Active Directory Fundamentals
Active Directory Fundamentals
Imagine a situation where you have 50 users in an office. If you wanted each user to have their own login to each computer, you'd have to configure 50 local user accounts on each PC. With AD, you only have to made the user account once and it can log into any PC on the domain by default. If you wanted to harden security, you'd have to do it 50 times. Sort of a nightmare, right? Also imagine that you have a file share that you only want half of those people to get to. If you're not using AD, you'd either need to replicate their username and passwords by hand on the server to give seemless access, or you'd have to make a shared account and give each user the username and password. One way means that you know (and have to constantly update) users' passwords. The other way means that you have no audit trail. Not good, right? You also get the ability to use Group Policy when you have AD set up. Group Policy is a set of objects that are linked to OUs that define settings for users and/or computers in those OUs. For example, if you want to make it so that "Shutdown" isn't on the start menu for 500 lab PCs, you can do that in one setting in Group Policy. Instead of spending hours or days configuring the proper registry entries by hand, you create a Group Policy Object once, link it to the correct OU or OUs, and never have to think about it again. There are hundreds of GPOs that can be configured, and the flexibility of Group Policy is one of the major reasons that Microsoft is so dominant in the enterprise market.
Lightweight Directory Access Protocol (LDAP) is a directory service that is based on Directory Access Protocol (DAP). DAP was used along with X.500 directory service. The drawback with DAP was that it placed large amount of processing burden on the client machines. Though LDAP is based on DAP, it does not have the X.500 overhead associated with it. It is used in Active Directory for communicating user queries. For example, LDAP can be used by users to search and locate a particular object like a laser printer. LDAP makes use of the keywords to carry out a search operation. The identification of the objects is made possible with the help of its attributes. To carry out such search operations, LDAP uses naming conventions like Distinguished Name (DN) and Relative Distinguished Name (RDN). The DN shows the complete path of the object right from the domain level to the object level. The RDN shows the common name of the object. In addition to these names, the Global Unique Identifier (GUID) is also used for search operations. The advantage with GUID is that it never changes and is unique for each object. There are possibilities that the RDN and the DN might change. LDAP operations can be broadly classified under three categories.
Client session operations - bind, unbind and abandon Query and retrieval operations - search and compare Modification operations - add, modify, modifyRDN and delete
It supports multiple platforms with standard APIs for each platform. The LDAP directory can be distributed across multiple servers. It provides easy integration with other standards like DNS.
Active Directory (AD) is an implementation of LDAP directory services by Microsoft for use primarily in Windows environments The main purpose of Active Directory is to provide central authentication and authorization services for Windows based computers. Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an entire organization. Active Directory stores information and settings relating to an organization in a central, organized, accessible database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects. Active Directory implementation and management can present a daunting task and take significant planning and implementation resources. One key area of concentration for BOSS active directory services is helping enterprises employ Active Directory to efficiently manage networks in the Microsoft Windows environment.
Active Directory Interview Questions and Answers will guide us now that Active Directory is a technology created by Microsoft that provides a variety of network services, including LDAP-like directory services, Kerberos-based authentication, DNS-based naming and other network information, Central location for network administration and delegation, Information security and single sign-on for user access to networked based resources
>What is Active Directory ? Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user information, computer information and also other network object info. It has capabilities to manage and administor the complite Network which connect with AD. >What is domain ? Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The 'domain' is simply your computer address not to confused with an URL. A domain address might look something like 211.170.469. >What is domain controller ? A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server
domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination. >What is LDAP ? Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2. >What is KCC ? KCC ( knowledge consistency checker ) is used to generate replication topology for inter site replication and for intrasite replication.with in a site replication traffic is done via remote procedure calls over ip, while between site it is done through either RPC or SMTP. >Where is the AD database held? What other folders are related to AD? The AD data base is store in c:\windows\ntds\NTDS.DIT. >What is the SYSVOL folder? The sysVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. >What are the Windows Server 2003 keyboard shortcuts ? Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer. >Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003 ? The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory. >I am trying to create a new universal user group. Why cant I ? Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
>What is LSDOU ? Its group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units. >Why doesnt LSDOU work under Windows NT ? If the NTConfig.pol file exist, it has the highest priority among the numerous policies. >Whats the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that its the Administrator account, not any account thats part of the Administrators group. > Whats the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows Server 2003. > How many passwords by default are remembered when you check "Enforce Password History Remembered"? Users last 6 passwords. > Can GC Server and Infrastructure place in single server If not explain why ? No, As Infrastructure master does the same job as the GC. It does not work together. > Which is service in your windows is responsible for replication of Domain controller to another domain controller. KCC generates the replication topology. Use SMTP / RPC to replicate changes. > What Intrasite and Intersite Replication ? Intrasite is the replication with in the same site & intersite the replication between sites. > What is lost & found folder in ADS ? Its the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didnt find the OU then it will put that in Lost & Found Folder. > What is Garbage collection ? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours. > What System State data contains ? Contains Startup files, Registry
Com + Registration Database Memory Page file System files AD information Cluster Service information SYSVOL Folder