Technical Interview Questions - Active Directory

Document Content and Description Below

Technical Interview Questions - Active Directory What is domain ? Correct Answer: In Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for... a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The 'domain' is simply your computer address not to confused with an URL. A domain address might look something like 211.170.469 What is domain controller ? Correct Answer: Primary domain controller (PDC) and backup domain controller (BDC) are roles that can be assigned to aserver in a network of computers that use the Windows NT operating system. Windows NT uses the idea of a domain to manage access to a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. One server, known as the primary domain controller, manages the master user database for the domain. One or more other servers are designated as backup domain controllers. The primary domain controller periodically sends copies of the database to the backup domain controllers. A backup domain controller can step in as primary domain controller if the PDC server fails and can also help balance the workload if the network is busy enough. Setting up and maintaining PDCs and BDCs and domain information is a major activity for the administrator of a Windows NT network. In Windows 2000, the domain controller concept is retained but the PDC and BDC server roles are generally replaced by the Active Directory What are domain trees? Correct Answer: A domain tree comprises several domains that share a common schema and configuration, forming a contiguous namespace. Domains in a tree are also linked together by trust relationships. Active Directory is a set of one or more trees. Trees can be viewed two ways. One view is the trust relationships between domains. The other view is the namespace of the domain tree. What are forests? Correct Answer: A collection of one or moredomain trees with a common schema and implicit trust relationships between them. This arrangement would be used if you have multiple root DNS addresses. What is LDAP? Correct Answer: The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying data using directory services running over TCP/IP. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options. Correct Answer: Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server ) you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell). Where is the AD database held? What other folders are related to AD? Correct Answer: AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files controlling the AD structure ntds.dit edb.log res1.log res2.log edb.chk When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down, all transactions are saved to the database. During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD will use the edb.log file to update the AD database. The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\NTDS, along with the other files we've discussed What is the SYSVOL folder? Correct Answer: All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition. B: The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS) forest. This is a quote from microsoft themselves, basically the domain controller info stored in files like your group policy stuff is replicated through this folder structure. Name the AD NCs and replication issues for each NC Correct Answer: *Schema NC, *Configuration NC, * Domain NC Schema NC This NC is replicated to every other domain controller in the forest. It contains information about the Active Directory schema, which in turn defines the different object classes and attributes within Active Directory. Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide configuration information pertaining to the physical layout of Active Directory, as well as information about display specifiers and forest-wide Active Directory quotas. Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the NC that contains the most commonly-accessed Active Directory data: the actual users, groups, computers, and other objects that reside within a particular Active Directory domain. What are application partitions? When do I use them? Correct Answer: An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition. Application directory partitions are usually created by the applications that will use them to store and replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool. One of the benefits of an application directory partition is that, for redundancy, availability, or fault tolerance, the data in it can be replicated to different domain controllers in a forest. How do you create a new application partition? Correct Answer: When you create an application directory partition, you are creating the first instance of this partition. You can create an application directory partition by using the create nc option in the domain management menu of Ntdsutil. When creating an application directory partition using LDP or ADSI, provide a description in the description attribute of the domain DNS object that indicates the specific application that will use the partition. For example, if the application directory partition will be used to store data for a Microsoft accounting program, the description could be Microsoft accounting application. Ntdsutil does not facilitate the creation of a description. To create or delete an application directory partition 1. Open Command Prompt. 2. Type: ntdsutil 3. At the ntdsutil command prompt, type: domain management 4. At the domain management command prompt, do one of the following: • To create an application directory partition, type: create ncApplicationDirectoryPartitionDomainCo... Answer: Start >> RUN>> CMD >> type there "NTDSUTIL" Press Enter Ntdsutil: domain management Press Enter Domain Management: Create NC dc=, dc=, dc=com <> ANSWER B Create an application directory partition by using the DnsCmd command Use the DnsCmd command to create an application directory partition. To do this, use the following syntax: DnsCmd ServerName /CreateDirectoryPartition FQDN of partition To create an application directory partition that is named CustomDNSPartition on a domain controller that is named DC-1, follow these steps: Click Start, click Run, type cmd, and then click OK. Type the following command, and then press ENTER:dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com When the application directory partition has been successfully created, the following information appears: DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed successfully. Configure an additional domain controller DNS server to host the application directory partition Configure an additional domain controller that is acting as a DNS server to host the new application directory partition that you created. To do this, use the following syntax with the DnsCmd command: DnsCmd ServerName /EnlistDirectoryPartition FQDN of partition To configure the example domain controller that is named DC-2 to host this custom application directory partition, follow these steps: Click Start, click Run, type cmd, and then click OK. Type the following command, and then press ENTER:dnscmd DC-2 /enlistdirectorypartition CustomDNSPartition.contoso.com The following information appears: DNS Server DC-2 enlisted directory partition: CustomDNSPartition.contoso.com Command completed successfully How do you view replication properties for AD partitions and DCs? Correct Answer: By using replication monitor go to start > run > type repadmin go to start > run > type replmon What is the Global Catalog? Correct Answer: An advanced, hierarchical directory service that comes with Windows servers. Introduced with Windows 2000, Active Directory uses the LDAP directory access protocol and is built upon the Internet's Domain Naming System (DNS). Workgroups are given domain names similar in structure to Web addresses, and any LDAP-compliant Windows, Mac, Unix or Linux client can access them. Active Directory can function in a heterogeneous, enterprise network and encompass other directories including NDS and NIS+. Cisco supports Active Directory in its IOS router operating system. See forests and trees, Internet domain name, ADSI and directory service. How do you view all the GCs in the forest? Correct Answer: C:\>repadmin /showreps domain_controller OR You can use Replmon.exe for the same purpose. OR AD Sites and Services and nslookup gc._msdcs. To find the in GC from the command line you can try using DSQUERY command. dsquery server -isgc to find all the gc's in the forest you can try dsquery server -forest -isgc. Trying to look at the Schema, how can I do th [Show More]

Last updated: 1 year ago

Preview 1 out of 23 pages