Q: What is LDAP?
A: LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other
programs use to look up information from a server.
Q: I have setup a time server in my internal network. However, I still get an error message
that The Windows Time Service was not able to find a Domain Controller.
A: Set the PDC emulator for the domain to synch with the new time source, the other DCs will
synch with the PDC FSMO and all the clients will synch with the authenticating DC.
Q: I have gp in AD that assigns large application to authenticated users, now this app is
installed on more than 150 computers, we have slow link to many sites and we don't have
servers there. So the question is how I can change from authenticated users to a special
group without installing the software again. I have not tried this because I'm afraid that I
will take many days to recover if it fails? How are you deploying and assigning to users?
A: Using GP software distribution (GPSD) there are a number of ways to deploy applications. It
might be best to create another group called "applicationx". Then start adding your users to
this group. Once the entire members belong to this group you can remove the
authenticated users. If you have lots of users and slow links it might be best to publish
rather than assign. This provides a more phased approach to users installing apps.
Providing you users are happy to go to control panel to install this might be better.
Q: I am currently had a mixed mode topology & running exchange 5.5. I am planning the
exch. 2000 upgrade is it best to upgrade directly or install a separate 2000 server and
migrate the mailboxes (swing method) and what are the pro's and cons.
A: Well, upgrading directly is the easiest way to go, but often also considered the riskier of the
two options. This method does not allow for extensive testing ahead of time, thereby
leading to potentially unknown pitfalls. We recommend in most cases in a production
environment to use the swing method by installing the ADC. This will allow you to build a
perfect world and migrate slowly and with less risk.
Q: What is the best process for change the pass for admin? This is for the account manages
the exchange, cluster and other services and do I have to change the pass option in each
server and services?
A: If you mean you have a lot of services that are running under an account with a specific
password you will need to change the password and then go into each service in Services
applet to change the password.
Q: What is NETDOM?
A: NETDOM utility in Microsoft Windows NT Server 4.0 Resource Kit. NETDOM lets you build
new trust relationships and reset existing trusts from the command line.
Q: What’s the difference between standalone and fault-tolerant DFS (Distributed File System)
installations?
A: The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a
shared folder is inaccessible or if the Dfs root server is down, users are left with no link to
the shared resources. A fault-tolerant root node stores the Dfs topology in the Active
Directory, which is replicated to other domain controllers. Thus, redundant root nodes may
include multiple connections to the same data residing in different shared folders.
We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Use
the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant
shares.
Q: How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
A: Time stamp is attached to the initial client request, encrypted with the shared key.
Q: What third-party certificate exchange protocols are used by Windows 2003 Server?
A: Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7
certificate response to exchange CA certificates with third-party certificate authorities.
Q: What’s the number of permitted unsuccessful logons on Administrator account?
A: Unlimited. Remember, though, that it’s the Administrator account, not any account that’s
part of the Administrators group.
Q: If hashing is one-way function and Windows Server uses hashing for storing passwords,
how is it possible to attack the password lists, specifically the ones using NTLMv1?
A: A cracker would launch a dictionary attack by hashing every imaginable term used for
password and then compare the hashes.
Q: What’s the difference between guest accounts in Server 2003 and other editions?
A: More restrictive in Windows Server 2003.
Q: How many passwords by default are remembered when you check "Enforce Password
History Remembered"?
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
A: User’s last 6 passwords.
Q: If I delete a user and then create a new account with the same username and password,
would the SID and permissions stay the same?
A: No. If you delete a user account and attempt to recreate it with the same user name and
password, the SID will be different.
Q: What’s the difference between the basic disk and dynamic disk?
A: The basic type contains partitions, extended partitions, logical drivers, and an assortment of
static volumes; the dynamic type does not use partitions but dynamically manages volumes
and provides advanced storage options
Q: Can I change password if my machine’s connectivity to DC who holds PDC emulator role has
been fails?
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
A: No you can’t change the password.
Q: What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global
Catalog?
A: SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268
Q: I have been asked if there is set of 30 hard disk configured for raid 5 if two hard disks failed
what about data?
A: It depends how you had configured your RAID, its only Raid5 or with spare. If it’s only raid
5 then in raid5 if your 2 HDD goes then your raid is gone
Q: How can I Deploy the Latest Patched in Pc through G.P. without having the Admin Right in
Pc?
A: You can publish or assign MSI packages or Zap files. They are the only two valid file formats
allowable when using “intellimirror” in active directory.
Q: What is forest?
A: Forest is a collection of trees. Tree is nothing but collection domains which is having same
name space.
Q: How can I delete a failed Domain Controller object from Active Directory?
A: You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active
Directory Users and Computer. Also, make sure that you use an account that is a member
of the Enterprise Admins universal group
Q: A Company decides to enter into a joint venture with one of the vendors. This venture will
result in the creation of a third company that will require its own Internet presence.
Systems administration duties for the new company will be shared equally by a parent
company and vendor. Parent Company and vender currently have separate Active Directory
forests. Which modifications should you make to Active Directory to support the joint
venture requirements?
A: Create a new tree for the new company. Create this tree in parent company’s forest
Q: "I need an up-to-date list of disk space usage for all servers, on my desk in 5 minutes"
A: With Windows Server 2003 commands: FOR /F %%A IN (servers.txt) DO (
WMIC /Node:%%A LogicalDisk Where DriveType="3" Get
DeviceID,FileSystem,FreeSpace,Size /Format: CSV | MORE /E +2 >> SRVSPACE.CSV
)
Q: Difference between Windows 2003 Standard Edition and Windows 2003 Enterprise Edition.
Windows 2003 Features Standard Ed Enterprise Ed
Clustering
Server clusters
Active Directory Federation Services
ADFS Proxy
Microsoft Identity Integration Server 2003 (MIIS) support
8-way symmetric multiprocessing (SMP) support
Support for 32 GB of RAM
Support for 64 GB of RAM
Hot Add Memory
Microsoft Identity Integration Server 2003 (MIIS) support
Terminal Server Session Directory
Virtualized OS instances with license: Enterprise Edition
Non-Uniform Memory Access (NUMA)
Q: You are the administrator of your company’s network. Your company has its main office in
Seattle and branch offices in London, Paris, and Rio de Janeiro. The local admin at each
branch office must be able to control users and local resources.
You want to prevent the local administrators from controlling resources in branch offices
other than their own. You want to create an Active Directory structure to accomplish these
goals.
What should you do?
A: Create child OUs for each office. Delegate control of each OU to the local administrators at
each office.
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
Q: You are installing a new Windows 2000 Server computer on your existing Windows NT
network. You run DCPromo.exe to promote the server to a domain controller in a domain
named domain.local. You receive the following error message: “The domain name specified
is already in use on the network”. There are no other Windows 2000 domains on your
network. What should you do?
A: Change the down level domain name to domain1.
Q: You are the administrator of your company’s network. The company has two native-mode
domains in six sites. Each site has one or more domain controllers. Users report that at
times of high network usage, authentication and directory searches are extremely slow. You
want to improve network performance. What should you do?
A: Designate a domain controller in each site as a global catalog server.
Q: You are the administrator of a Windows 2000 network. The network is composed of four
domains named arborshoes.com, na.arborshoes.com, sa.arborshoes.com, and
fabrikam.com. the root of the forest is arborshoes.com. There are two Windows NT BDCs in
each domain. Graphic artists place finished artwork for Fabrikam, Inc., in a shared folder
located on a domain controller named bna01.fabrikam.com. Read and Write permissions are
granted to the Artists Domain Local group in the fabrikam.com domain. Sharon is a
member of the Graphic Artists global distribution group in the na.arborshoes.com domain.
She is unable to gain access to the shared folder. You want to allow Sharon access to the
shared folder. What should you do?
A: Change the Graphic Artists group type to Security and add it to the Artists Domain Local
group.
Q: You are the administrator of a Windows 2000 domain. The domain is in native mode. The
domain contains 15 Windows 2000 Server computers that are functioning as domain
controllers and 1,500 Windows NT Workstation client computers During a power outage, the
first domain controller that you installed suffers a catastrophic hardware failure and will not
restart. After the power outage, users report that password changes do not take effect for
several hours. In addition, users are not able to log on or connect to resources by using
their new passwords. What should you do to correct this problem?
A: Using the Ntdsutil utility, connect to another domain controller and seize the PDC emulator
role.
Q: Which FSMO role takes care of user to group references in a Domain Controller?
A: Infrastructure Master
Q: At which during the startup/logon sequence is the group policy for the user processed?
A: The group policy for the user applied after the user logs on but the before the user's
desktop appears.
Q: You are the administrator of a domain named wipro.com. The domain contains OU name
Sales that has 20 users. In the Active directory user and computers console on a domain
controller computer console on a domain controller name DC1. You inadvertently delete the
sales OU. You want to reinstate the sales OU. What should you do?
A: Perform authoritative restore of the Sales OU from the last backup
Q: Which FSMO role takes care of modification to the schema on a Domain Controller?
A: Schema Master
Q: How many number of global catalog servers you can have in a forest?
A: Any number
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
Q: You have accidentally deleted an organizational unit from your Windows 2003 domain and
wish to perform a authoritative restore for the organizational unit. Which tool do you use to
mark the deleted organizational unit as authoritative during the restore process?
A: NTDSUTIL
Q: When you run DCPromo.exe to install the new child domain, you receive an error message
stating that the existing domain cannot be contacted. Installation of the new child domain
will not proceed. What should you do to correct this problem?
A: Configure the new domain controller with the address of an authoritative DNS server for the
existing domain.
Q: You are the administrator of your company. Your company has its main office in Bangalore
and branch offices in Delhi, and Mumbai. The local admin at each branch office must be
able to control users and local resources. You want to prevent the local administrators from
controlling resources in branch offices other than their own. You want to create an Active
Directory structure to accomplish these goals. What should you do?
A: Create child OUs for each office. Delegate control of each OU to the local administrators at
each office.
Q: You are the administrator of your company’s network. The company has two native-mode
domains in six sites. Each site has one or more domain controllers. Users report that at
times of high network usage, authentication and directory searches are extremely slow. You
want to improve network performance. What should you do?
A: Designate a domain controller in each site as a global catalog server.
Q: You are installing a new Window 2003 Server computer on your existing Windows 2000
network. You run DCPromo.exe to promote the server to a domain controller in a domain
named domain.local. You receive the following error message: “The domain
name specified is already in use on the network”. There are no other Windows 2000
domains on your network. What should you do?
A: Change the down level domain name to domain1.