Interview Questions

Low Level
1. Features of windows2003
ACTIVE DIRECTR!
Easier Deployment and Management
AD"T version 2.0migrates password from NT4 to 2000 to 20003 or from 2000 to
2003
Do#ain Rena#e--- supports changing Domain Name ystem and!or Net"ios name
$%&e#a Rede'ne--- #llows deacti$ation of attri%utes and class de&nitions in the
#cti$e directory schema
AD(A"--- #cti$e directory in application mode is a new capa%ility of #D that addresses
certain deployment scenarios related to directory ena%led applications
)rou* +oli%, I#*rove#ents----introduced '(M) tool to manage group policy
-IEnhanced *ser +nterface
'rater ecurity
)ross-forest #uthentication
)ross-forest #uthori,ation
)ross-certi&cation Enhancements
+# and )ross-forest authentication
)redential Manager
oftware -estriction (olicies
+mpro$ed (erformance and Dependa%ility
Easier logon for remote o.ces
'roup Mem%ership replication enhancements
#pplication Directory (artitions
+nstall -eplica from media
De*enda.ilit, I#*rove#ents--- updated +nter-ite Topology 'enerator /+T'0 that
scales %etter %y supporting forests with a greater num%er of sites than 1indows 20002
FILE A/D +RI/T $ERVICE$
3olume shadow copy ser$ice
NT4 5ournaling &le system
E4
+mpro$ed )6D7 (erformance
Enhanced D4 and 4-
hadow copy of shared folders
Enhanced folder redirection
-emote document sharing /1E"D#30
II$
Fault0tolerant *ro%ess ar%&ite%ture----- The ++ 820 fault-tolerant process architecture
isolates 1e% sites and applications into self-contained units called application pools
1ealt& "onitorin2---- ++ 820 periodically chec9s the status of an application pool with
automatic restart on failure of the 1e% sites and applications within that application pool:
increasing application a$aila%ility2 ++ 820 protects the ser$er: and other applications: %y
automatically disa%ling 1e% sites and applications that fail too often within a short amount of
time
Auto#ati% +ro%ess Re%,%lin2000 ++ 820 automatically stops and restarts faulty 1e% sites
and applications %ased on a ;e<i%le set of criteria: including )(* utili,ation and memory
consumption: while =ueuing re=uests
Ra*id0fail +rote%tion0000 +f an application fails too often within a short amount of time: ++
820 will automatically disa%le it and return a >?03 er$ice *na$aila%le> error message to any
new or =ueued re=uests to the application
Edit03&ile0Runnin2
http@!!www2microsoft2com!windowsser$er2003!e$aluation!o$er$iew!technologies!default2msp<
1
2. Di4eren%e .etween /T 5 2000
NT #M data%ase is a ;at data%ase2 1here as in windows 2000 acti$e directory data%ase is a
hierarchical data%ase2
+n 1indows NT only (D) is ha$ing writa%le copy of #M data%ase %ut the "D) is only read
only data%ase2 +n case of 1indows 2000 %oth D) and #D) is ha$ing write copy of the
data%ase
1indows NT will not support 4#T32 &le system2 1indows 2000 supports 4#T32
Default authentication protocol in NT is NTAM /NT A#N manager02 +n windows 2000 default
authentication protocol is 7er%eros 3?2
1indows 2000 depends and +ntegrated with DN2 NT user Net%ios names
#cti$e Directory can %e %ac9ed up easily with ystem state data
3. Di4eren%e .etween 2000 5 2003
#pplication er$er mode is introduced in windows 2003
(ossi%le to con&gure stu% ,ones in windows 2003 DN
3olume shadow copy ser$ices is introduced
1indows 2003 gi$es an option to replicate DN data %!w all DN ser$ers in forest or #ll DN
ser$ers in the domain2
-efer Buestion C for all Enhancements
6. Di4eren%e .etween +DC 5 7DC
(D) contains a write copy of #M data%ase where as "D) contains read only copy of #M
data%ase2 +t is not possi%le to reset a password or create o%5ects with out (D) in 1indows NT2
8. Di4eren%e .etween DC 5 ADC
There is no diDerence %etween in D) and #D) %oth contains write copy of #D2 "oth can also
handles 4ME roles /+f transfers from D) to #D)02 +t is 5ust for identi&cation2 4unctionality wise
there is no diDerence2
9. 3&at is D/$ 5 3I/$
DN is a Domain Naming ystem: which resol$es 6ost names to +( addresses2 +t uses fully
=uali&ed domain names2 DN is an +nternet standard used to resol$e host names
1+N is a 1indows +nternet Name er$ice: which resol$es Net"+E names to +( #ddress2 This
is proprietary for 1indows
:. T,*es of D/$ $ervers
1e can con&gure F types of DN ser$ers in windows2
(rimary DN
econdary DN
#cti$e Directory +ntegrated DN
-oot DN
4orwarder
Master
)aching only DN

;. If D1C+ is not availa.le w&at &a**ens to t&e %lient
)lient will not get +( and it cannot %e participated in networ92 +f client already got the +( and
ha$ing lease duration it use the +( till the lease duration e<pires2
<. w&at are t&e di4erent t,*es of trust relations&i*s
+mplicit Trusts
E<plicit TrustsNT to 1in29 or 4orest to 4orest
10.w&at is t&e *ro%ess of D1C+ for 2ettin2 t&e I+ address to t&e %lient
There is a four way negotiation process %!w client and ser$er
D6)( Disco$er /+nitiated %y client0
D6)( EDer /+nitiated %y ser$er0
2
D6)( elect /+nitiated %y client0
D6)( #c9nowledgement /+nitiated %y er$er0
D6)( Negati$e #c9nowledgement /+nitiated %y ser$er if any issues after D6)( oDer0
11.Di4eren%e .etween FAT=/TF$ 5 /TF$Version8
/TF$ Version 8 features
Encryption is possi%le
1e can ena%le Dis9 Buotas
4ile compression is possi%le
parse &les
+nde<ing er$ice
NT4 change 5ournal
+n 4#T &le system we can apply only share le$el security2 4ile le$el protection is not possi%le2 +n
NT4 we can apply %oth share le$el as well as &le le$el security
NT4 supports large partition si,es than 4#T &le systems
NT4 supports long &le names than 4#T &le systems
12.3&at are t&e *ort nu#.ers for FT+= Telnet= 1TT+= D/$
4T(-2C: Telnet G 23: 6TT(-H0: DN-?3: 7er%eros -3HI-HH: AD#(
13.w&at are t&e di4erent t,*es of *ro'les in 2000
Aocal (ro&les
-oaming pro&les
Mandatory (ro&les
16.w&at is t&e data.ase 'les used for A%tive Dire%tor,
NTD2D+T
18.3&at is t&e lo%ation of AD Data.ase
Jystem rootJ!NTD!NTDKD+T
19.3&at is t&e aut&enti%ation *roto%ol used in /T
NTAM /NT A#N Manager0
1:.3&at is su.nettin2 and su*ernettin2
u%netting is the process of %orrowing %its from the host portion of an address to pro$ide %its
for identifying additional su%-networ9s
upernetting merges se$eral smaller %loc9s of +( addresses /networ9s0 that are continuous
into one larger %loc9 of addresses2 "orrowing networ9 %its to com%ine se$eral smaller
networ9s into one larger networ9 does supernetting
1;.w&at is t&e use of ter#inal servi%es
Terminal ser$ices can %e used as -emote #dministration mode to administer remotely as well
as #pplication er$er Mode to run the application in one ser$er and users can login to that
ser$er to user that application2
1<.w&at is t&e *roto%ol used for ter#inal servi%es
-D(
20.w&at is t&e *ort nu#.er for RD+
33HI
"ediu# Level
1. w&at is t&e di4eren%e .etween Aut&ori>ed D1C+ and /on Aut&ori>ed D1C+
3
To a$oid pro%lems in the networ9 causing %y mis-con&gured D6)( ser$ers: ser$er in windows
2000 must %e $alidate %y #D %efore starting ser$ice to clients2 +f an authori,ed D6)( &nds
any D6)( ser$er in the networ9 it stop ser$ing the clients
2. Di4eren%e .etween inter0site and intra0site re*li%ation. +roto%ols usin2 for
re*li%ation.
+ntra-site replication can %e done %etween the domain controllers in the same site2 +nter-site
replication can %e done %etween two diDerent sites o$er 1#N lin9s
"6 /"ridge 6ead er$ers0 is responsi%le for initiating replication %etween the sites2 +nter-site
replication can %e done "!w "6 in one site and "6 in another site2
1e can use -() o$er +( or MT( as a replication protocols where as Domain partition is not
possi%le to replicate using MT(
3. 1ow to #onitor re*li%ation
1e can user -eplmon tool from support tools
6. 7rief e?*lanation of RAID Levels
-#+D 0 G triping
-#+D C- Mirroring /minimum 2 6DD re=uired0
-#+D ? G triping 1ith (arity /Minimum 3 6DD re=uired0
-#+D le$els C and ? only gi$es redundancy
8. 3&at are t&e di4erent .a%@u* strate2ies are availa.le
Normal "ac9up
+ncremental "ac9up
DiDerential "ac9up
Daily "ac9up
)opy "ac9up
9. 3&at is a 2lo.al %atalo2
'lo%al catalog is a role: which maintains +nde<es a%out o%5ects2 +t contains full information of
the o%5ects in its own domain and partial information of the o%5ects in other domains2
*ni$ersal 'roup mem%ership information will %e stored in glo%al catalog ser$ers and replicate
to all ')Ls in the forest2
:. 3&at is A%tive Dire%tor, and w&at is t&e use of it
#cti$e directory is a directory ser$ice: which maintains the relation ship %etween resources
and ena%ling them to wor9 together2 "ecause of #D hierarchal structure windows 2000 is
more scala%le: relia%le2 #cti$e directory is deri$ed from M2?00 standards where information is
stored is hierarchal tree li9e structure2 #cti$e directory depends on two +nternet standards one
is DN and other is AD#(2 +nformation in #cti$e directory can %e =ueried %y using AD#(
protocol
;. w&at is t&e *&,si%al and lo2i%al stru%ture of AD
#cti$e directory physical structure is a hierarchal structure which fallows 4orestsTrees
Domains)hild Domains'rand )hildetc
#cti$e directory is logically di$ided into 3 partitions
C2)on&guration partition 22 chema (artition 32 Domain partition 42 #pplication (artition /only
in windows 2003 not a$aila%le in windows 20000
Eut of these )on&guration: chema partitions can %e replicated %etween the domain
controllers in the in the entire forest2 1here as Domain partition can %e replicated %etween
the domain controllers in the same domain
<. 3&at is t&e *ro%ess of user aut&enti%ation ABer.eros V8C in windows 2000
#fter gi$ing logon credentials an encryption 9ey will %e generated which is used to encrypt the
time stamp of the client machine2 *ser name and encrypted timestamp information will %e
pro$ided to domain controller for authentication2 Then Domain controller %ased on the
password information stored in #D for that user it decrypts the encrypted time stamp
4
information2 +f produces time stamp matches to its time stamp2 +t will pro$ide logon session
9ey and Tic9et granting tic9et to client in an encryption format2 #gain client decrypts and if
produced time stamp information is matching then it will use logon session 9ey to logon to the
domain2 Tic9et granting tic9et will %e used to generate ser$ice granting tic9et when accessing
networ9 resources
10.w&at are t&e *ort nu#.ers for Ber.eros= LDA+ and )lo.al %atalo2
7er%eros G HH: AD#( G 3HI: 'lo%al )atalog G 328H
11.3&at is t&e use of LDA+ AD.800 standardEC
AD#( is a directory access protocol: which is used to e<change directory information from
ser$er to clients or from ser$er to ser$ers
12.w&at are t&e *ro.le#s t&at are 2enerall, %o#e a%ross D1C+
cope is full with +( addresses no +(Ls a$aila%le for new machines
+f scope options are not con&gured properly eg default gateway
+ncorrect creation of scopes etc
13.w&at is t&e role res*onsi.le for ti#e s,n%&roni>ation
(D) Emulator is responsi%le for time synchroni,ation2 Time synchroni,ation is important
%ecause 7er%eros authentication depends on time stamp information

16.w&at is TTL 5 &ow to set TTL ti#e in D/$
TTA is Time to Ai$e setting used for the amount of time that the record should remain in cache
when name resolution happened2
1e can set TTA in E# /start of authority record0 of DN
18.1ow to ta@e D/$ and 3I/$=D1C+ .a%@u*
Jystem rootJ!system32!dns
Jystem rootJ!system32!1+N
Jystem rootJ!system32!D6)(
19.3&at is re%over, %onsole
-eco$ery console is a utility used to reco$er the system when it is not %ooting properly or not
at all %ooting2 1e can perform fallowing operations from reco$ery console
1e can copy: rename: or replace operating system &les and folders
Ena%le or disa%le ser$ice or de$ice startup the ne<t time that start computer
-epair the &le system %oot sector or the Master "oot -ecord
)reate and format partitions on dri$es
1:.3&at is DF$ 5 its usa2e
D4 is a distri%uted &le system used to pro$ide common en$ironment for users to access &les
and folders e$en when they are shared in diDerent ser$ers physically2
There are two types of D4 domain D4 and tand alone D42 1e cannot pro$ide redundancy
for stand alone D4 in case of failure2 Domain D4 is used in a domain en$ironment which can
%e accessed %y !domain name!rootC /root C is D4 root name02 tand alone D4 can %e used
in wor9group en$ironment which can %e accessed through !ser$er name!rootC /root C is D4
root name02 "oth the cases we need to create D4 root / 1hich appears li9e a shared folder
for end users0 and D4 lin9s / # logical lin9 which is pointing to the ser$er where the folder is
physically shared0
The ma<imum num%er of Dfs roots per ser$er is C2
The ma<imum num%ers of Dfs root replicas are 3C2
The ma<imum num%er of Dfs roots per domain is unlimited2
The ma<imum num%er of Dfs lin9s or shared folders in a Dfs root is C:000
1;.3&at is RI$ and w&at are its reFuire#ents
-+ is a remote installation ser$ice: which is used to install operation system remotely2
5
Client reFuire#ents
(ME D6)(-%ased %oot -EM $ersion C200 or later N+): or a networ9 adapter that is supported
%y the -+ %oot dis92
hould meet minimum operating system re=uirements
$oftware ReFuire#ents
"elow networ9 ser$ices must %e acti$e on -+ ser$er or any ser$er in the networ9
Domain Name ystem /DN er$ice0
Dynamic 6ost )on&guration (rotocol /D6)(0
#cti$e directory NDirectoryO ser$ice
1<.1ow #an, root re*li%as %an .e %reated in DF$
3C
20.3&at is t&e di4eren%e .etween Do#ain DF$ and $tandalone DF$
-efer =uestion CF2
1i2& Level
1. Can we esta.lis& trust relations&i* .etween two forests
+n 1indows 2000 it is not possi%le2 +n 1indows 2003 it is possi%le
2. 3&at is F$" Roles
4le<i%le single master operation /4ME0 roll are
Domain Naming Master
chema Master
(D) Emulator
+nfrastructure Master
-+D Master
3. 7rief all t&e F$" Roles
Domain Naming master and schema master are forest le$el roles2 (D) emulator:
+nfrastructure master and -+D master are Domain le$el rolesP
4irst ser$er in the forest performs all ? roles %y default2 Aater we can transfer the roles
Do#ain /a#in2 "aster@ Domain naming master is responsi%le for maintaining the relation
ship %etween the domains2 1ith out this role it is not possi%le to add or remo$e any domain2
$%&e#a "aster@ chema contains set of classes and attri%utes2 eg *ser: computer: printer
are the o%5ects in #D which are ha$ing their own set of attri%utes22 chema master is
responsi%le for maintaining this schema2 )hanges to the schema will aDect entire forest2
+DC E#ulator@ er$er: which is performing this role: acts as a (D) in a mi<ed mode to
synchroni,e directory information %etween windows 2000 D) to 1indows NT "D)2 er$er:
which is performing this role: will contain latest password information2 This role is also
responsi%le for time synchroni,ation in the forest2
Infrastru%ture "aster@ +t is responsi%le for managing group mem%ership information in the
domain2 This role is responsi%le for updating DN when name or location of the o%5ect is
modi&ed2
RID "aster@ er$er: which is performing this role: will pro$ide pool of -+D to other domain
controllers in the domain2 +D is the com%ination of +D and -+D +DQ+DR-+D where +D is
ecurity identi&er common for all o%5ects in the domain and -+D is relati$e identi&er uni=ue
for each o%5ect
6. 1ow to #anuall, %on'2ure F$" Roles to se*arate DCGs
1e can con&gure manually %y two ways
6
T&rou2& ""C
1e can con&gure Domain Naming Master role through #cti$e directory domains and trusts
1e can con&gure chema Master role through #cti$e Directory schema
Ether Three roles we can con&gure %y #cti$e directory users and computers
T&rou2& %o##and *ro#t
"y using command NTD*T+Atype -EAEtype )ENNE)T+EN)ENNE)T TE E-3E-
E-3E-N#ME where ser$er name is the name of the domain controller that you want to
assign role---- Type transfer role: where role is the role that you want to transfer2 4or a list of
roles that you can transfer: type S at the fs#o #aintenan%e prompt: and then press ENTE-:
or see the list of roles at the start of this article2 4or e<ample: to transfer the -+D master role:
type transfer rid master2 The one e<ception is for the (D) emulator role: whose synta< is
transfer pdc: not transfer pdc emulator2
8. 3&at is t&e di4eren%e .etween aut&oritative and non0aut&oritative restore
+n authoritati$e restore: E%5ects that are restored will %e replicated to all domain controllers in
the domain2 This can %e used speci&cally when the entire E* is distur%ed in all domain
controllers or speci&cally restore a single o%5ect: which is distur%ed in all D)Ls
+n non-authoritati$e restore: -estored directory information will %e updated %y other domain
controllers %ased on the latest modi&cation time2
9. w&at is A%tive Dire%tor, De0fra2#entation
De-fragmentation of #D means separating used space and empty space created %y deleted
o%5ects and reduces directory si,e /only in oTine De-fragmentation0
:. Di4eren%e .etween online and oHine de0fra2#entation
Enline De-fragmentation will %e performed %y gar%age collection process: which runs for
e$ery C2 hours %y default which separate used space and white space /white space is the
space created %ecause of o%5ect deletion in #D eg *ser0 and impro$es the e.ciency of #D
when the domain controller up and running
ETine defragmentation can %e done manually %y ta9ing domain controller into -estoration
mode2 1e can only reduce the &le si,e of directory data%ase where as the e.ciency will %e
same as in online defragmentation
;. 3&at is to#.stone *eriod
Tom%stones are nothing %ut o%5ects mar9ed for deletion2 #fter deleting an o%5ect in #D the
o%5ects will not %e deleted permanently2 +t will %e remain 80 days %y default /which can %e
con&gura%le0 it adds an entry as mar9ed for deletion on the o%5ect and replicates to all D)Ls2
#fter 80 days o%5ect will %e deleted permanently from all DcLs2
<. w&at is w&ite s*a%e and )ar.a2e %olle%tion
refer =uestion F
10.3&at are t&e #onitorin2 tools used for $erver and /etwor@ 1eat&. 1ow to de'ne
alert #e%&anis#
pot Aight: NM( Need to ena%le2
11.1ow to de*lo, t&e *at%&es and w&at are t&e softwareGs used for t&is *ro%ess
*sing * /oftware update ser$ices0 ser$er we can deploy patches to all clients in the
networ92 1e need to con&gure an option called Nynchroni,e with Microsoft software update
ser$erO option and schedule time to synchroni,e in ser$er2 1e need to appro$e new update
%ased on the re=uirement2 Then appro$ed update will %e deployed to clients
1e can con&gure clients %y changing the registry manually or through 'roup policy %y adding
1*#* administrati$e template in group policy
12.3&at is Clusterin2E 7rieI, de'ne 5 e?*lain it
7
)lustering is a technology: which is used to pro$ide 6igh #$aila%ility for mission critical
applications2 1e can con&gure cluster %y installing M) /Microsoft cluster ser$ice0 component
from #dd remo$e programs: which can only a$aila%le in Enterprise Edition and Data center
edition2
+n 1indows we can con&gure two types of clusters
/L7 Anetwor@ load .alan%in2C %luster for %alancing load %etween ser$ers2 This cluster will
not pro$ide any high a$aila%ility2 *sually prefera%le at edge ser$ers li9e we% or pro<y2
$erver ClusterJ This pro$ides 6igh a$aila%ility %y con&guring acti$e-acti$e or acti$e-passi$e
cluster2 +n 2 node acti$e-passi$e cluster one node will %e acti$e and one node will %e stand %y2
1hen acti$e ser$er fails the application will 4#+AE3E- to stand %y ser$er automatically2 1hen
the original ser$er %ac9s we need to 4#+A"#)7 the application
Quoru#@ # shared storage need to pro$ide for all ser$ers which 9eeps information a%out
clustered application and session state and is useful in 4#+AE3E- situation2 This is $ery
important if Buorum dis9 fails entire cluster will fails
1eart.eat@ 6eart%eat is a pri$ate connecti$ity %etween the ser$ers in the cluster: which is
used to identify the status of other ser$ers in cluster2
13. 1ow to %on'2ure $/"+
NM( can %e con&gured %y installing NM( from Monitoring and Management tools from #dd
and -emo$e programs2
4or NM( programs to communicate we need to con&gure common community name for
those machines where NM( programs /eg DEAA E(EN M#N#'E-0 running2 This can %e
con&gured from ser$ices2msc--- NM( ser$ice -- ecurity
16.Is it *ossi.le to rena#e t&e Do#ain na#e 5 &owE
+n 1indows 2000 it is not possi%le2 +n windows 2003 it is possi%le2 En Domain controller %y
going to MU)EM(*TE- properties we can change2
18.3&at is $A Re%ord
E# is a tart of #uthority record: which is a &rst record in DN: which controls the startup
%eha$ior of DN2 1e can con&gure TTA: refresh: and retry inter$als in this record2
19.3&at is a $tu. >one and w&at is t&e use of it.
tu% ,ones are a new feature of DN in 1indows er$er 2003 that can %e used to streamline
name resolution: especially in a split namespace scenario2 They also help reduce the amount of
DN tra.c on your networ9: ma9ing DN more e.cient especially o$er slow 1#N lin9s2
1:.3&at are t&e di4erent t,*es of *artitions *resent in AD
#cti$e directory is di$ided into three partitions
)on&guration (artitionreplicates entire forest
chema (artitionreplicates entire forest
Domain (artitionreplicate only in domain
#pplication (artition /Enly in 1indows 20030
1;.3&at are t&e AtwoC servi%es reFuired for re*li%ation
4ile -eplication er$ice /4-0
7nowledge )onsistency )hec9er /7))0
1<.Can we use a Linu? D/$ $ever in 2000 Do#ain
1e can use: %ut the "+ND $ersion should %e H or greater
20.3&at is t&e di4eren%e .etween II$ Version 8 and II$ Version 9
8
-efer Buestion C
21.3&at is A$R AAuto#ated $,ste# Re%over,C and &ow to i#*le#ent it
#- is a two-part systemP it includes #- %ac9up and #- restore2 The #- 1i,ard: located in
"ac9up: does the %ac9up portion2 The wi,ard %ac9s up the system state: system ser$ices: and
all the dis9s that are associated with the operating system components2 #- also creates a
&le that contains information a%out the %ac9up: the dis9 con&gurations /including %asic and
dynamic $olumes0: and how to perform a restore2
Uou can access the restore portion %y pressing 42 when prompted in the te<t-mode portion of
setup2 #- reads the dis9 con&gurations from the &le that it creates2 +t restores all the dis9
signatures: $olumes: and partitions on /at a minimum0 the dis9s that you need to start the
computer2 #- will try to restore all the dis9 con&gurations: %ut under some circumstances it
might not %e a%le to2 #- then installs a simple installation of 1indows and automatically
starts a restoration using the %ac9up created %y the #- 1i,ard2
22.3&at are t&e di4erent levels t&at we %an a**l, )rou* +oli%,
1e can apply group policy at +TE le$el---Domain Ae$el---E* le$el
23.3&at is Do#ain +oli%,= Do#ain %ontroller *oli%,= Lo%al *oli%, and )rou* *oli%,
Domain (olicy will apply to all computers in the domain: %ecause %y default it will %e
associated with domain '(E: 1here as Domain controller policy will %e applied only on
domain controller2 "y default domain controller security policy will %e associated with domain
controller '(E2 Aocal policy will %e applied to that particular machine only and eDects to that
computer only2
26.3&at is t&e use of $!$VL folder
(olicies and scripts sa$ed in U3EA folder will %e replicated to all domain controllers in the
domain2 4- /4ile replication ser$ice0 is responsi%le for replicating all policies and scripts
28.3&at is folder redire%tionE
4older -edirection is a *ser group policy2 Ence you create the group policy and lin9 it to the
appropriate folder o%5ect: an administrator can designate which folders to redirect and where
To do this: the administrator needs to na$igate to the following location in the 'roup (olicy
E%5ect@
*ser )on&gurationV1indows ettingsV4older -edirection
+n the (roperties of the folder: you can choose "asic or #d$anced folder redirection and you
can designate the ser$er &le system path to which the folder should %e redirected2
The J*E-N#MEJ $aria%le may %e used as part of the redirection path: thus allowing the
system to dynamically create a newly redirected folder for each user to whom the policy
o%5ect applies2
29.3&at di4erent #odes in windows 2003 A"i?ed= native 5 intri#K.et%C
DiDerent #cti$e Directory features are a$aila%le at diDerent functional le$els2 -aising domain
and forest functional le$els is re=uired to ena%le certain new features as domain controllers
are upgraded from 1indows NT 420 and 1indows 2000 to 1indows er$er 2003
Do#ain Fun%tional Levels@ 1indows 2000 Mi<ed mode: 1indows 2000 Nati$e mode:
1indows ser$er 2003 and 1indows ser$er 2003 interim / Enly a$aila%le when upgrades
directly from 1indows NT 420 to 1indows 20030
Forest Fun%tional LevelsJ 1indows 2000 and 1indows 2003
2:.I*se% usa2e and di4eren%e window 2000 5 2003.
Microsoft doesnLt recommend +nternet (rotocol security /+(ec0 networ9 address translation
/N#T0 tra$ersal /N#T-T0 for 1indows deployments that include 3(N ser$ers and that are
located %ehind networ9 address translators2 1hen a ser$er is %ehind a networ9 address
translator: and the ser$er uses +(ec N#T-T: unintended side eDects may occur %ecause of the
way that networ9 address translators translate networ9 tra.c
9
+f you put a ser$er %ehind a networ9 address translator: you may e<perience connection
pro%lems %ecause clients that connect to the ser$er o$er the +nternet re=uire a pu%lic +(
address2 To reach ser$ers that are located %ehind networ9 address translators from the
+nternet: static mappings must %e con&gured on the networ9 address translator2 4or
e<ample: to reach a 1indows er$er 2003-%ased computer that is %ehind a networ9 address
translator from the +nternet: con&gure the networ9 address translator with the following
static networ9 address translator mappings@
W
(u%lic +( address!*D( port ?00 to the ser$erXs pri$ate +( address!*D(
port ?002
W
(u%lic +( address!*D( port 4?00 to the ser$erXs pri$ate +( address!*D(
port 4?002
These mappings are re=uired so that all +nternet 7ey E<change /+7E0 and +(ec N#T-T tra.c
that is sent to the pu%lic address of the networ9 address translator is automatically
translated and forwarded to the 1indows er$er 2003-%ased computer
2;.1ow to %reate a**li%ation *artition windows 2003 and its usa2eE
#n application directory partition is a directory partition that is replicated only to speci&c
domain controllers2 # domain controller that participates in the replication of a particular
application directory partition hosts a replica of that partition2 Enly domain controllers
running 1indows er$er 2003 can host a replica of an application directory partition2
#pplications and ser$ices can use application directory partitions to store application-
speci&c data2 #pplication directory partitions can contain any type of o%5ect: e<cept security
principals2 T#(+ is an e<ample of a ser$ice that stores its application-speci&c data in an
application directory partition2
#pplication directory partitions are usually created %y the applications that will use them to
store and replicate data2 4or testing and trou%leshooting purposes: mem%ers of the
Enterprise #dmins group can manually create or manage application directory partitions
using the Ntdsutil command-line tool2
2<.Is it *ossi.le to do i#*li%it transitive forest to forest trust relation s&i* in windows
2003E
+mplicit Transiti$e trust will not %e possi%le in windows 20032 "etween forests we can create
e<plicit trust
Two-way trust
Ene-way@ incoming
Ene-way@ Eutgoing
30.3&at is universal 2rou* #e#.ers&i* %a%&e in windows 2003E
+nformation is stored locally once this option is ena%led and a user attempts to log on for the
&rst time2 The domain controller o%tains the uni$ersal group mem%ership for that user from a
glo%al catalog2 Ence the uni$ersal group mem%ership information is o%tained: it is cached on
the domain controller for that site inde&nitely and is periodically refreshed2 The ne<t time that
user attempts to log on: the authenticating domain controller running 1indows er$er 2003
will o%tain the uni$ersal group mem%ership information from its local cache without the need
to contact a glo%al catalog2
"y default: the uni$ersal group mem%ership information contained in the cache of each
domain controller will %e refreshed e$ery H hours2
31.)+"C 5 R$+ in windows 2003E
'(M) is tool which will %e used for managing group policies and will display information li9e
how many policies applied: on which E*Ls the policies applied: 1hat are the settings ena%led
in each policy: 1ho are the users eDecting %y these polices: who is managing these policies2
'(M) will display all the a%o$e information2
10
-o( pro$ides details a%out all policy settings that are con&gured %y an #dministrator:
including #dministrati$e Templates: 4older -edirection: +nternet E<plorer Maintenance:
ecurity ettings: cripts: and 'roup (olicy oftware +nstallation2
1hen policies are applied on multiple le$els /for e<ample: site: domain: domain controller:
and organi,ational unit0: the results can con;ict2 -o( can help you determine a set of applied
policies and their precedence /the order in which policies are applied02
32. Assi2n 5 +u.lis& t&e a**li%ations in )+ 5 &owE
Through 'roup policy you can #ssign and (u%lish the applications %y creating 2msi pac9age
for that application
1ith #ssign option you can apply policy for %oth user and computer2 +f it is applied to
computer then the policy will apply to user who logs on to that computer2 +f it is applied on
user it will apply where e$er he logs on to the domain2 +t will %e appear in tart menu
(rograms2 Ence user clic9 the shortcut or open any document ha$ing that e<tension then the
application install into the local machine2 +f any application program &les missing it will
automatically repair2
1ith (u%lish option you can apply only on users2 +t will not install automatically when any
application program &les are corrupted or deleted2
33.DF$ in windows 2003E
-efer Buestion CF on le$el 2
36.1ow to use re%over, %onsoleE
The 1indows 2000 -eco$ery )onsole is a command-line console that you can start from the
1indows 2000 etup program2 *sing the -eco$ery )onsole: you can start and stop ser$ices:
format dri$es: read and write data on a local dri$e /including dri$es formatted to use NT40:
and perform many other administrati$e tas9s2 The -eco$ery )onsole is particularly useful if
you need to repair your system %y copying a &le from a ;oppy dis9 or )D--EM to your hard
dri$e: or if you need to recon&gure a ser$ice that is pre$enting your computer from starting
properly2 "ecause the -eco$ery )onsole is =uite powerful: it should only %e used %y ad$anced
users who ha$e a thorough 9nowledge of 1indows 20002 +n addition: you must %e an
administrator to use the -eco$ery )onsole2
There are two ways to start the -eco$ery )onsole@
+f you are una%le to start your computer: you can run the -eco$ery )onsole from your
1indows 2000 etup dis9s or from the 1indows 2000 (rofessional )D /if you can start your
computer from your )D--EM dri$e02
#s an alternati$e: you can install the -eco$ery )onsole on your computer to ma9e it a$aila%le
in case you are una%le to restart 1indows 20002 Uou can then select the -eco$ery )onsole
option from the list of a$aila%le operating systems
38.++T+ *roto%ol for V+/ in windows 2003E
(oint-to-(oint-Tunneling (rotocol /((T(0 is a networ9ing technology that supports multiprotocol
$irtual pri$ate networ9s /3(N0: ena%ling remote users to access corporate networ9s securely
across the Microsoft 1indows NTY 1or9station: 1indowsY I?: and 1indows IH operating
systems and other point-to-point protocol /(((0-ena%led systems to dial into a local +nternet
ser$ice pro$ider to connect securely to their corporate networ9 through the +nternet
Netdom2e<e is domain management tool to rename domain controller
+D history
Netdom2e<e is domain management tool to rename domain controller
level
11
1hat are the ser$ices installed when -+ is installed2 -ead a%out -+S
6ow to trou%le shoot if a D6)( client wonLt get +( from D6)( er$erS
1hat the diD is %etween pu%lish and assignS
1hat is tom%stone and what is the period of tom%stoneS
1hat is online and oTine fragmentationsS
'ar%age collections and white spacesS
#uthoritati$e and non auth restoreS
Tell me one e<ample when +nfrastructure master and 'lo%al catalog will %e on one D): what
is the issue if %oth resides on same systemS
1hen you re=uire a +nfrastructure MasterS
1hat are 1indows 2003 modesS
1hat are 4ME roles and e<plain thenS
tress on (D) emulatorS
2003 ad$antagesS
#%out migrationS/129 to 1293 and NT to 12930S
Buestion on ystem tate data "ac9upS
DiD types of DN roles and ZonesS
1hat are the steps you follow when you are promoting a ser$er as #D) in windows 2003S
1hat are the two parameters you run %efore upgrading the ser$er to an #D) /!forestprep:
!domainprep0S
1hat is the authentication processS
1hat is the role of ') in authentication processS
1hat happens if DN ser$er failsS )an a user is a%le to login if the DN ser$er fails /if you
ha$e only one DN er$er0S
6ow do you promote a ser$er to a domain controller /in windows 20030 o$er a slow wan
lin9s2
#0 Ta9e the %ac9up of system state from the D) and restore it in the ser$er where you are
promoting using Ndcpromo !ad$O and select restore from %ac9up2
Features of windows2003
Auto#ated $,ste# Re%over, AA$RC pro$ides a facility to get 1indows er$er 2003 systems
%ac9 up and running =uic9ly after a failure occurs2
Internet Infor#ation $ervi%e 9.0 /"y default will not install0
6ighly secured and loc9ed down %y default: new architectural model that includes features such
as process isolation and a met a%ase stored in MMA format2
12
$aved QueriesJ #cti$e Directory *sers and )omputers now includes a new node named a$ed
Bueries: which allows an administrator to create a num%er of prede&ned =ueries that are sa$ed
for future access2
)rou* +oli%, "ana2e#ent Console A)+"CC is a new a new tool for managing 'roup (olicy in
1indows er$er 20032 1hile 'roup (olicyGrelated elements ha$e typically %een found across a
range of toolssuch as #cti$e Directory *sers #nd )omputers: the 'roup (olicy MM) snap-in:
and others'(M) acts as a single consolidated en$ironment for carrying out 'roup (olicyG
related tas9s2
R$o+ tool= the administrator could generate a =uery that would process all the applica%le 'roup
(olicy settings for that user for the local computer or another computer on the networ92 #fter
processing the =uery: -o( would present the e<act 'roup (olicy settings that apply to that user:
as well as the source 'roup (olicy o%5ect that was responsi%le for the setting2
Re#ote Des@to*J +n 1indows er$er 2003: Terminal er$ices -emote #dministration mode is
9nown as -emote Des9top2 -emote Des9top connections are ena%led $ia the -emote ta% in the
ystem applet in )ontrol (anel2 1hen connecting to a terminal ser$er using an -D( ?2C client:
many of the local resources are a$aila%le within the remote session: including the client &le
system: smart cards: audio /output0: serial ports: printers /including networ90: and the clip%oard2
Cross0Forest Trust Relations&i*s J 1indows er$er 2003 supports cross-forest transiti$e trust
relationships to allow users in one forest to access resources in any domain in another: and $ice
$ersa2
Do#ain Rena#in2 5 Do#ain Controller rena#in2 is *ossi.le 2
-niversal )rou* "e#.ers&i* Ca%&in2J 1indows er$er 2003 introduces a new feature aimed
at reducing the need for glo%al catalog ser$ers at all remote locations2 *ni$ersal group
mem%ership caching is a new feature that can %e ena%led on selected domain controllers:
ma9ing them capa%le of caching uni$ersal group information locally without %eing a full-;edged
glo%al catalog ser$er2
Volu#e s&adow %o*ies of s&ared folders feature ma9es point-in-time %ac9ups of user data to
ensure that pre$ious $ersions are easily accessi%le in cases where a user has accidentally deleted
a &le2
A**li%ation Dire%tor, +artitionsJ #cti$e Directory forest has a copy of the schema partition:
which de&nes the o%5ect types that can %e created: and their associated properties2 imilarly: all
domain controllers in the forest hold a copy of the confguration partition: which holds
information a%out sites and ser$ices2 1ithin a domain: all domain controllers hold a copy of the
domain partition: which includes information a%out the o%5ects within that particular domain
only2
Application directory partition2 This new partition is uni=ue in that it allows directory
information to %e replicated to certain domain controllers only: on an as-necessary %asis2
peci&cally designed for directory-ena%led applications and ser$ices: application directory
partitions can contain any type of o%5ect: with the e<ception of security principals such as users:
computers: or security group accounts2
Distri.uted File $,ste# @ D4 is enhanced for 1indows er$er 2003: Enterprise Edition and
1indows er$er: Datacenter Edition %y allowing multiple D4 roots on a single ser$er2 Uou can
use this feature to host multiple D4 roots on a single ser$er: reducing administrati$e and
hardware costs of managing multiple namespaces and multiple replicated namespaces2
I#*rove#ents in Clusterin2J
+n Datacenter Edition: the ma<imum supported cluster si,e has %een increased from 4-nodes in
1indows 2000: to H-nodes in 1indows er$er 20032
13
+n Enterprise Edition: the ma<imum supported cluster si,e has %een increased from 2-nodes in
1indows 2000 #d$anced er$er to H-nodes in 1indows er$er 20032
er$er clusters running 1indows er$er 2003: Enterprise Edition or Datacenter Edition integrate
with the Microsoft #cti$e DirectoryY ser$ice2
This integration ensures that a >$irtual> computer o%5ect is registered in #cti$e Directory2 This
allows applications to use 7er%eros authentication and delegation to highly a$aila%le ser$ices
running in a cluster2 The computer o%5ect also pro$ides a default location for #cti$e Directory-
aware ser$ices to pu%lish ser$ice control points2
er$er clusters are fully supported on computers running the 84-%it $ersions of 1indows er$er
20032 1indows er$er 2003 supports Encrypting 4ile ystem /E40 on clustered /shared0 dis9s2
RI$ server supports to deploy all editions of 1indows 2000: 1indows M( (rofessional: and all
editions of 1indows er$er 2003 /e<cept 1indows 2000 Datacenter er$er and 1indows er$er
2003: Datacenter Edition20 +n addition: administrators can use -+ ser$ers using -isetup to deploy
1indows M( 84-%it Edition and the 84-%it $ersions of 1indows er$er 20032
+oint0to0+oint +roto%ol over Et&ernet A+++oEC J 1indows er$er 2003 deli$ers a nati$e
(((oE dri$er for ma9ing %road%and connections to certain +nternet ser$ice pro$iders /+(s0
without the need for additional software2
mall %usinesses or corporate %ranch o.ces may also utili,e (((oEXs demand dial capa%ilities to
integrate with the -outing and -emote #ccess ser$ice and N#T2
Internet Conne%tion Firewall AICFCJ +)4: designed for use in a small %usiness: pro$ides %asic
protection on computers directly connected to the +nternet or on local area networ9 /A#N0
segments2 +)4 is a$aila%le for A#N: dial-up: 3(N: or (((oE connections2 +)4 integrates with +) or
with the -outing and -emote #ccess ser$ice2
*en File 7a%@u*J The %ac9up utility included with 1indows er$er 2003 now supports >open
&le %ac9up>2 +n 1indows 2000: &les had to %e closed %efore initiating %ac9up operations2 "ac9up
now uses shadow copies to ensure that any open &les %eing accessed %y users are also %ac9ed
up2/Need to modify some registry 9eys0
$tu. LonesJ This is introduced in windows 2003 DN2 # stu% ,one is li9e a secondary ,one in
that it o%tains its resource records from other name ser$ers /one or more master name ser$ers02
# stu% ,one is also read-only li9e a secondary ,one: so administrators canXt manually add:
remo$e: or modify resource records on it2 4irst: while secondary ,ones contain copies of all the
resource records in the corresponding ,one on the master name ser$er: stu% ,ones contain only
three 9inds of resource records@
a2 # copy of the E# record for the ,one2
%2 )opies of N records for all name ser$ers authoritati$e for the ,one2
c2 )opies of /glue0# records for all name ser$ers authoritati$e for the ,one2
ThatXs it--no )N#ME records: MM records: -3 records: or # records for other hosts in the ,one2 o
while a secondary ,one can %e =uite large for a %ig companyXs networ9: a stu% ,one is always
$ery small: 5ust a few records2 This means replicating ,one information from master to stu% ,one
adds almost nil DN tra.c to your networ9 as the records for name ser$ers rarely change unless
you decommission an old name ser$er or deploy a new one2
Di4eren%e .etween /T 5 2000
1indows NT #M data%ase is a ;at data%ase2 #nd windows 2000 acti$e directory data%ase
is a hierarchical data%ase2
+n 1indows NT only (D) is ha$ing writa%le copy of #M data%ase %ut the "D) is only ha$ing
read only data%ase2 +n case of 1indows 2000 %oth D) and #D) is ha$ing write copy of the
data%ase2
14
1indows NT will not support 4#T32 &le system2 1indows 2000 supports 4#T322
Default authentication protocol in NT is NTAM /NT A#N manager02 +n windows 2000 default
authentication protocol is 7er%eros 3?2
Features introdu%ed in windows 2000= t&ose are not in 3indows /T.
NT4 $? supports Dis9 =uotas2
-emote +nstallation er$ice
"uilt in 3(N [ N#T support
+($8 supports2
*" support2
Distri%uted 4ile ystem2
)lustering support2
+) /+nternet )onnection haring0

Di4eren%e .etween +DC 5 7DC
(D) contains a write copy of #M data%ase where as "D) contains read only copy of #M
data%ase2 +t is not possi%le to reset a password with out (D) in 1indows NT2 "ut %oth can
participate in the user authentication2 +f (D) fails: we ha$e to manually promote "D) to (D) from
ser$er manger2
Di4eren%e .etween DC 5 ADC.
There is no diDerence %etween in D) and #D) %oth contains write copy of #D2 "oth can also
handles 4ME roles /+f transfers from D) to #D)02 4unctionality wise there is no diDerence2 #D)
5ust re=uire for load %alancing [ redundancy2 +f two physical sites are segregated with 1#N lin9
come under same domain: %etter to 9eep one #D) in other site: and act as a main domain
controller for that site2 This will reduce the 1#N tra.c and also user authentication performance
will increase2
3&at is D/$ 5 3I/$
D/$ is a Domain Naming ystem!er$er: use for resol$e the 6ost names to +( addresses and
also do the +( address to host name2 +t uses fully =uali&ed domain names2 DN is a +nternet
standard used to resol$e host names2 upport up to 2?8 characters2
3I/$ is a 1indows +nternet Name er$ice: which resol$es Net%ios names to +( #ddress and
also resol$e the +( address to Net%ios names2 This is proprietary of Microsoft and meant for
windows only2 upport up to C? characters2
If D1C+ server is not availa.le w&at &a**ens to t&e %lient
4irst time client is trying to get +( address D6)( ser$er: +f D6)( ser$er is not found2 )lient
will get the class ) -+( address from #(+(# /#utomatic (ri$ate + ( #ddress0 range CI22C8H202C-
2?42
+f client already got the +( and ha$ing lease duration it use the +( till the lease duration
e<pires2
3&at are t&e di4erent t,*es of trust relations&i*s
+mplicit Trusts ----- Esta%lish trust relationship automatically2
E<plicit Trusts ----- 1e ha$e to %uild manually trust relationship 2NT to 1in29 or
4orest to 4orest
Transiti$e ----- +f # " ) then # )
15
Non-Transiti$e ----- +f # " ) then # is not trusting )
Ene way ----- Ene side
Two way ----- two sides
3indows $erver 2003 A%tive Dire%tor, su**orts t&e followin2 t,*es of trust relations&i*sJ
Tree0root trust Tree-root trust relationships are automatically esta%lished when you add a
new tree root domain to an e<isting forest2 This trust relationship is transiti$e and two-way2
+arent0%&ild trust (arent-child trust relationships are automatically esta%lished when you
add a new child domain to an e<isting tree2 This trust relationship is also transiti$e and two-
way2
$&ort%ut trust hortcut trusts are trust relationships that are manually created %y systems
administrators2 These trusts can %e de&ned %etween any two domains in a forest: generally
for the purpose of impro$ing user logon and resource access performance2 hortcut trusts can
%e especially useful in situations where users in one domain often need to access resources in
another: %ut a long path of transiti$e trusts separates the two domains2 Eften referred to as
cross-lin9 trusts: shortcut trust relationships are transiti$e and can %e con&gured as one-way
or two-way as needs dictate2
Real# trust -ealm trusts are manually created %y systems administrators %etween a nonG
1indows 7er%eros realm and a 1indows er$er 2003 #cti$e Directory domain2 This type of
trust relationship pro$ides cross-platform interopera%ility with security ser$ices in any
7er%eros $ersion ? realm: such as a *N+M implementation2 -ealm trusts can %e either
transiti$e or non-transiti$e: and one-way or two-way as needs dictate2
E?ternal trust E<ternal trusts are manually created %y systems administrators %etween
#cti$e Directory domains that are in diDerent forests: or %etween a 1indows er$er 2003
#cti$e Directory domain and a 1indows NT 420 domain2 These trust relationships pro$ide
%ac9ward compati%ility with 1indows NT 420 en$ironments: and communication with domains
located in other forests that are not con-&gured to use forest trusts2 E<ternal trusts are
nontransiti$e and can %e con&gured as either one-way or two-way as needs dictate2
Forest trust 4orest trusts are trust relationships that are manually created %y systems
administrators %etween forest root domains in two separate forests2 +f a forest trust
relationship is two-way: it eDecti$ely allows authentication re=uests from users in one forest
to reach another: and for users in either forest to access resources in %oth2 4orest trust
relationships are transiti$e %etween two forests only and can %e con&gured as either one-way
or two-way as needs dictate2
7, default i#*li%it two wa, transitive trust relations&i*s esta.lis& .etween all
do#ains in t&e windows 2000(2003 forest.
3&at is t&e *ro%ess of D1C+ for 2ettin2 t&e I+ address to t&e %lientE
Disco$er ----- )lient %roadcast the pac9ets to &nd the D6)( ser$er
Der ----- er$er oDers
Re=uest for +( address ---- )lient re=uest for +( address to the oDered ser$er2
Ac9nowledge ----- er$er sends the #c9nowledgement to the client
N#)7 -------- +f client not get the +( address after ser$er gi$en oDer: then er$er sends the
Negati$e #c9nowledgement2
D6)( er$er uses port no2@ 8F
D6)( )lient uses port no2@ 8H
DiDerence %etween 4#T: NT4: NT4$er? [ NT4 $er8S
1hat are the port num%ers for 4T(: Telnet: 6TT(: DNS
1hat are the diDerent types of pro&les in 2000S
1hat is the data%ase &les used for #cti$e DirectoryS
16
1hat is the location of #D D#T#"#ES
1hat is the authentication protocol used in NTS
1hat is su% netting and super nettingS
1hat is the use of terminal ser$icesS
1hat is the protocol used for terminal ser$icesS
1hat is the port num%er for -D(S
"ediu# Level
1hat is the diDerence %etween #uthori,ed D6)( and Non #uthori,ed D6)(S
DiDerence %etween inter-site and intra-site replication2 (rotocols using for replicationS
6ow to monitor replicationS
"rief e<planation of -#+D Ae$elsS
1hat are the diDerent %ac9up strategies are a$aila%leS
1hat is a glo%al catalogS
1hat is #cti$e Directory and what is the use of itS
1hat is the physical and logical structure of #DS
1hat is the process of user authentication /7er%eros 3?0 in windows 2000S
1hat are the port num%ers for 7er%eros: AD#( and 'lo%al catalogS
1hat is the use of AD#( /M2?00 standard0S
1hat are the pro%lems that are generally come across D6)(S
1hat is the role responsi%le for time synchroni,ationS
1hat is TTA [ how to set TTA time in DNS
6ow to ta9e DN and 1+N "ac9upS
1hat is reco$ery consoleS
1hat is D4 [ its usageS
1hat is -+ and what are its re=uirementsS
6ow many root replicas can %e created in D4S
1hat is the diDerence %etween Domain D4 and tandalone D4S
1i2& Level
)an we esta%lish trust relationship %etween two forestsS
1hat is 4ME -EAES
"rief all the 4ME -olesS
6ow to manually con&gure 4ME -oles to separate D)LsS
1hat is the diDerence %etween authoritati$e and non-authoritati$e restoreS
17
1hat is #cti$e Directory De-fragmentationS
DiDerence %etween online and oTine de-fragmentation
1hat is tom%stone periodS
1hat is white space and 'ar%age )ollectionS
1hat are the monitoring tools used for er$er and Networ9 6eath2 6ow to de&ne alert
mechanismS
6ow to deploy the patches and what are the softwareLs used for this processS
1hat is )lusteringS "rie;y de&ne [ e<plain itS
6ow to con&gure NM(S
+s it possi%le to rename the Domain name [ howS
1hat is E# -ecordS
1hat is a tu% ,one and what is the use of itS
1hat are the diDerent types of partitions present in #DS
1hat are the /two0 ser$ices re=uired for replicationS
)an we use a Ainu< DN e$er in 2000 DomainS
1hat is the diDerence %etween ++ 3ersion ? and ++ 3ersion 8S
1hat is #- /#utomated ystem -eco$ery0 and how to implement itS
1hat are the diDerent le$els that we can apply 'roup (olicyS
1hat is Domain (olicy: Domain controller policy: Aocal policy and 'roup (olicyS
1hat is the use of U3EA 4EADE-S
1hat is folder redirectionS
1hat diDerent modes in windows 2003 /Mi<ed: nati$e [ interim\2etc0S
+(ec usage and diDerence window 2000 [ 2003S
6ow to create application partition windows 2003 and its usageS
+s it possi%le to do implicit transiti$e forest to forest trust relation ship in windows 2003S
1hat is uni$ersal group mem%ership cache in windows 2003S
'(M) [ -E( in windows 2003S
#ssign [ (u%lish the applications in '( [ howS
D4 in windows 2003S
6ow to use reco$ery consoleS
((E( protocol for 3(N in windows 2003S
NTD2D+T ------ New Technology Directory er$ices2 Directory +nformation Tree
#fter installing the Domain controller: to 9now the function of D)222
18
Dcpromo2log c@VwindowsVsystem32Vdcpromp
Dcdiag: Netdiag: -ename the domains: -endom: Netdom
AAAA re%ords use for I+v9 as A re%ord
-esponsi%le record in DN ---- for 9now the responsi%le for person2
$!$VL Consisten%, Considerations
U3EA is a &le system folder that stores &les that must %e a$aila%le and synchroni,ed among all
domain controllers2 U3EA contains the NETAE'EN share: 'roup (olicy settings: and 4ile -eplication
ser$ice /4-0 staging directories and &les2 U3EA is re=uired for #cti$e Directory to function
properly2
U3EA is replicated %y the 4ile -eplication ser$ice /4-02 4- has a &<ed tom%stone lifetime of 80
days2 "ecause you cannot change this inter$al: any domain controller that is disconnected for more
than 80 days potentially has an outdated U3EA2 *pdating U3EA re=uires performing a non-
authoritati$e restore of U3EA2
+n addition: U3EA replication cannot %e synchroni,ed manually2 4or this reason: ensuring that
U3EA is updated prior to disconnecting the domain controller is more di.cult than simply updating
U3EA when the domain controller is reconnected2 -egardless of the length of the disconnection: to
ensure that U3EA is synchroni,ed when the domain controller is reconnected: prepare the domain
controller to perform a non-authoritati$e restore of U3EA prior to disconnecting it2 1hen it restarts:
non-authoritati$e restore of U3EA occurs automatically2 4or information a%out performing non-
authoritati$e restore of U3EA: see N-estoring and -e%uilding U3EAO earlier in this guide2
1hat are the -+ E-3+)ES
6ow to trou%le shoot if a D6)( client wonLt get +( from D6)( er$erS
1hat the diD is %etween pu%lish and assignS
1hat is tom%stone periodS
1hat is online and oTine fragmentationsS
'ar%age collections and white spacesS
#uthoritati$e and non auth restoreS
Tell me one e<ample when +nfrastructure master and 'lo%al catalog will %e on one D): what is
the issue if %oth resides on same systemS
2003 modesS
4ME rolesS
tress on (D) emulatorS
2003 ad$antagesS
#%out migrationS/129 to 1293 and NT to 12930S
Buestion on ystem tate data "ac9upS
DiD types of DN roles and ZonesS
1hat is "ridge 6ead er$erS
)risis ManagementS
Mail ;ow in E<change er$erS
19
DMZ concept in 4irewallsS
+s N#T uses (ort Num%er if so what is the (ort num%erS
DiDerence %etween chema Master and 'lo%al )atlogS
DiDerence %etween +ncremental and DiDerential "ac9upS 1hich is %est %ac9up Microsoft has
recommendedS
6ow DN and D6)( are integratedS
+f -+D master fails what happensS
Tool used for 4MES
DiDerence %etween #ssigning and (u%lishing through 'roup (olicyS
1hat is the diDerence %etween windows 2003 D4 [ windows 2000 D4S
)ompa= +nsight Manager 3ersionS
1hat are the )lasses in 1indows 2003 #cti$e directoryS
1hat is the tool to delete lingering o%5ects in windows 2003S
Through )ompa= +nsight Manager can we delete!create -aidS
1hat is the diDerence %etween +AE [ riloS
6ow to authenticate two windows 2003 forestsS
1indows 2003 4eaturesS
* implementation stepsS
6ow to install dual %ooting in windows 2003 ser$erS
+ ha$e a medium organi,ationS + want to put multiple forestsS 1hat are the factorsS
+ ha$e deleted one user2 Deleted user ha$ing some permissions2 + want to create the same
user name [ same password2 1ill the permissions remain same [ what is the +D statusS
1here the roaming pro&le is e<istsS
1hat does u can do with 'roup policyS
1hat is ser$er hardeningS
1hat is the * $ersion u r usingS
There is on cenario2 + ha$e one D6)( ser$er and the +( addresses are con&gured as static2
#nd + want to get rid of the ser$er2 6ow do + create a new ser$er with same con&guration as
oldS
6ow does u transfer chema masterS
6ow do get chema nap in MM)S 1hat u will do if wont get schema snaps in MM)S
1hat are the enhancement ad$antages of ') in 2003S
+f u change the password in the client: how much times will it ta9es too update the password
in the domain controllerS
1hat r the modes in Terminal er$er in windows 2003S
20
1hat is the diDerence %etween windows 2003 D4 [ windows 2000 D4S
)ompa= +nsight Manager 3ersionS
3&at are t&e Classes in 3indows 2003 A%tive dire%tor,E
1hat is the tool to delete lingering o%5ects in windows 2003S
Through )ompa= +nsight Manager can we delete!create -aidS
1hat is the diDerence %etween +AE [ riloS
1ow to aut&enti%ate two windows 2003 forestsE
1indows 2003 4eaturesS
* implementation stepsS
6ow to install dual %ooting in windows 2003 ser$erS
+ ha$e a medium organi,ationS + want to put multiple forestsS 1hat are the factorsS
+ ha$e deleted one user2 Deleted user ha$ing some permissions2 + want to create the same
user name [ same password2 1ill the permissions remain same [ what is the +D statusS
1here the roaming pro&le is e<istsS
1hat does u can do with 'roup policyS
1hat is ser$er hardeningS
1hat is the * $ersion u r usingS
T&ere is on $%enario. I &ave one D1C+ server and t&e I+ address is %on'2ured as
stati%. And I want to 2et rid of t&e server. 1ow do I %reate a new server wit& sa#e
%on'2uration as oldE
6ow does u transfer chema masterS
6ow do get chema nap in MM)S 1hat u will do if wont get schema snaps in MM)S
1hat are the enhancement ad$antages of ') in 2003S
If u %&an2e t&e *assword in t&e %lient= &ow #u%& ti#es will it ta@es too u*date t&e
*assword in t&e do#ain %ontrollerE
1hat r the modes in Terminal er$er in windows 2003S

1ow to 'nd $A" Data.ase in 3indows 2000
+ ha$e a pro%lem of &nding ecurity #ccounts Manager /#M0 data%ase in windows 20002
+ thin9 it should %e in c@VwinntVsystem32 folder
"ut + want to 9now the e<act &le name of #M Data%ase2
http@!!www2microsoft2com!technet!prodtechnol!windows2000ser$!res9it!distri%!ds%g]dat]udnu2msp<S
mfrQtrue
1indows =uestioner
http@!!www2simulatione<ams2com!ampleBuestions!w29!windows-ser$er!ser$er-=uestions-32htm
21