• Feed RSS

Monday, July 17, 2017

Millions of Microsoft e-books for free

Microsoft eBook Giveaway: Millions of Microsoft e-books available for free download
This is the time of year again when Microsoft is giving away millions of e-books for free, this includes books for Windows servers, SQL Server, SCCM, exchange, PowerShell, Azure Cloud and etc.

Please make use of this opportunity and download any required e-book.

Checkout below MSDN blog for the list of available books/download links,

Posted by at No comments:

Friday, March 13, 2015

Migrating Active Directory Domain Controller from Windows Server 2003 to Windows Server 2008

In a nutshell, we will perform the following:
  1. Raise Domain Functional Level
  2. Prepare your current Windows 2003 Active Directory for Windows Server 2008 domain controllers.
  3. Then, we will need to setup the server ELMAJ-DC2K8 as an additional domain controller, read my previous article Setting Up an Additional Domain Controller With Windows Server 2008 to know the steps required to setup an additional domain controller.
  4. Transfer FSMO roles to the Windows Server 2008 Domain Controller

So lets starts :
  1. Raise Domain Functional Level
    We need to configure the domain to run in native mode, this is done by:
  • On the Windows Server 2003 Domain Controller, run Active Directory User and Computers snap-in by clicking on Start > Administrative Tools > Active Directory User and Computers
  • Right Click the Domain Name node, then click on Raise Domain Functional Level



    If you have Windows 2000 Active Directory domain controllers then choose Windows 2000 native, if you do not have any Windows 2000 Active Directory domain controllers and all of your domain controllers are Windows Server 2003, then choose Windows Server 20003. I don't have any Windows 2000 Active Directory domain controllers, so using the drop down list, I will select Windows Server 2003 and then click theRaise button. 


  • A warning message will be displayed, informing you that the changes cannot be reversed. Click OK


  • A confirmation message will be displayed stating that the functional level was raised successfully. Click OK 


  • Close Active Directory User and Computers snap-in

  1. Prepare current Windows 2003 Active Directory
  • Before you can have a 2008 server domain controller in your existing 2003 domain, we will need to prepare both the Forest Level and the Domain level, this is done by running the following commands on the Windows Server 2003 Domain Controller.
  • Insert the Windows Server 2008 DVD inside the Windows Server 2003 DVD Drive
  • Open Command Prompt, this is done by Clicking on Start > Run > type CMD > click OK

  • Type D:\sources\adprep\adprep /forestprep (Where D: is the drive of your Windows 2008 DVD)



    Click Enter



    Read the warning message, in my lab I don't have any Windows 2000 Active Directory Domain Controllers, so I can simply skip this by typingC and then press Enter, else quite the Forest Preparation step and upgrade Windows 2000 Active Directory Domain Controller(s) to SP4, then run forestperp again.



  • After Forest preparation is completed successfully, run the Domain preparation command

    Inside CMD, type     D:\sources\adprep\adprep /domainprep (Where D: is the drive of your Windows 2008 DVD)

    If you have not Raised the Domain Functional Level from Windows 2000 Mixed to Windows 2000 Native or Windows 2003 as was illustrated earlier in step # 1, then you will receive the following error message after you run domainprep command:



    If you did raise the domain functional level, adprep will successfully update the domain-wide information

  • Although adprep /domainprep will update the domain-wide information, you can still run the last command adprep /domainprep /gpprep
    Inside CMD, type D:\sources\adprep\adprep /domainprep /gpprep  (Where D: is the drive of your Windows 2008 DVD)



    As you can see, Domain-wide information has already been updated when we ran the domainprep command,     as no Group Policy Object (GPO) updates needed, or GPO information has already been updated.

  1. Setting Up an Additional Domain Controller with Windows Server 2008

    Now that Windows Server 2003 Active Directory has been prepared for Windows Server 2008 Domain Controllers, its time to Set Up an Additional Domain Controller With Windows Server 2008 and set it as a Global Catalog. If you already have an additional Windows Server 2008 domain controller and you want to check if it is a Global Catalog or not,

  2. Transfer FSMO roles to the Windows Server 2008 Domain Controller

    The last step in migrating a domain controller, is transferring the FSMO roles to the new domain controller.

With all the previous four major steps, you will successfully be able to migrate your old Windows Server 2003 Domain controller to Windows Server 2008. 


Summary
Upgrading Windows Server 2003 domain controller to a Windows Server 2008 domain controller is an easy process if you follow the required steps carefully. The process consist of four major steps and they are : raising the domain level, preparing active directory for Windows Server 2008 domain controllers, setting a Windows Server 2008 as an additional global catalog domain controller and then transferring the FSMO Roles.
Now, you can simply demote the Windows Server 2003 domain controller, if you no longer need it.
Posted by at No comments:

Sunday, February 24, 2013

Job Description of Windows L3 Administrator

Windows System Admin (Level 3) Skills: Windows Admin 2008, VmWare, AD, Exchange and Citrix Primarily responsible to handle Windows Servers, Microsoft AD and exchange infrastructure. Candidate should be experienced and capable to administer, control, and generally provide support to AD and Exchange. Experience in Planning and Execution of Migration of Active Directory & Microsoft Exchange. Experience on Design, Deployment & Administration of overall Microsoft technologies. Technical Skills: • Minimum 5 years’ experience on Design, Deployment & Administration of Active Directory 2003 / 2008 & Exchange 2003 / 2010 • Hands on experience on Disaster recovery of Active Directory 2003 / 2008 & Microsoft Exchange 2003 / 2010 • Experience on Monitoring of Active Directory 2003 / 2008 and Microsoft Exchange 2003 / 2010 • Experience on Planning and Execution of Migration of Active Directory & Microsoft Exchange. • Experience on Design, Deployment & Administration of AD-RMS. • Experience on Design, Deployment & Administration of SCSM, SCCM & SCOM. • Experience on Design, Deployment & Administration of OCS and Lync. • Experience on Design, Deployment & Administration of ISA and TMG/Forefront • Experience on Design, Deployment & Administration of IAS / IIS / DNS / DHCP/Terminal servers. • Experience on SharePoint administration. • Experience on Design, Deployment & Administration of virtualization (Hyper-V) • Experience on Design, Deployment & Administration on PKI. • Experience on SQL server administration and Symantec Enterprise vault administration is preferred. • Experience on Windows Server 2003 32 bit and 64 bit and above preference towards Windows Server 2008 - strongly preferred • Experience on Vmware Vsphere • Experience on Citrix Presentation Server 4 and above, preference towards Presentation Server 4.5 and/or XENAPP 5.0 • Experience on XenDesktop 4 or 5 • Eexperience on application installation and how it interacts with the Citrix Application (registry, file system, etc). • Knowledge and working experience on PowerShell / Scripts. • Knowledge and working experience on Blackberry BES. • Knowledge and Experience on Citrix is preferred. • Basic Core Networking (Routing & Switching) knowledge and experience is preferred. Responsibilities: • Overall duties will include identifying and resolving issues within the scope of Microsoft domain, planning and executing and participation in Disaster Recovery exercises. • Perform upgrades, patching and other core administrative functions. • Perform capacity planning related to exchange database growth and system utilization, trend analysis and predicting future requirements. • Maintain documentation of configuration, administration and maintenance procedures according to program requirements. • Assisting in and monitor policies, procedures and standards relating to AD / Exchange and other Microsoft applications’ administration • Initiate the Inquiry/purchase requirements with department & project approvals. • Interact with procurement in processing the purchase and invoice proceedings. • Analyze problem areas, interpret operational needs and develop a creative solution. • Work in cross functional team to perform analysis, design, testing and implementation. Ensure technical information and ideas are understandable to target audiences .Keep the system current with changing technologies. • Work closely with other departmental entities and provide comprehensive support Provide technical support to • all end users and keep them updated about the options. • Perform other related duties incidental to the work described in support of the department. • Develop reports reflecting all the necessary fields and maintain the usage, capacity management, health check and monitor reports. • Perform other related duties incidental to the work described in support of the department. • Should be having the capacity to design/plan lead the projects. • Ability to utilize SCOM & other Microsoft System Center products to monitor & configure both physical and virtual systems.
Posted by at No comments:

Sunday, February 3, 2013

DNS Interview Questions


DNS Interview Questions


DNS Interview Questions And Answers

1.What is DNS?
Domain Naming Services or System: - used for resolving host names to IPs and IPs to Host Names.

2.What is NBNS?
NetBIOS Naming System, ex. - WINS, 2k access resources using DNS naming Conventions

3.What is a Forward Lookup?
Resolving Host Names to IP Addresses

4.What is Reverse Lookup?
It's a file contains host names to IP mapping information.

5.What is a Resource Record?
It is a record provides the information about the resources available in the N/W infrastructure.

6.What are the diff. DNS Roles?
Standard Primary, Standard Secondary, & AD Integrated.

7.What is a Zone?
Zone is a sub tree of DNS database.

8.What is primary, Secondary, stub & AD Integrated Zone?
Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder. Maintains a read, write copy of zone database
Secondary Zone: - maintains a read only copy of zone database on another DNS server. Provides fault tolerance and load balancing by acting as backup server to primary server.
Stub zone: - contains a copy of name server and SOA records used for reducing the DNS search orders. Provides fault tolerance and load balancing.

9.What does a zone consist of & why do we require a zone?
Zone consists of resource records and we require zone for representing sites.

10.What is Caching Only Server?
When we install 2000 & 2003 server it is configured as caching only server where it maintains the frequently accessed sites information and again when we access the same site for next time it is obtain from cached information instead of going to the actual site.

11.What is forwarder?
When one DNS server can't receive the query it can be forwarded to another DNS once configured as forwarder.

12.What is secondary DNS Server?
It is backup for primary DNS where it maintains a read only copy of DNS database.

13.How to enable Dynamic updates in DNS?
Start>Program>Admin tools> DNS >Zone properties.

14.What are the properties of DNS server?
INTERFACES, FORWARDERS, ADVANCED, ROUTINGS, SECURITY, MONITORING, LOGGING, DEBUG LOGGING.

15.Properties of a Zone?
General, SOA, NAMESERVER, WINS, Security, and ZONE Transfer.

16.What is scavenging?
Finding and deleting unwanted records.

17.What are SRV records?
SRV are the service records, there are 6 service records. They are useful for locating the services.

18.What are the types of SRV records?
MSDCS:Contains DCs information
TCP:Contains Global Catalog, Kerberos & LDAP information.
UDP:Contains Sites information
Sites:Contains Sites information
Domain DNS Zone:Conations domain's DNS specific information
Forest DNS zone:Contains Forest's Specific Information.

19.Where does a Host File Reside?
c:\windows\system32\drivers\etc.

20.What is SOA?
Start of Authority: useful when a zone starts. Provides the zone startup information

21.What is a query?
A request made by the DNS client to provide the name server information.

22.What are the diff. types of Queries?
Recursion, iteration

23.Tools for troubleshooting DNS?
DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs, PM.

Posted by at 1 comment:

Tuesday, January 8, 2013

Troubleshoot 10 common Exchange problems

1.Users cannot access server. – If you users can not access your Exchange system, but your system and Exchange services are running, there are several possible explanations. The first thing to check is that your network is responding properly. If users do have lost network connectivity, you will need to check their overall connectivity status, connectivity to other servers on the same switch as the Exchange server, also check the network controller in your Exchange system and verify that the system has connectivity to elsewhere on your network. Another possible reason for users not being able to connect to your Exchange system is if your Active Directory has stopped authenticating users. If your users cannot authenticate, then they will not be able to log into your Exchange system.




2.User’s messages are disappearing from their mailbox. – If messages are disappearing from users mailbox, one common cause of this is the auto archive feature in Outlook. This happens when the PST file being archived to becomes corrupt. To correct this you must find the PST, and run the ScanPST.exe tool (included with Outlook) to repair the PST file.



3.A user’s account was mistakenly deleted from Active Directory, and now they cannot access their mail. – If a users account has been deleted from Active Directory, their association to their mailbox is deleted. Normally, you can just right click the mailbox in Exchange System Manager and reconnect the mailbox to a new account. If this option is not available, you may need to run the Mailbox Cleanup on the Information Store containing the mailbox.



4.Outgoing mail is not being delivered, and is stuck in your queue. – If your outgoing mail is not being delivered, and is stuck in your queue, the first corrective action you should take is to restart your SMTP service. If this does not work, you should check your DNS resolution. Perform an nslookup (with type=mx) on your mail server, and see if you can resolve several domains you commonly exchange mail with. If you cannot pull MX records for those domains, then you should perform and IPCONFIG /FLUSHDNS to flush your DNS cache. If this does not work, then you will need to begin troubleshooting your DNS infrastructure.



5.Mail is not being delivered to a Distribution List – If you have one (or more) distribution lists that are not receiving mail that is being sent to them, you need to check that the group type in Active Directory has not been changed from the group type Distribution to the group type Security.



6.Mail to a certain user is not being delivered, and a trace shows it as stopping at the step “Submitted to Categorizer” – If you have a message that is not being delivered, and a trace shows that it never goes past the step “Submitted to Categorizer” it shows that Exchange is unable to determine what should be done with the mail. One common cause of this, is that the message is being sent to a users contact. If this is the case, delete the contact and recreate it. This will often correct the problem, as the contact has become corrupt.



7.Some users passwords are rejected when attempting to access your system through IMAP – If a users password contains a special ASCII character (such as ½), they will not be able to access IMAP. Passwords must contain only standard characters and symbols to access IMAP.



8.SMTP Service keeps crashing. – If you SMTP service keeps crashing, the first thing you should do is to empty your mail queues, then restart the service. Many times a corrupt piece of mail will cause the service to crash when it attempts to process it.   Reference  Link : http://www.techrepublic.com/i/tr/downloads/home/troubleshoot_10_common_exchange_problems.pdf
Posted by at No comments:

Friday, December 28, 2012

Active Directory Interview Questions Answers

Answer for Active Directory Interview Questions

 

  1.  Active Directory enables single sign on to access resources on the network such as desktops, shared files, printers etc. Active Directory provides advanced security for the entire network and network resources.  Active Directory is more scalable and flexible for administration.
  2. Functional levels help the coexistence of Active Directory versions such as, Windows NT, Windows 2000 Server, Windows Server 2003 and Windows Server 2008. The functional level of a domain or forest controls which advanced features are available in the domain or forest. Although lowest functional levels help to coexist with legacy Active Directory, it will disable some of the new features of Active Directory. But if you are setting up a new Active Directory environment with latest version of Windows Server and AD, you can set to the highest functional level, thus all the new AD functionality will be enabled.
  3. Windows Server 2003 Domain Functional Levels: Windows 2000 mixed (Default), Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003.
    Forest Functional Levels: Windows 2000 (default), Windows Server 2003 interim, Windows Server.
  4. Windows Server 2008 Domain Functional Levels: Windows 2000 Native, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2.
    Forest Functional Levels: Windows 2000, Windows Server 2008, Windows Server 2008 R2.
  5.  It is possible to take a backup copy of existing Domain Controller, and restore it in Windows Server machine in the remote locations with slower WAN link.
  6.  Active Directory is designed for Server Operating System, and it cannot be installed on Windows 7.
  7. Windows Server Operating System. Free hard disk space with NTFS partition. Administrator's privilege on the computer. Network connection with IP address, Subnet Mask, Gateway and DNS address. A DNS server, that can be installed along with first Domain Controller. Windows Server intallation CD or i386 folder.
  8. Flexible Single-Master Operation (FSMO) roles,manage an aspect of the domain or forest, to prevent conflicts, which are handled by Single domain controllers in domain or forest. The tasks which are not suited to multi-master replication, There are 5 FSMO roles, and Schema Master and Domain naming master roles are handled by a single domain controller in a forest, and PDC, RID master and Infrastructure master roles are handled by a single domain controller in each domain.
  9. Infrastrcture master role is a domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly.Intrastrcuture master does not have any functions to do in a single domain environment.If the Domain controller with Infrastructure master role goes down in a single domain environemt, there will be no impact at all. Where as, in a complex environment with multiple domains, it may imact creation and modification of groups and group authentication.
  10. Schema Master role and Domain Naming Master role.
  11. PDC Emulator
  12. You should be a member of Enterprise Admins group or the Domain Admins group. Also you should be member of local Administrators group of the member server which you are going to promote as additional Domain Controller.
  13. Use netdom query /domain:YourDomain FSMO command. It will list all the FSMO role handling domain controllers.
  14. No, there should be only one Domain Controller handling RID master role in a Domain.
  15. There should be only one Domain Controller handling Infrastructure master role in a domain. Hence if you have two domains in a forest, you can configure two Infrastructure masters, one in each domain.
  16. If PDC emulator crashes, there will be immediate impact on the environment. User authentication will fail as password changes wont get effected, and there will be frequent account lock out issues. Network time synchronization will be impacted. It will also impact DFS consistency and Group policy replication as well.
  17. Domain controllers and Sites. Domain controllers are physical computers which is running Windows Server operating system and Active Directory data base. Sites are a network segment based on geographical location and which contains multiple domain controllers in each site.
  18. Domains, Organizational Units, trees and forests are logical components of Active Directory.
  19. Active Directory database is divided into different partitions such as Schema partition, Domain partition, and Configuration partition. Apart from these partitions, we can create Application partition based on the requirement.
  20. Adding one group as a member of another group is called 'group nesting'. This will help for easy administration and reduced replication traffic.
  21. Group types are categorized based on its nature. There are two group types: Security Groups and Distribution Groups. Security groups are used to apply permissions to resources where as distribution groups are used to create Exchange server email communication groups. Group scopes are categorized based on the usage. There are three group types: Domain Local Group, Global Group and Universal Group.
  22. Domain local groups are mainly used for granting access to network resources.A Domain local group can contain accounts from any domain, global groups from any domain and universal groups from any domain. For example, if you want to grant permission to a printer located at Domain A, to 10 users from Domain B, then create a Global group in Domain B and add all 10 users into that Global group. Then, create a Domain local group at Domain A, and add Global group of Domain B to Domain local group of Domain A, then, add Domain local group of Domain A to the printer(of Domain A) security ACL.
  23. Active Directory is backed up along with System State data. System state data includes Local registry, COM+, Boot files, NTDS.DIT and SYSVOL folder. System state can be backed up either using Microsoft's default NTBACKUP tool or third party tools such as Symantech NetBackup, IBM Tivoli Storage Manager etc.
  24. There are two types of Active Directory restores, Authoritative restore and Non-Authoritative restore.
  25. Non-Authoritative means, a normal restore of a single Domain controller in case that particular domain controller OS or hardware crashed. After non-authoritative restoration completed, compares its data base with peer domain controllers in the network and accepts all the directory changes that have been made since the backup. This is done through multi master replication. 
    Where as, in Authoritative restore, a restored data base of a Domain controller forcefully replicated to all the other domain controllers. Authoritative restore is performed to recover an active directory resource or object(eg. an Organizational Unit) which accidentally deleted and it needs to be restored.
  26. We can use NTDSUTIL command line to perform Authoritative restore of Active Directory. First, start a domain controller in 'Directory Service Restore Mode'. Then, restore the System State data of Domain controller using NTBACKUP tool. This is non-authoritative restore. Once non-authoritative restore is completed, we have to perform authoritative restore immediately before restarting the Domain Controller. 
    Open command prompt and type NTDSUTIL and enter, then type authoritative restore and press enter, then type restore database and press enter, click OK and then click Yes. This will restore all the data in authoritative restore mode. If you want to restore only a specific object or sub-tree, you can type below command instead of 'restore database'.
    restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx
  27. Authoritative restore, Configurable settings, Partition management, Set DSRM Password etc.
  28. A tombstone is a container object for deleted items from Active Directory database, even if objects are deleted, it will be kept hidden in the active directory data base for a specific period. This period is known as tombstone lifetime. Tombstone lifetime is 180 days on Windows Server 2003 SP1 and later versions of Windows Server.
  29. Garbage collection is a process of Active Directory. This process starts by removing the remains of previously deleted objects from the database. These objects are known as tombstones. Then, the garbage collection process deletes unnecessary log files. And the process starts a defragmentation thread to claim additional free space. The garbage collection process is running on all the domain controllers in an interval of 12 hours.
  30. In multimaster replication method, replication conflicts can happen. Objects with replication conflicts will be stored in a container called 'Lost and Found' container. This container also used to store orphaned user accounts and other objects.
  31. Lost and Found container can be viewed by enabling advanced features from View menu of Active Directory User and Computers MMC.
  32. Yes, it is included.
  33. [Never say no] We had set up an additional domain for a new subsidiary of the firm, and I was a member of the team who handled installation and configuration of domain controllers for the sub domain.[or] I was supporting an existing Active Directory network environment of the company, but I have installed and configured Active Directory in test environment several occasions.
  34. No one installs Active Directory in a cluster. There is no need of clustering a domain controller. Because Active Directory provides total redundancy with two or more servers.
  35. Active Directory Recycle bin is  a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backed up AD database, rebooting domain controller or restarting any services.
  36. Read only domain controller (RODC) is a feature of Windows Server 2008 Operating System. RODC is a read only copy of Active Directory database and it can be deployed in a remote branch office where physical security cannot be guaranteed. RODC provides more improved security and faster log on time for the branch office.
  37. To find out forest and domain functional levels in GUI mode, open ADUC, right click on the domain name and take properties. Both domain and forest functional levels will be listed there. TO find out forest and domain functional levels, you can use DSQUERY command.
  38. KCC can be expanded as Knowledge Consistency Checker. It is a protocol procecss running on all domain controllers, and it generates and maintains the replication topology for replication within sites and between sites.
  39. We can use command line tools such as repadmin and dcdiag. GUI tool REPLMON can also be used for replication monitoring and troubleshooting.
  40. SYSVOL is a folder exits on each domain controller, which contains Actvie Directory related files and folders. SYSVOL mainly stores important elements of Group Policy Objects and scripts, and it is being replicated among domain controllers using File Replication Service (FRS).
  41. Kerberos is a network authentication protocol. Active Directory uses Kerberos for user and resource authentication and trust relationship functionality. Kerberos uses port number 88.
  42. All versions of Windows Server Active Directory use Kerberos 5.
  43. Kerberos 88, LDAP 389, DNS 53, SMB 445.
  44. FQDN can be expanded as Fully Qualified Domain Name.It is a hierarchy of a domain name system which points to a device in the domain at its left most end. For example in system.
  45. Dsadd - to add an object to the directory, Dsget - displays requested properties of an object in AD, Dsmove - Used to move one object from one location to another in the directory, DSquery - To query specific objects.
  46. A tree in Active Directory is a collection of one or more domains which are interconnected and sharing global resources each other. If a tree has more than one domain, it will have contiguous namespace. When we add a new domain in an existing tree, it will be called a child domain.
    A forest is a collection of one or more trees which trust each other and sharing a common schema.It also shares common configuration and global catalog. When a forest contains more than one tree, the trees will not form a contiguous namespace.
  47. Replication between domain controllers inside a single site is called Intrasite replication, where as replication between domain controllers located in different sites is called Intersite replication. Intrasite replication will be very frequent, where as Intersite replication will be with specific interval and in a controlled fashion just to preserve network bandwidth.
  48. Shortcut trust is a manually created transitive trust which is configured to enable fast and optimized authentication process.For example, If we create short cut trust between two domains of different trees, they can quickly authenticate each other without traveling through the entire parent domains. short cut trust can be either one-way or two-way.
  49. Selective authentication is generally used in forest trust and external trusts. Selective authentication is a security setting which allows administrators to grant access to shared resources in their organization’s forest to a limited set of users in another organization’s forest. Selective authentication method can decide which groups of users in a trusted forest can access shared resources in the trusting forest.
  50. Trusts can be categorized by its nature. There can be two-way trust or one-way trust,implicit or explicit trust, transitive or non transitive trust. Trust can be categorized by types, such as parent and child, tree root trust, external trust, realm trust forest trust and shortcut trust.
  51. ADAC- Active Directory Administrative Center is a new GUI tool came with Windows Server 2008 R2, which provides enhanced data management experience to the admin. ADAC helps administrators to perform common Active Directory object management task across multiple domains with the same ADAC instance.
  52. ADSIEDIT- Active Directory Service Interfaces Editor is a GUI tool which is used to perform advanced AD object and attribute management. This Active Directory tool helps us to view objects and attributes that are not visible through normal  Active Directory Management Consoles. ADSIEDIT can be downloaded and installed along with Windows Server 2003 Support Tools.
  53. This is due to domain functional level. If domain functional level of Windows Server 2003 AD is Windows 2000 Mixed, Universal Group option will be greyed out. You need to raise domain functional level to Windows 2000 native or above.
  54. ADMT - Active Directory Migration Tool, is a tool which is used for migrating Active Directory objects from one domain to another. ADMT is an effective tool that simplifies the process of migrating users, computers, and groups to new domains.
  55. When a domain controller is disconnected for a period that is longer than the tombstone life time, one or more objects that are deleted from Active Directory on all other domain controllers may remain on the disconnected domain controller. Such objects are called lingering objects. Lingering objects can be removed from Windows Server 2003 or 2008 using REPADMIN utility.
  56. The Global catalog is a container which contains a searchable partial replica of all objects from all domains of the forest, and full replica of all objects from the domain where it is situated. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Global catalogs are mostly used in multidomain, multisite and complex forest environment, where as Global catalog does not function in a single domain forest.
  57. In a forest that contains only a single Active Directory domain, there is no harm in placing both GC and Infrastructure master in same DC, because Infrastructure master does not have any work to do in a single domain environment. But in a forest with multiple and complex domain structure, the infrastructure master should be located on a DC which is not a Global Catalog server. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold.
  58. Command line method:  nslookup gc._msdcs.<forest root DNS Domain Name>, nltest /dsgetdc:corp /GC. GUI method: Open DNS management, and under ‘Forward Lookup Zone’, click on GC container. To check if a server is GC or not, go to Active Directory Sites and Services MMC and under ‘Servers’ folder, take properties of NTDS settings of the desired DC and find Global Catalog option is checked.
  59. As per Microsoft, a single AD domain controller can create around 2.15 billion objects during its lifetime.
  60. When a user enters a user name and password, the computer sends the user name to the KDC. The KDC contains a master database of unique long term keys for every principal in its realm. The KDC looks up the user's master key (KA), which is based on the user's password. The KDC then creates two items: a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expiration time. The KDC encrypts this ticket by using its own master key (KKDC), which only the KDC knows. The client computer receives the information from the KDC and runs the user's password through a one-way hashing function, which converts the password into the user's KA. The client computer now has a session key and a TGT so that it can securely communicate with the KDC. The client is now authenticated to the domain and is ready to access other resources in the domain by using the Kerberos protocol.
  61. Lightweight Directory Access Protocol (LDAP) is an Internet standard protocol which is used as a standard protocol for Active Directory functions. It runs directly over TCP, and can be used to access a standalone LDAP directory service or to access a directory service that is back-ended by X.500.
  62. Active Directory related files are by default located at %SystemRoot%\ntds folder. NTDS.DIT is the main Active Directory database file. Apart from this other files such as EDB.LOG, EDB.CHK, RES1.LOG, TEMP.EDB etc. are also located at the same folder.
  63. Global Catalog servers produce huge traffic related to the replication process.There for making all the domain controllers in the forest as Global Catalog servers will cause network bandwidth poroblem. GCs should be placed based on Network bandwidth and user or application requirement.

Regards

Mohamed Rafi

 

 

 

 

Posted by at No comments:

Active Directory Interview Questions

  1. Explain three main features of Active Directory?
  2. What do you mean by Active Directory functional levels? How does it help an organization’s network functionality?
  3. What are the Domain and Forest functional levels of Windows Server 2003 AD?
  4. What are the Domain and Forest functional levels of Windows Server 2008 AD?
  5. How to add additional Domain Controller in a remote site with slower WAN link?
  6. How do we install Active Directory in Windows 7 Computer?
  7. What are the prerequisites to install Active Directory in a Server?
  8. What is FSMO role? (Or what are Single Master Operations / Flexible Single Master Operations / Operations Master Role / SMO / OMR?)
  9. Explain Infrastructure Master Role. What will be the impact if DC with Infrastructure Master Role goes down?
  10. What are the two forest specific FSMO roles?
  11. Which FSMO role directly impacting the consistency of Group Policy?
  12. I want to promote a new additional Domain Controller in an existing domain. Which are the groups I should be a member of?
  13. Tell me one easiest way to check all the 5 FSMO roles.
  14. Can I configure two RID masters in a domain?
  15. Can I configure two Infrastructure Master Role in a forest? If yes, please explain.
  16. What will be the impact on the network if Domain Controller with PDC Emulator crashes?
  17. What are the physical components of Active Directory?
  18. What are the logical components of Active Directory?
  19. What are the Active Directory Partitions? (Or what are Active Directory Naming Contexts? Or what is AD NC?)
  20. What is group nesting?
  21. Explain Group Types and Group Scopes?
  22. What is the feature of Domain Local Group?
  23. How will you take Active Directory backup?
  24. What are the Active Directory Restore types?
  25. How is Authoritative Restore different from non-Authoritative Restore?
  26. Explain me, how to restore Active Directory using command line?
  27. Tell me few switches of NTDSUTIL command.
  28. What is a tombstone? What is the tombstone lifetime period?
  29. What do you understand by Garbage Collection? Explain.
  30.  What is Lost and Found Container?
  31. Where can I locate Lost and Found Container?
  32. Is Lost and Found Container included in Windows Server 2008 AD?
  33. Have you ever installed Active Directory in a production environment?
  34. Do we use clustering in Active Directory? Why?
  35. What is Active Directory Recycle Bin?
  36. What is RODC? Why do we configure RODC?
  37. How do you check currently forest and domain functional levels? Say both GUI and Command line.
  38. Explain Knowledge Consistency Checker (KCC)
  39. What are the tools used to check and troubleshoot replication of Active Directory?
  40. What is SYSVOL folder used for?
  41. What is the use of Kerberos in Active Directory? Which port is used for Kerberos communication?
  42. Which version of Kerberos is used for Windows 2000/2003 and 2008 Active Directory?
  43. Please name few port numbers related to Active Directory.
  44. What is an FQDN?
  45. Tell me few DS commands and its usage.
  46. Explain Active Directory tree and forest.
  47. What are Intersite and Intrasite replication?
  48. What is shortcut trust?
  49. What is selective Authentication?
  50. Give me brief explanation of different types of Active Directory trusts.
  51. Have you heard of ADAC?
  52. What is the use of ADSIEDIT?  How do we install it in Windows Server 2003 AD?
  53. I am unable to create a Universal Security group in my Active Directory? What will be the possible reason?
  54. What is ADMT? What is it used for?
  55. What do you mean by Lingering Objects in AD? How to remove Lingering Objects?
  56. Explain Global Catalog. What kind of AD infrastructure makes most use of Global Catalog?
  57. Global Catalog and Infrastructure master roles cannot be configure in same Domain Controller. Why?
  58. How do you check all the GCs in the forest?
  59. How many objects can be created in Active Directory? (both 2003 and 2008)
  60. Can you explain the process between a user providing his Domain credential to his workstation and the desktop being loaded? Or how the AD authentication works?
  61. What is LDAP?
  62. Which is default location of Active Directory? What are the main files related to AD?
  63. In a large forest environment, why we don’t configure all Domain Controllers as GCs?
  64. What is NETDOM command line tool used for?
  65. What is role seizure? Who do we perform role seizure?
  66. What is ISTG? What is role of ISTG in Active Directory?
  67. Is it possible to find idle users who did not log in for last few months?
  68. Tell me the order of GPO as it applied.
  69. What are the uses of CSVDE and LDIFDE?
  70. What are the differences between a user object and contact object?
  71. What do you mean by Bridge Head server?
  72. What is urgent replication?
  73. Please explain Realm trust.
  74. Explain object class and object attribute.
  75. My organization wants to add new object attribute to the user object. How do you achieve it?
  76. What do you understand about GUID?
  77. What is the command used for Domain Controller decommissioning?
  78. Have you ever planned and implemented Active Directory infrastructure anywhere? Tell me few considerations we have to take during the AD planning.
  79. Name few differences from Windows Server 2003 AD and Windows Server 2008 AD.
  80. Which domain and forest functional level I will select if I am installing Windows Server 2008 AD in an Existing environment where we have Windows Server 2003 Domain Controllers?
  81. What are the replication intervals for Intersite and intrasite replication? Is there any change in 2003 and 2008?
  82. I want to transfer RID master role to a new Domain Controller. What are the steps I need to follow?
  83. Tell me few uses of NTDSUTIL commands?
  84. Name few services that directly impact the functionality of Domain Controller.
  85. You said there are 5 FSMO roles. Please explain what will be the impact on the AD infra if each FSMO roles fails?
  86. What is Active Directory defragmentation? How do you do AD defragmentation? And why do we do it?
  87. Tell me Different between online and offline defragmentation.
  88. How do you uninstall active directory? What are the precautions we have to take before removing active directory?
  89. A user is unable to log into his desktop which is connected to a domain. What are the troubleshooting steps you will consider?
  90. A Domain Controller called ABC is failing replication with XYZ. How do you troubleshoot the issue?
  91. A user account is frequently being locked out. How do you investigate this issue? What will be the possible solution suggest the user?
  92. Imagine you are trying to add a Windows 7 computer to Active Directory domain. But its showing an error ‘Unable to find Domain Controller’. How will you handle this issue?
  93. What are the services required for Active Directory replication?
  94. What is Active Directory application partition? What are the uses of it?
  95. Many users of a network are facing latency while trying to log into their workstations. How do you investigate this problem?
  96. Now, some questions related to Windows Server 2008 Active Directory. What do you mean by IDA? What are the new components of Windows 2K8 Active Directory?
  97. I want to edit the Active Directory Schema. How can I bring Schema editor into my MMC?
  98. Name few Active Directory Built in groups
  99. What are the differences between Enterprise Administrators and Domain Administrators groups?
  100. I have to create 1000 user objects in my Active Directory domain. Who can I achieve that with least administrative effort? Tell me few tools that I can use.

 

Posted by at No comments:
Subscribe to: Posts (Atom)