Anda di halaman 1dari 8

INTERVIEW QUESTIONS FOR WINDOWS DOMAIN

Q: What is Active Directory?


A: An active directory is a directory structure used on Microsoft Windows based computers and
servers to store information and data about networks and domains. It is primarily used for
online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including
the ability to provide information on objects, helps organize these objects for easy retrieval
and access, allows access by end users and administrators and allows the administrator to
set security up for the directory.

Q: What is LDAP?
A: LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other
programs use to look up information from a server.

Q: I have setup a time server in my internal network. However, I still get an error message
that The Windows Time Service was not able to find a Domain Controller.
A: Set the PDC emulator for the domain to synch with the new time source, the other DCs will
synch with the PDC FSMO and all the clients will synch with the authenticating DC.

Q: I have gp in AD that assigns large application to authenticated users, now this app is
installed on more than 150 computers, we have slow link to many sites and we don't have
servers there. So the question is how I can change from authenticated users to a special
group without installing the software again. I have not tried this because I'm afraid that I
will take many days to recover if it fails? How are you deploying and assigning to users?
A: Using GP software distribution (GPSD) there are a number of ways to deploy applications. It
might be best to create another group called "applicationx". Then start adding your users to
this group. Once the entire members belong to this group you can remove the
authenticated users. If you have lots of users and slow links it might be best to publish
rather than assign. This provides a more phased approach to users installing apps.
Providing you users are happy to go to control panel to install this might be better.

Q: Can I create a script for GPO report?


A: There are pre-prepared scripts you don't need to create them. There is directory called
scripts created in the installation, take a look in there

Q: I am currently had a mixed mode topology & running exchange 5.5. I am planning the
exch. 2000 upgrade is it best to upgrade directly or install a separate 2000 server and
migrate the mailboxes (swing method) and what are the pro's and cons.
A: Well, upgrading directly is the easiest way to go, but often also considered the riskier of the
two options. This method does not allow for extensive testing ahead of time, thereby
leading to potentially unknown pitfalls. We recommend in most cases in a production
environment to use the swing method by installing the ADC. This will allow you to build a
perfect world and migrate slowly and with less risk.

Q: Is it possible to change the name of root domain after installation of ADS?


A: Not in Windows 2000 AD

Q: What is the best process for change the pass for admin? This is for the account manages
the exchange, cluster and other services and do I have to change the pass option in each
server and services?
A: If you mean you have a lot of services that are running under an account with a specific
password you will need to change the password and then go into each service in Services
applet to change the password.

Q: How many Domain Controller do I need appr. for 600 User?


A: You could actually use just 1 DC in your scenario. I would recommend 2 DCs for
redundancy in case 1 DC goes down

Q: What is the SYSVOL folder?


A: The sysVOL folder stores the server's copy of the domain's public files. The contents such
as group policy, users etc of the sysvol folder are replicated to all domain controllers in the
domain. The sysvol folder must be located on an NTFS volume.
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
Q: What is the Global Catalog?
A: The global catalog is a distributed data repository that contains a searchable, partial
representation of every object in every domain in a multidomain Active Directory forest.
The global catalog is stored on domain controllers that have been designated as global
catalog servers and is distributed through multimaster replication. Searches that are
directed to the global catalog are faster because they do not involve referrals to different
domain controllers.

Q: What is REPLMON? What is REPADMIN?


A: Replmon displays information about Active Directory Replication. Repadmin.exe is a
command-line utility that is designed to help administrators monitor, diagnose, and
troubleshoot replication problems in Active Directory.

Q: What is NETDOM?
A: NETDOM utility in Microsoft Windows NT Server 4.0 Resource Kit. NETDOM lets you build
new trust relationships and reset existing trusts from the command line.

Q: What are sites? What are they used for?


A: A site is a grouping of machines based on a subnet of TCP/IP addresses. Generally this
refers to a physical site such as a portion of the organization in particular city or part of a
city which is linked by leased lines or other media to other parts of the organization

Q: What is KCC (Knowledge Consistency Checker)


A: A connection object is a connection that AD uses for replication. Connection objects are
fault tolerant. When a communication fails, AD will automatically reconfigure itself to use
another route to continue replication. The process that creates connection objects is called
Knowledge Consistency Checker (KCC)

Q: What are the requirements for installing AD on a new server?


A: The following software and hardware requirements apply to a full installation or a Server
Core installation of the Windows Server 2003 operating system:
 Install Windows Server 2003
 Configure appropriate TCP/IP and Domain Name System (DNS) server addresses.
 The drives that store the database, log files, and SYSVOL folder for Active Directory
Domain Services (AD DS) must be placed on a local fixed volume. SYSVOL must be
placed on a volume that is formatted with the NTFS file system. For security
purposes, the Active Directory database and log files should be placed on a volume
that is formatted with NTFS
Traditionally, the Active Directory database and log files are placed on disk drives that are
physically local to the domain controller computer. As an option, you can place the
Active Directory database and log files on a nonlocal storage device if the device appears to
be “local” to the GetDriveType function that Dcpromo.exe uses and it does not have
advanced rollback, undo, or snapshot features enabled. For more information about the
GetDriveType function, see GetDriveType Function
You must perform all backups and restores of AD DS, including rolling the contents of
AD DS “back in time,” by using system state backups that are created by supported backup
application programming interfaces (APIs) and methods.
You must perform all backups and restores of AD DS, including rolling the contents of
AD DS “back in time,” by using system state backups that are created by supported backup
application programming interfaces (APIs) and methods.
When you use an answer file to perform an unattended installation of AD DS, specify a
[DCINSTALL] section in the answer file with appropriate parameters. For a list of entries for
the [DCINSTALL] section of the answer file.
Verify that Adprep.exe operations are complete. Before you can add AD DS to a server that
is running Windows Server 2008 in an existing Active Directory environment, you must
prepare the environment by running Adprep.exe. For more information about running
Adprep.exe
Verify that a DNS infrastructure is in place. Before you add AD DS to create a domain or
forest, be sure that a DNS infrastructure is in place on your network. When you install
AD DS, you can include DNS server installation, if it is needed. When you create a new
domain, a DNS delegation is created automatically during the installation process.

Q: How can you forcibly remove AD from a server?


A: Demote the DC by running DCPromo with the /forceremoval switch
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN

Q: What are the FSMO roles?


A: In a forest, there are five FSMO roles that are assigned to one or more domain controllers.
The five FSMO roles are:
Schema Master: The schema master domain controller controls all updates and
modifications to the schema.
Domain naming master: The domain naming master domain controller controls the
addition or removal of domains in the forest.
Infrastructure Master: When an object in one domain is referenced by another object in
another domain, it represents the reference by the GUID, the SID (for references to
security principals), and the DN of the object being referenced.
Relative ID (RID) Master: The RID master is responsible for processing RID pool
requests from all domain controllers in a particular domain.
PDC Emulator: The PDC emulator is necessary to synchronize time in an enterprise.
Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by
the Kerberos authentication protocol

Q: How to backup Active Directory? –


A: Take the system state data backup. This will backup the active directory database. Microsoft
recommend only Full backup of system state database

Q: What hidden shares exist on Windows Server 2003 installation?


A: Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

Q: What’s the difference between standalone and fault-tolerant DFS (Distributed File System)
installations?
A: The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a
shared folder is inaccessible or if the Dfs root server is down, users are left with no link to
the shared resources. A fault-tolerant root node stores the Dfs topology in the Active
Directory, which is replicated to other domain controllers. Thus, redundant root nodes may
include multiple connections to the same data residing in different shared folders.
We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Use
the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant
shares.

Q: Where exactly do fault-tolerant DFS shares store information in Active Directory?


A: In Partition Knowledge Table, this is then replicated to other domain controllers.

Q: Is Kerberos encryption symmetric or asymmetric?


A: Symmetric.

Q: How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
A: Time stamp is attached to the initial client request, encrypted with the shared key.

Q: What hashing algorithms are used in Windows 2003 Server?


A: RSA Data Security’s Message Digest 5 (MD5), produces a 128-bit hash, and the Secure
Hash Algorithm 1 (SHA-1), produces a 160-bit hash.

Q: What third-party certificate exchange protocols are used by Windows 2003 Server?
A: Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7
certificate response to exchange CA certificates with third-party certificate authorities.
Q: What’s the number of permitted unsuccessful logons on Administrator account?
A: Unlimited. Remember, though, that it’s the Administrator account, not any account that’s
part of the Administrators group.

Q: If hashing is one-way function and Windows Server uses hashing for storing passwords,
how is it possible to attack the password lists, specifically the ones using NTLMv1?
A: A cracker would launch a dictionary attack by hashing every imaginable term used for
password and then compare the hashes.

Q: What’s the difference between guest accounts in Server 2003 and other editions?
A: More restrictive in Windows Server 2003.

Q: How many passwords by default are remembered when you check "Enforce Password
History Remembered"?
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
A: User’s last 6 passwords.

Q: What’s new in Windows Server 2003 regarding the DNS management?


A: When DC promotion occurs with an existing forest, the Active Directory Installation Wizard
contacts an existing DC to update the directory and replicate from the DC the required
portions of the directory. If the wizard fails to locate a DC, it performs debugging and
reports what caused the failure and how to fix the problem. In order to be located on a
network, every DC must register in DNS DC locator DNS records. The Active Directory
Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS
configuration debugging and reporting activity is done with the Active Directory Installation
Wizard.

Q: When should you create a forest?


A: Organizations that operate on radically different bases may require separate trees with
distinct namespaces. Unique trade or brand names often give rise to separate DNS
identities. Organizations merge or are acquired and naming continuity is desired.
Organizations form partnerships and joint ventures. While access to common resources is
desired, a separately defined tree can enforce more direct administrative and security
restrictions.

Q: If I delete a user and then create a new account with the same username and password,
would the SID and permissions stay the same?
A: No. If you delete a user account and attempt to recreate it with the same user name and
password, the SID will be different.

Q: What’s the difference between the basic disk and dynamic disk?
A: The basic type contains partitions, extended partitions, logical drivers, and an assortment of
static volumes; the dynamic type does not use partitions but dynamically manages volumes
and provides advanced storage options

Q: How do you install recovery console?


A: C:\i386\win32 /cmdcons, assuming that your Win server installation is on drive C.

Q: What’s new in Terminal Services for Windows 2003 Server?


A: Supports audio transmissions as well, although prepare for heavy network load.

Q: Why paging is used?


A: Paging is solution to external fragmentation problem which is to permit the logical address
space of a process to be noncontiguous, thus allowing a process to be allocating physical
memory wherever the latter is available.

Q: What is virtual memory?


A: Virtual memory is hardware technique where the system appears to have more memory
that it actually does. This is done by time-sharing, the physical memory and storage parts
of the memory one disk when they are not actively being used.

Q: What is Context Switch?


A: Switching the CPU to another process requires saving the state of the old process and
loading the saved state for the new process. This task is known as a context switch.
Context-switch time is pure overhead, because the system does no useful work while
switching. Its speed varies from machine to machine, depending on the memory speed, the
number of registers which must be copied, the existed of special instructions(such as a
single instruction to load or store all registers).

Q: What is cache memory?


A: Cache memory is random access memory (RAM) that a computer microprocessor can
access more quickly than it can access regular RAM. As the microprocessor processes data,
it looks first in the cache memory and if it finds the data there (from a previous reading of
data), it does not have to do the more time-consuming reading of data from larger
memory.

Q: Can I change password if my machine’s connectivity to DC who holds PDC emulator role has
been fails?
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
A: No you can’t change the password.

Q: What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global
Catalog?
A: SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268

Q: I have been asked if there is set of 30 hard disk configured for raid 5 if two hard disks failed
what about data?
A: It depends how you had configured your RAID, its only Raid5 or with spare. If it’s only raid
5 then in raid5 if your 2 HDD goes then your raid is gone

Q: How can I Deploy the Latest Patched in Pc through G.P. without having the Admin Right in
Pc?
A: You can publish or assign MSI packages or Zap files. They are the only two valid file formats
allowable when using “intellimirror” in active directory.

Q: How Can I Resolve the Server name through Nslookup?


A: Nslookup command will let you know through which server you are getting routed.

Q: DHCP relay agent where to place it?


A: DHCP Relay agent u need to place in Software Router.

Q: What is forest?
A: Forest is a collection of trees. Tree is nothing but collection domains which is having same
name space.

Q: What are the chronicle records of DNS zones?


A: In Windows 2000 there are mainly 3 zones (i) Standard Primary — zone information writes
in Txt file (ii) Standard Secondary — copy of Primary (iii) Active Directory Integrated–
Information stores in Active Directory. In win2k3 one more zone is added that is Stub zone
- –Stub is like secondary but it contains only copy of SOA records, copy of NS records, copy
of A records for that zone. No copy of MX, SRV records etc., with this Stub zone DNS traffic
will be low

Q: What are the contents of System State backup?


A: The contents are (a) Boot files, system files (b) Active directory (if its done on DC) (c)
Sysvol folder(if it done on DC) (d) Certificate service ( on a CA server) (e) Cluster database
(on a cluster server) registry (f) Performance counter configuration information (g)
Component services class registration database

Q: How can I delete a failed Domain Controller object from Active Directory?
A: You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active
Directory Users and Computer. Also, make sure that you use an account that is a member
of the Enterprise Admins universal group
Q: A Company decides to enter into a joint venture with one of the vendors. This venture will
result in the creation of a third company that will require its own Internet presence.
Systems administration duties for the new company will be shared equally by a parent
company and vendor. Parent Company and vender currently have separate Active Directory
forests. Which modifications should you make to Active Directory to support the joint
venture requirements?
A: Create a new tree for the new company. Create this tree in parent company’s forest

Q: How do you create a Printers Container in Active Directory?


A: To create a Printers container in which to list your printers in Active Directory:
1. Click Start, point to Programs, point to Windows 2000 Support Tools, point to Tools,
and then click ADSI Edit
2. Expand Domain NC [Domain Name], and then click DC=Domain, DC=com
3. On the Action menu, point to New, and then click Object
4. In the Select a class box, click container, and then click Next.
5. In the Value box, type Printers, and then click Next.
6. Click Finish.
A CN=Printers container appears in the right pane of ADSI Edit.
7. Right-click CN=Printers, and then click Properties.
8. Click the Attributes tab.
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
9. In the Select a property to view box, click showInAdvancedViewOnly, and then click
Clear.
10. In the Edit Attribute box, type false, click Set, and then click OK.
11. Quit ADSI Edit.
12. Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Users and Computers. The Printers container that you created appears in
the list of directory objects
13. On the View menu, click Advanced Features
14. On the View menu, click Users, Groups, and Computers as containers
15. Move the printers that you want to the Printers container.
16. Quit Active Directory Users and Computers

Q: How many users are logged on/connected to a server?


A: The server's console itself, with native commands only:
NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:
PSEXEC \\servername NET SESSION | FIND /C "\\"

Q: When did someone last change his password?


A: With the native NET command: NET USER loginname /DOMAIN|FIND /I "Password last set"

Q: "I need an up-to-date list of disk space usage for all servers, on my desk in 5 minutes"
A: With Windows Server 2003 commands: FOR /F %%A IN (servers.txt) DO (
WMIC /Node:%%A LogicalDisk Where DriveType="3" Get
DeviceID,FileSystem,FreeSpace,Size /Format: CSV | MORE /E +2 >> SRVSPACE.CSV
)

Q: Difference between Windows 2003 Standard Edition and Windows 2003 Enterprise Edition.
Windows 2003 Features Standard Ed Enterprise Ed
Clustering  
Server clusters  
Active Directory Federation Services  
ADFS Proxy  
Microsoft Identity Integration Server 2003 (MIIS) support  
8-way symmetric multiprocessing (SMP) support  
Support for 32 GB of RAM  
Support for 64 GB of RAM  
Hot Add Memory  
Microsoft Identity Integration Server 2003 (MIIS) support  
Terminal Server Session Directory  
Virtualized OS instances with license: Enterprise Edition  
Non-Uniform Memory Access (NUMA)  
Q: You are the administrator of your company’s network. Your company has its main office in
Seattle and branch offices in London, Paris, and Rio de Janeiro. The local admin at each
branch office must be able to control users and local resources.
You want to prevent the local administrators from controlling resources in branch offices
other than their own. You want to create an Active Directory structure to accomplish these
goals.
What should you do?
A: Create child OUs for each office. Delegate control of each OU to the local administrators at
each office.
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN

Q: You are installing a new Windows 2000 Server computer on your existing Windows NT
network. You run DCPromo.exe to promote the server to a domain controller in a domain
named domain.local. You receive the following error message: “The domain name specified
is already in use on the network”. There are no other Windows 2000 domains on your
network. What should you do?
A: Change the down level domain name to domain1.

Q: You are the administrator of your company’s network. The company has two native-mode
domains in six sites. Each site has one or more domain controllers. Users report that at
times of high network usage, authentication and directory searches are extremely slow. You
want to improve network performance. What should you do?
A: Designate a domain controller in each site as a global catalog server.

Q: You are the administrator of a Windows 2000 network. The network is composed of four
domains named arborshoes.com, na.arborshoes.com, sa.arborshoes.com, and
fabrikam.com. the root of the forest is arborshoes.com. There are two Windows NT BDCs in
each domain. Graphic artists place finished artwork for Fabrikam, Inc., in a shared folder
located on a domain controller named bna01.fabrikam.com. Read and Write permissions are
granted to the Artists Domain Local group in the fabrikam.com domain. Sharon is a
member of the Graphic Artists global distribution group in the na.arborshoes.com domain.
She is unable to gain access to the shared folder. You want to allow Sharon access to the
shared folder. What should you do?
A: Change the Graphic Artists group type to Security and add it to the Artists Domain Local
group.

Q: You are the administrator of a Windows 2000 domain. The domain is in native mode. The
domain contains 15 Windows 2000 Server computers that are functioning as domain
controllers and 1,500 Windows NT Workstation client computers During a power outage, the
first domain controller that you installed suffers a catastrophic hardware failure and will not
restart. After the power outage, users report that password changes do not take effect for
several hours. In addition, users are not able to log on or connect to resources by using
their new passwords. What should you do to correct this problem?
A: Using the Ntdsutil utility, connect to another domain controller and seize the PDC emulator
role.

Q: Which FSMO role takes care of user to group references in a Domain Controller?
A: Infrastructure Master

Q: At which during the startup/logon sequence is the group policy for the user processed?
A: The group policy for the user applied after the user logs on but the before the user's
desktop appears.

Q: A domain local group can contain one of the following:


A: Users from any domain in the forest

Q: What resources are published to the Active Directory by default?


A: Users, Groups, Computers

Q: Which is the resource to be manually published in the Active Directory?


A: Shared Folder

Q: You are the administrator of a domain named wipro.com. The domain contains OU name
Sales that has 20 users. In the Active directory user and computers console on a domain
controller computer console on a domain controller name DC1. You inadvertently delete the
sales OU. You want to reinstate the sales OU. What should you do?
A: Perform authoritative restore of the Sales OU from the last backup

Q: Which FSMO role takes care of modification to the schema on a Domain Controller?
A: Schema Master

Q: How many number of global catalog servers you can have in a forest?
A: Any number
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
Q: You have accidentally deleted an organizational unit from your Windows 2003 domain and
wish to perform a authoritative restore for the organizational unit. Which tool do you use to
mark the deleted organizational unit as authoritative during the restore process?
A: NTDSUTIL

Q: What is the Criteria for implementing multiple Sites in Windows 2003


A: Bandwidth Availability

Q: Which FSMO role takes care of Creation of RID POOLS?


A: RID Master

Q: When you run DCPromo.exe to install the new child domain, you receive an error message
stating that the existing domain cannot be contacted. Installation of the new child domain
will not proceed. What should you do to correct this problem?
A: Configure the new domain controller with the address of an authoritative DNS server for the
existing domain.

Q: What is the minimum Disk Space required to install Active Directory?


A: 200 MB for AD+50 MB for Log Files

Q: You are the administrator of your company. Your company has its main office in Bangalore
and branch offices in Delhi, and Mumbai. The local admin at each branch office must be
able to control users and local resources. You want to prevent the local administrators from
controlling resources in branch offices other than their own. You want to create an Active
Directory structure to accomplish these goals. What should you do?
A: Create child OUs for each office. Delegate control of each OU to the local administrators at
each office.

Q: You are the administrator of your company’s network. The company has two native-mode
domains in six sites. Each site has one or more domain controllers. Users report that at
times of high network usage, authentication and directory searches are extremely slow. You
want to improve network performance. What should you do?
A: Designate a domain controller in each site as a global catalog server.

Q: You are installing a new Window 2003 Server computer on your existing Windows 2000
network. You run DCPromo.exe to promote the server to a domain controller in a domain
named domain.local. You receive the following error message: “The domain
name specified is already in use on the network”. There are no other Windows 2000
domains on your network. What should you do?
A: Change the down level domain name to domain1.

Anda mungkin juga menyukai