, but use a hidden database (LDM) to track information about dynamic volumes or dynamic partitions on the disk. With dynamic disks you can create volumes that span multiple disks such as spanned and striped volumes, and can also create fault-tolerant volumes such as mirrored volumes and RAID 5 volumes. Compared to a Basic Disk, Dynamic Disk offers greater flexibility.

How client server communication takes place in WSUS server?

Using Web Server or Web Services

What is WSUS?

WSUS is Windows Software Update Services. It is server provided by Microsoft free of cost to manage patches for windows environment centralized.

Explain the difference between Patches and Service pack.

Patches are fixes, updates or enhancements for a particular program whereas service packs include a collection.

Explain the protocol involved in ADC replication.

Explain FRS in detail

Explain Secure Dynamic Updates in DNS Server.

Only when installing active directory and DNS in the same server (AD Integrated Zones) we can select Secure Dynamic Updates. Then all the records will automatically be updated in DNS. Since all the information is validated in active directory there will not be any duplicate or unwanted records.

Monday, September 30, 2013

Sunday, September 29, 2013

Friday, September 27, 2013

Search This Blog

Followers

Blog Archive

Labels

Subscribe To

Archivo del blog