ACTIVE DIRECTORY 1

1) What is Active directory?

Ans: active directory is a centralized hierarchial directory database and it’s a
directory service which contains information of all user accounts and shared
resources on a network.
2) What is a tree?
Ans: a tree is a collection of domains that share a single dns name space and are
connected by transitive trust relationship.
3) What is forest?
Ans: A forest is collection of one or more domains that share a common schema
and global catalog.
4) What is organizational unit? And it’s purpose?
Ans: OU are additional container objects that can store users, computers, groups &
other OU’s.
Purpose:
1) To delegate administration
2) To manage the application of group policy.
5) What are sites?
Ans: a site is a physical component of active directory that is used to define and
represent the topology of a network.
A site is collection of one or more well connected IP subnets.
Uses:
1) To control replication traffic
2) To make authentication faster and more efficient.
3) To locate the nearest server providing directory enabled services.
6) What is a domain controller?
Ans: domain controllers are the physical storage location for the active directory
database.
7) What are physical components of a active directory?
Ans: Domain controllers, sites.
8) What are logical components of active directory?
Ans: Forests, trees, domains, OU’s
9) What is the command to make a server into domain controller in win
2000&2003?
Ans: DCPROMO.
10) What is the command to remove the domain controller functionality?
Ans: DCPROMO /FORCEREMOVAL.

11) what is the location & file system type where the active directory
Information is installed?
Ans: On NTFS partition, c:\windows\ntds.dit&c:\windows\sysvolv.
12) for the replication between dc&adc some file are used, what is the location
of that directory?
Ans:c:\windows\sysvolv.
13) which version of active directory in win2000&win2003?
Ans: Win2000 : 1.0
Win2003 : 1.1.
14) what is the command used to install active directory on remote servers?
Ans: dcpromo /answer: answerfile
(Answer file is a text file created from the /support/tool folder by using deploy.cab
file)
15) what is the type of backup is used to take the active directory?
Ans: system state data backup.
16) which protocol plays the security role for the authentication in
2000&2003?
Ans: KEREBROS
17) What is version of kerebros in 2003 o/s?
Ans: KEREBROS v 5.5
18) what is the protocol used by the active directory to perform it’s function?
Ans:LDAP : Light weight directory access protocol base on tcp/ip.
19) How many services are installed, when you install active directory and
what are they?
Ans: Total five services
1)Active directory domains &t rusts
2)Active directory sites and services
3)Active directory users and groups
4)Domain controller security policy.
5)Domain security policy.
20) what is the command which display the dc. ADC, member server?
Ans: Net accounts.
21) what is command to know the SID,RID,DID of a user?
Ans: who am I /user(SID: security identifier
21) can you create a new domain tree in existing forest in win2000?
Ans:No, in win 2003 only we can create.
22) In what replication process goes in win2000 and win2003?
Ans: two way replication process.(ADC::read &write copy)
22) How can you authenticate between forests?
A: Windows 2000 always uses NTLM for authentication between forests; 2003
will use kerebros if and only if dns is used while setting up the domains. If the
netbios name is uses; NTLM is used for 2003.
23) What types of classes exist in Windows Server 2003 Active Directory?
A: Structural class. The structural class is important to the system administrator
in that it is the only type from which new Active Directory objects are created.
Structural classes are developed from either the modification of an existing
structural type or the use of one or more abstract classes.
Abstract class. Abstract classes are so named because they take the form of
templates that actually create other templates (abstracts) and structural and
auxiliary classes. Think of abstract classes as frameworks for the defining objects.
Auxiliary class. The auxiliary class is a list of attributes. Rather than apply
numerous attributes when creating a structural class, it provides a streamlined
alternative by applying a combination of attributes with a single include action.
88 class. The 88 class includes object classes defined prior to 1993, when the 1988
X.500 specification was adopted. This type does not use the structural, abstract,
and auxiliary definitions, nor is it in common use for the development of objects in
Windows Server 2003 environments
25) When should you create a forest?
A: Organizations that operate on radically different bases may require separate
trees with distinct namespaces. Unique trade or brand names often give rise to
separate DNS identities. Organizations merge or are acquired and naming
continuity is desired. Organizations form partnerships and joint ventures. While
access to common resources is desired, a separately defined tree can enforce more
direct administrative and security restrictions.
26) what type domain names are used in win 2003& win2000?
Ans:Fully qualified domain names(Any name with extension)
27)what are the six underplaying major roles in active directory to be
transferred to ADC from DC to make additional domain controller to act as a
domain controller?
Ans:1)Domain naming master 6)Global catalog server.
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master
28)what are FSOM rules?
Ans: FSOM stands for flexible Single operation Master
:1)Domain naming master
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master
29) Define the six responsibilities of an active directory?
Ans:
Domain naming master: ensures the domain names to be unique.
Schema master: classes and attributes and architecture is maintained by the
schema.
RID Master: ensures user accounts to be unique
PDC Emulator: Act as a emulator for user login, replication between DC and
BDC’s.
Infrastructure Master: responsible for changes or modifications in group
membership.
Allows to user to move from one group to other.
30) What snap-in administrative tools are available for Active Directory?
A: Active Directory Domains and Trusts Manager, Active Directory Sites and
Services Manager, Active Directory Users and Group Manager, Active Directory
Replication (optional, available from the Resource Kit), Active Directory Schema
Manager (optional, available from admin pack)
31) How do you delete a lingering object?
A: Windows Server 2003 provides a command called Repadmin that provides the
ability to delete lingering objects in the Active Directory.
32)what is Global catalog Server?
Ans: A Global catalog server is a searchable index which stores all the information
about all objects in an active directory.
The main role of global catalog server is to help quickly find objects across
domains ,supply information about universal group membership and authenticate
user principal names(UPN) are supplied.
33)which type of zone is created when you install active directory?
Ans:active directory integrated zone with six service records are created with
domain name when you install A.D on application directory partition.
34)where global catalog servers are configured?
Ans: Domain controller individually.
35) Where universal group membership cache is configured?
Ans:At the site ,it applies to all domain controllers with in a specific site.
36)what command line utility is used on windows 2000 servers domain
controllers before they upgrade to plan win2003 domain controllers?
Ans:
1) adprep /forestprep.
(This command must be issued on win 2000server holding schema master role in
forest root domain to prepare existing schema to support win2003AD.)
2)adprep /domainprep
(infrastructure master to be deployed on win 2003 server
Note: adprep tool on win 2003 CD ROM i386 directory
37) what are the types of partitions a win2000 domain controller holds in a
active directory?
Ans: Domain Partition: It contains all objects,objects associated with particular
domain.
Schema master: It contains a copy of active directory schema for a given forest.
this partition was replicated to all DC.
Configuration Master: which contains information about active directory sites&
services.
Global catalog partition: which contains a subset of the attributes of all objects in
active directory forest.
38) What are the types of partitions that are supported by win 2003 server?
Ans: win 2003 server supports all four partitions, i.e supports win 2000 server.it
also supports new partition.
Application directory partition: the main purpose of this partition is to store data
(objects and attributes) related to active directory integrated application and
services.
Note: it’s a partition that is replicated only to specific domain controller. it is used
to store data relating to services such as DNS
Some benefits of using this partition
1) Provides redundancy, availability ,fault tolerance.
2) Reduce replication traffic
3) Allows applications or services thst use LDAP to store& access their data In
A.D.
4) it holds any type of object except security principal such as
users&computer&security groups.

39) How to check DC replication status,

Ans: Go to event logs for NTFRS (File Replication Service) It will tell you when
the last synch was.
40) How to Enable or Disable a Global Catalog (GC)
Ans:Open to Administrative Tools>Active Directory Sites and Services>Sites, and
then double-click the domain controller you want to work with in the Server folder
for your desired site: Right-click NTDS Settings>Properties. Make a change
accordingly.

WARNING: Do not turn on this option unless you are certain it will provide value
in your deployment. For this option to be useful, your deployment must have
multiple domains, and even then, only one global catalog is (typically) useful in
each site.

41) How to install/remove AD/DC

Ans:To install/remove AD/DC, use Promote and Demote command.

42) How to repopulate AD DNS entries

Ans: Manually repopulate the Active Directory DNS entries. You can use the
Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries.
Netdiag is included with the Windows 2000 Support tools. At a command prompt,
type netdiag /fix.
This domain controller holds the last replica of the following application directory
partitions

Symptoms: When you demote a DC by using the Active Dcpromo, you may
receive the following error message: This domain controller holds the last replica
of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com

Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to

case 082604JH.
43) What will happen when demoting a DC
Ans:When a domain controller is demoted, if it is not the last domain controller in
the domain, it performs a final replication and then transfers the roles to another
domain controller. If the domain controller is a global catalog, that role is not
transferred to another domain controller. In this case, you must manually select the
check box in Active Directory Sites and Services Manager for another domain
controller to take over the role.