0% found this document useful (0 votes)
174 views15 pages

Active Directory

Active Directory is a directory service used by Microsoft to store information about a network. It stores data about domains, users, groups and computers. A domain defines an administrative and security boundary. The default protocol for directory services is LDAP. Mixed mode allows older Windows versions and Windows 2000 domains to coexist. A forest connects multiple domains that share a schema. Native mode allows newer Active Directory features when all domain controllers run Windows 2000. Sysvol stores public files that are replicated to all domain controllers.

Uploaded by

chandrashekar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
174 views15 pages

Active Directory

Active Directory is a directory service used by Microsoft to store information about a network. It stores data about domains, users, groups and computers. A domain defines an administrative and security boundary. The default protocol for directory services is LDAP. Mixed mode allows older Windows versions and Windows 2000 domains to coexist. A forest connects multiple domains that share a schema. Native mode allows newer Active Directory features when all domain controllers run Windows 2000. Sysvol stores public files that are replicated to all domain controllers.

Uploaded by

chandrashekar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

1. Question 1. Mention What Is Active Directory?

Answer :
An active directory is a directory structure used on Micro-soft Windows based servers and
computers to store data and information about networks and domains.
2. Question 2. What Is Domains In Active Directory?
Answer :
In Windows 2000, a domain defines both an administrative boundary and a security boundary
for a collection of objects that are relevant to a specific group of users on a network. A
domain is an administrative boundary because administrative privileges do not extend to other
domains. It is a security boundary because each domain has a security policy that extends to
all security accounts within the domain. Active Directory stores information about objects in
one or more domains.
Domains can be organized into parent-child relationships to form a hierarchy. A parent
domain is the domain directly superior in the hierarchy to one or more subordinate, or child,
domains. A child domain also can be the parent of one or more child domains.
System Administration Interview Questions
3. Question 3. Mention Which Is The Default Protocol Used In Directory Services?
Answer :
The default protocol used in directory services is LDAP ( Lightweight Directory Access
Protocol).
4. Question 4. What Is Mixed Mode?
Answer :
Allows domain controllers running both Windows 2000 and earlier versions of Windows NT
to co-exist in the domain. In mixed mode, the domain features from previous versions of
Windows NT Server are still enabled, while some Windows 2000 features are disabled.
Windows 2000 Server domains are installed in mixed mode by default. In mixed mode the
domain may have Windows NT 4.0 backup domain controllers present. Nested groups are not
supported in mixed mode.
Windows 10 Tutorial
5. Question 5. Explain The Term Forest In Ad?
Answer :
Forest is used to define an assembly of AD domains that share a single schema for the AD.
All DC’s in the forest share this schema and is replicated in a hierarchical fashion among
them.
Windows Administration Interview Questions
6. Question 6. What Is Native Mode?
Answer :
When all the domain controllers in a given domain are running Windows 2000 Server. This
mode allows organizations to take advantage of new Active Directory features such as
Universal groups, nested group membership, and inter-domain group membership.
7. Question 7. Explain What Is Sysvol?
Answer :
The SysVOL folder keeps the server’s copy of the domain’s public files. The contents such as
users, group policy, etc. of the sysvol folders are replicated to all domain controllers in the
domain.
Windows 10 Development Tutorial Emc Symmetrix Interview Questions
8. Question 8. What Is Ldap?
Answer :
LDAP is the directory service protocol that is used to query and update AD. LDAP
naming paths are used to access AD objects and include the following:
o Distinguished names
o Relative Distinguished names
9. Question 9. Mention What Is Kerberos?
Answer :
Kerberos is an authentication protocol for network. It is built to offer strong authentication for
server/client applications by using secret-key cryptography.
Group Policy Interview Questions
10. Question 10. Minimum Requirement For Installing Ad?
Answer :
o Windows Server, Advanced Server, Datacenter Server
o Minimum Disk space of 200MB for AD and 50MB for log files
o NTFS partition
o TCP/IP Installed and Configured to use DNS
o Administrative privilege for creating a domain in existing network
11. Question 11. Mention What Are Lingering Objects?
Answer :
Lingering objects can exists if a domain controller does not replicate for an interval of time
that is longer than the tombstone lifetime (TSL).
Wintel Administrator Interview Questions
12. Question 12. What Is Domain Controller?
Answer :
In an Active directory forest, the domain controller is a server that contains a writable copy of
the Active Directory Database participates in Active directory replication and controls access
to network resource.
System Administration Interview Questions
13. Question 13. Mention What Is Tombstone Lifetime?
Answer :
Tombstone lifetime in an Active Directory determines how long a deleted object is retained in
Active Directory. The deleted objects in Active Directory is stored in a special object referred
as TOMBSTONE. Usually, windows will use a 60- day tombstone lifetime if time is not set
in the forest configuration.
14. Question 14. Why We Need Netlogon?
Answer :
Maintains a secure channel between this computer and the domain controller for
authenticating users and services. If this service is stopped, the computer may not authenticate
users and services, and the domain controller cannot register DNS records."
15. Question 15. Explain What Is Active Directory Schema?
Answer :
Schema is an active directory component describes all the attributes and objects that the
directory service uses to store data.
16. Question 16. What Is Dns Scavenging?
Answer :
Scavenging will help you clean up old unused records in DNS.
17. Question 17. Explain What Is A Child Dc?
Answer :
CDC or child DC is a sub domain controller under root domain controller which share name
space
18. Question 18. What Is New In Windows Server 2008 Active Directory Domain Services?
Answer :
AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain
Controllers,Restartable Active Directory Domain Services
Windows Administration Interview Questions
19. Question 19. Explain What Is Rid Master?
Answer :
RID master stands for Relative Identifier for assigning unique IDs to the object created in
AD.
20. Question 20. Explain What Are Rodcs? And What Are The Major Benefits Of Using
Rodcs?
Answer :
Read only Domain Controller, organizations can easily deploy a domain controller in
locations where physical security cannot be guaranteed.
21. Question 21. Mention What Are The Components Of Ad?
Answer :
Components of AD includes
Logical Structure: Trees, Forest, Domains and OU.
Physical Structures: Domain controller and Sites.
22. Question 22. What Is The Number Of Permitted Unsuccessful Log Ons On
Administrator Account?
Answer :
Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part
of the Administrators group.
23. Question 23. Explain What Is Infrastructure Master?
Answer :
Infrastructure Master is accountable for updating information about the user and group and
global catalogue.
24. Question 24. What Hidden Shares Exist On Windows Server 2003 Installation?
Answer :
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
Emc Symmetrix Interview Questions
25. Question 25. Can You Connect Active Directory To Other 3rd-party Directory
Services? Name A Few Options?
Answer :
Yes you can Connect Active Directory to other 3rd -party Directory Services such as
dictionaries used by SAP, Domino etc with the help of MIIS (Microsoft Identity Integration
Server).
26. Question 26. What Is The List Folder Contents Permission On The Folder In Ntfs?
Answer :
Same as Read & Execute, but not inherited by files within a folder. However, newly created
subfolders will inherit this permission.
27. Question 27. How Do I Set Up Dns For Other Dcs In The Domain That Are Running
Dns?
Answer :
For each additional DC that is running DNS, the preferred DNS setting is the parent DNS
server (first DC in the domain), and the alternate DNS setting is the actual IP address of
network interface.
Group Policy Interview Questions
28. Question 28. Where Is Gpt Stored?
Answer :
%SystemRoot%SYSVOLsysvoldomainnamePoliciesGUID
29. Question 29. Tell Me What Should I Do If The Dc Points To Itself For Dns, But The Srv
Records Still Do Not Appear In The Zone?
Answer :
Check for a disjointed namespace, and then run Netdiag.exe /fix. You must install Support
Tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.
30. Question 30. Abbreviate Gpt And Gpc?
Answer :
GPT : Group policy template.
GPC : Group policy container.
31. Question 31. Tell Me What If My Windows 2000 Or Windows Server 2003 Dns Server
Is Behind A Proxy Server Or Firewall?
Answer :
If you are able to query the ISP's DNS servers from behind the proxy server or firewall,
Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers.
UDP and TCP Port 53 should be open on the proxy server or firewall.
32. Question 32. Explain What Is The Difference Between Local, Global And Universal
Groups?
Answer :
Domain local groups assign access permissions to global domain groups for local domain
resources. Global groups provide access to resources in other trusted domains. Universal
groups grant access to resources in all trusted domains.
33. Question 33. Do You Know What Is The "." Zone In My Forward Lookup Zone?
Answer :
This setting designates the Windows 2000 DNS server to be a root hint server and is usually
deleted. If you do not delete this setting, you may not be able to perform external name
resolution to the root hint servers on the Internet.
Wintel Administrator Interview Questions
34. Question 34. Define Lsdou?
Answer :
It’s group policy inheritance model, where the policies are applied to Local machines, Sites,
Domains and Organizational Units
35. Question 35. Define Attribute Value?
Answer :
An object's attribute is set concurrently to one value at one master, and another value at a
second master.
36. Question 36. What Is Netdom?
Answer :
NETDOM is a command-line tool that allows management of Windows domains and trust
relationships
37. Question 37. Do You Know How Kerberos V5 Works?
Answer :
The Kerberos V5 authentication mechanism issues tickets (A set of identification data for a
security principle, issued by a DC for purposes of user authentication. Two forms of tickets in
Windows 2000 are ticket-granting tickets (TGTs) and service tickets) for accessing network
services. These tickets contain encrypted data, including an encrypted password, which
confirms the user's identity to the requested service.
38. Question 38. What Is Adsiedit?
Answer :
ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active
Directory tool lets you view objects and attributes that are not exposed in the Active Directory
Management Console.
39. Question 39. What Is Kerberos V5 Authentication Process?
Answer :
Kerberos V5 is the primary security protocol for authentication within a domain. The
Kerberos V5 protocol verifies both the identity of the user and network services. This dual
verification is known as mutual authentication.
40. Question 40. Define The Schema Master Failure?
Answer :
Temporary loss of the schema operations master will be visible only if we are trying to
modify the schema or install an application that modifies the schema during installation. A
DC whose schema master role has been seized must never be brought back online.
41. Question 41. What Is Replmon?
Answer :
Replmon is the first tool you should use when troubleshooting Active Directory replication
issues
42. Question 42. How To Find Fsmo Roles?
Answer :
Netdom query fsmo OR Replmon.exe
43. Question 43. Describe The Infrastructure Fsmo Role?
Answer :
When an object in one domain is referenced by another object in another domain, it represents
the reference by the GUID, the SID (for references to security principals), and the DN of the
object being referenced. The infrastructure FSMO role holder is the DC responsible for
updating an object's SID and distinguished name in a cross-domain object reference.
44. Question 44. What Are The Advantages Of Active Directory Sites?
Answer :
Active Directory Sites and Services allow you to specify site information. Active Directory
uses this information to determine how best to use available network resources.
45. Question 45. Define Edb.chk?
Answer :
This is the checkpoint file used to track the data not yet written to database file. This indicates
the starting point from which data is to be recovered from the log file, in case of failure.
46. Question 46. Define Edb.log?
Answer :
This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to
EDBnnnn.log. Where nnnn is the increasing number starting from 1.
47. Question 47. How To View All The Gcs In The Forest?
Answer :
repadmin.exe /options * and use IS_GC for current domain options.
nltest /dsgetdc:corp /GC
48. Question 48. How To Seize Fsmo Roles?
Answer :
ntdsutil - type roles - connections - connect servername - q - type seize role - at the fsmo
maintenance prompt - type seize rid master
49. Question 49. How To Transfer Fsmo Roles?
Answer :
ntdsutil - type roles - connections - connect servername - q - type transfer role - at the fsmo
maintenance prompt - type trasfer rid master
50. Question 50. What Is The Kcc (knowledge Consistency Checker)?
Answer :
The KCC generates and maintains the replication topology for replication within sites and
between sites. KCC runs every 15 minutes.
51. Question 51. What Is Schema Information In Active Directory?
Answer :
Definitional details about objects and attributes that one CAN store in the AD. Replicates to
all DCs. Static in nature.
52. Question 52. What Is Online Defragmentation In Active Directory?
Answer :
Online Defragmentation method that runs as part of the garbage collection process. The only
advantage to this method is that the server does not need to be taken offline for it to run.
However, this method does not shrink the Active Directory database file (Ntds.dit).
53. Question 53. What Is Ads Database Garbage Collection Process?
Answer :
Garbage Collection is a process that is designed to free space within the Active Directory
database. This process runs independently on every DC with a default lifetime interval of 12
hours.
54. Question 54. Define Res1.log And Res2.log?
Answer :
This is reserved transaction log files of 20 MB (10 MB each) which provides the transaction
log files enough room to shutdown if the other spaces are being used.
55. Question 55. What Is Domain Information In Active Directory?
Answer :
Object information for a domain. Replicates to all DCs within a domain. The object portion
becomes part of GC. The attribute values only replicates within the domain.
56. Question 56. What Is Lightweight Directory Access Protocol?
Answer :
LDAP is the directory service protocol that is used to query and update AD. LDAP naming
paths are used to access AD objects and include the following:
o Distinguished names
o Relative Distinguished names
57. Question 57. How Will You Verify Whether The Ad Installation Is Proper With Srv
Resource Records?
Answer :
Verify SRV Resource Records: After AD is installed, the DC will register SRV records in
DNS when it restarts. We can check this using DNS MMC or nslookup command.
58. Question 58. What Is Ntds.dit?
Answer :
This is the AD database and stores all AD objects. Default location is
SystemRoot%ntdsNTDS.DIT.
Active Directory's database engine is the Extensible Storage Engine which is based on the Jet
database and can grow up to 16 TB.
59. Question 59. What Is Ntds.dit Schema Table?
Answer :
The types of objects that can be created in the Active Directory, relationships between them,
and the attributes on each type of object. This table is fairly static and much smaller than the
data table.
60. Question 60. Mention What Is The Difference Between Domain Admin Groups And
Enterprise Admins Group In Ad?
Answer :
Enterprise Admin Group :
Members of this group have complete control of all domains in the forest By default, this
group belongs to the administrators group on all domain controllers in the forest As such this
group has full control of the forest, add users with caution
Domain Admin Group :
Members of this group have complete control of the domain By default, this group is a
member of the administrators group on all domain controllers, workstations and member
servers at the time they are linked to the domain As such the group has full control in the
domain, add users with caution
Active Directory (AD) Real Time Interview Questions
and Answers
I would like to share some of the Windows Active Directory Interview Questions and answers,
will start with basic questions and continue with L1, L2, L3 level questions
Also Read: Windows Server Administrator Interview Questions and Answers
What is Active Directory?
Active Directory (AD) is a directory service developed by Microsoft and used to store objects like
User, Computer, printer, Network information, It facilitates to manage your network effectively with
multiple Domain Controllers in different location with AD database, able to manage/change AD from
any Domain Controllers and this will be replicated to all other DC’s, centralized Administration with
multiple geographical locations and authenticates users and computers in a Windows domain
What is LDAP and how the LDAP been used on Active Directory(AD)?
http://www.windowstricks.in/ldap-and-ldap-query
What is Tree?

The tree is a hierarchical arrangement of windows Domain that share a contiguous namespace

What is Domain?

Active Directory Domain Services is Microsoft’s Directory Server. It provides authentication and
authorization mechanisms as well as a framework within which other related services can be
deployed

What is the Active Directory Domain Controller (DC)?

Domain Controller is the server which holds the AD database, All AD changes get replicated to other
DC and vise vase

What is Forest?

Forest consists of multiple Domain trees. The Domain trees in a forest do not form a contiguous
namespace however share a common schema and global catalog (GC)

What is Schema?

Active Directory schema is the set of definitions that define the kinds of object and the type of
information about those objects that can be stored in Active Directory

Active Directory schema is Collection of object class and there attributes

Object Class = User

Attributes = first name, last name, email, and others

Can we restore a schema partition?


http://www.windowstricks.in/2014/01/can-i-restore-schema-partition.html
Tell me about the FSMO roles?
Schema Master

Domain Naming Master

Infrastructure Master

RID Master

PDC

Schema Master and Domain Naming Master are the forest-wide roles and only available one on
each Forest, Other roles are Domain-wide and one for each Domain

AD replication is multi-master replication and change can be done in any Domain Controller and will
get replicated to others Domain Controllers, except above file roles, this will be flexible single master
operations (FSMO), these changes only be done on dedicated Domain Controller so it’s
single master replication

How to check which server holds which role?

Netdom query FSMO

Which FSMO role is the most important? And why?

An interesting question which role is most important out of 5 FSMO roles or if one role fails that will
impact the end-user immediately

Most armature administrators pick the Schema master role, not sure why maybe they though
Schema is very critical to run the Active Directory

The correct answer is PDC, now the next question why? Will explain role by role what happens
when an FSMO role holder fails to find the answer

Schema Master – Schema Master needed to update the Schema, we don’t update the schema daily
right, when will update the Schema? While the time of operating system migration, installing a new
Exchange version and any other application which requires extending the schema

So if are Schema Master Server is not available, we can’t able to update the schema and no way
this will going to affect the Active Directory operation and the end-user

Schema Master needs to be online and ready to make a schema change, we can plan and have
more time to bring back the Schema Master Server

Domain Naming Master – Domain Naming Master required to creating a new Domain and creating
an application partition, Like Schema Master we don’t create Domain and application partition
frequently
So if are Domain Naming Master Server is not available, we can’t able to create a new Domain and
application partition, it may not affect the user, user event didn’t aware Domain Naming Master
Server is down

Infrastructure Master – Infrastructure Master updates the cross-domain updates, what really
updates between Domains? Whenever user login to Domain the TGT has been created with the list
of access user got through group membership (user group membership details) it also contain the
user membership details from trusted domain, Infrastructure Master keep this information up-to-date,
it update reference information every 2 days by comparing its data with the Global Catalog (that’s
why we don’t keep Infrastructure Master and GC in the same server)

In a single Domain and single Forest environment, there is no impact if the Infrastructure
Master server is down

In a Multi-Domain and Forest environment, there will be impact and we have enough time to fix the
issue before it affects the end-user

RID Master –Every DC is initially issued 500 RID’s from RID Master Server. RID’s are used to
create a new object on Active Directory, all new objects are created with Security ID (SID) and RID is
the last part of a SID. The RID uniquely identifies a security principal relative to the local or domain
security authority that issued the SID
When it gets down to 250 (50%) it requests the second pool of RID’s from the RID master. If RID
Master Server is not available the RID pools unable to be issued to DC’s and DC’s are only able to
create a new object depends on the available RID’s, every DC has anywhere between 250 and 750
RIDs available, so no immediate impact
PDC – PDC required for Time sync, user login, password changes, and Trust, now you know why
the PDC is important FSMO role holder to get back online, PDC role will impact the end-user
immediately and we need to recover ASAP

The PDC emulator Primary Domain Controller for backward compatibility and it’s responsible for time
synchronizing within a domain, also the password master. Any password change is replicated to the
PDC emulator ASAP. If a login request fails due to a bad password the login request is passed to
the PDC emulator to check the password before rejecting the login request.

Tel me about Active Directory Database and list the Active Directory Database files?

NTDS.DIT

EDB.Log

EDB.Chk

Res1.log and Res2.log

All AD changes didn’t write directly to NTDS.DIT database file, first write to EDB.Log and from the
log file to the database, EDB.Chk used to track the database update from the log file, to know what
changes are copied to the database file.
NTDS.DIT: NTDS.DIT is the AD database and stores all AD objects, the Default location is the
%system root%\nrds\nrds.dit, Active Directory database engine is the extensible storage engine
which is based on the Jet database
EDB.Log: EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB Num.log
where num is the increasing number starting from 1, like EDB1.Log
EDB.Che: EDB.Che is the checkpoint file used to trace the data not yet written to database file this
indicates the starting point from which data is to be recovered from the log file in case if failure
Res1.log and Res2.log: Res is reserved transaction log file which provides the transaction log file
enough time to shut down if the disk didn’t have enough space
What RAID configuration can be used in Domain Controllers?
http://www.windowstricks.in/2010/07/recommended-raid-configuration-and-disk.html
Can we keep OS, log files, SYSVOL, AD database on same logical Disk?
http://www.windowstricks.in/2010/07/recommended-raid-configuration-and-disk.html

AD Interview Questions (Part 2)


What is Active Directory Partitions?

Active Directory partition is how and where the AD information logically stored.

What are all the Active Directory Partitions?


Schema
Configuration
Domain
Application partition
What is use Active Directory Partitions? And
How to find the Active Directory Partitions and their location?
Schema Partition – It stores details about objects and attributes. Replicates to all domain
controllers in the Forest

DN location is CN=Schema,CN=Configuration,DC=Domainname, DC=com

Configuration Partition – It stores details about the AD configuration information like Site, site-link,
subnet, and other replication topology information. Replicates to all domain controllers in the Forest

DN Location is CN=Configuration,DC=Domainname,DC=com

Domain Partitions – object information for a domain like a user, computer, group, printer, and other
Domain-specific information. Replicates to all domain controllers within a domain

DN Location is DC=Domainname, DC=com

Application Partition – information about applications in Active Directory. Like AD integrated DNS
is used there are two application partitions for DNS zones – ForestDNSZones and
DomainDNSZones, see more
How to configure Active Directory Partitions?
You can only configure the Application partition manually to use with AD integrated applications,
refer to this article for details on that
How to create a DNS zone in Application Directory Partition?
see on my previous article
How to move the DNS zone from Domain Partition to Application partition?
see on my previous article
How to take active directory backup?
System state backup will back up the Active Directory, NTbackup can be used to backup active
directory
Active Directory restores types?
Authoritative restore
Non-authoritative restore
Non-authoritative restore of Active Directory
Non-authoritative restore restores the domain controller to its state at the time of backup and allows
normal replication to overwrite restored domain controller with any changes that have occurred after
the backup. After system state restores, domain controller queries its replication partners and get the
changes after backup date, to ensure that the domain controller has an accurate and updated copy
of the Active Directory database.
Non-authoritative restore is the default method for restoring Active Directory, just a restore of system
state is non-authoritative restore and mostly we use this for Active Directory data loss or corruption.
How perform a non-authoritative restore?
Just start the domain controller in Directory Services Restore Mode and perform a system state
restore from backup
Authoritative restore of Active Directory
An authoritative restore is the next step of the non-authoritative restore process. We have to do a
non-authoritative restore before you can perform an authoritative restore. The main difference is that
an authoritative restore has the ability to increment the version number of the attributes of all objects
or an individual object in an entire directory, this will make it authoritative restore an object in the
directory. This can be used to restore a single deleted user/group and event an entire OU.

In a non-authoritative restore, after a domain controller is back online, it will contact its replication
partners to determine any changes since the time of the last backup. However, the version number
of the object attributes that you want to be authoritative will be higher than the existing version
numbers of the attribute, the object on the restored domain controller will appear to be more recent
and therefore, the restored object will be replicated to other domain controllers in the Domain

How perform a non-authoritative restore?


Unlike a non-authoritative restore, an authoritative restores need to Ntdsutil.exe to increment the
version number of the object attributes
What are Active Directory Partitions can be restored?
You can authoritatively restore only objects from the configuration and domain partition. Authoritative
restores of schema-naming contexts are not supported.
How many domain controllers need to back up? Or which domain controllers to back up?
The minimum requirement is to back up two domain controllers in each domain, one should be an
operations master role holder DC, no need to backup RID Master (relative ID) because RID master
should not be restored
Can we restore the backup of the domain controller to other/different domain controller?
Backup of one domain controller can’t be restored to another domain controller, should be restored
to the same domain controller

Sysvol Interview Questions and Answers


I would like to share the collection of Sysvol and FRS Interview questions and answers this will be
asked on Windows Active Directory administrator job interview
What is the SYSVOL folder and why it’s used?

The Sysvol folder on a Windows domain controller is used to stores domain’s Group Policy settings,
default profiles and login/logoff/startup/shutdown scripts, which is available in C:\Windows\SYSVOL
directory in all domain controllers within the Domain

What is the NETLOGON folder?

Netlogon folder contain login/logoff/startup/shutdown scripts which is inside the Sysvol folder

What is junctions point?


Check more about Sysvol Junction point
What other folders in Sysvol and Sysvol folder structure/ Contents?
Check more about: netlogon and sysvol folder location
How policies get replicated from one DC to other DC?
Check more about: how sysvol replication works
What is the Difference between FRS and DFS-R?
Check more about: Difference between FRS and DFSR
How to Force sysvol replication?
Check more about force sysvol replication on Windows 2003 and force sysvol replication on
Windows 2008 and windows server 2012
What is the Sysvol Replication change in Windows 2008?
Check more about sysvol replication change on windows 2012
Any Sysvol issues which you have faced in your environment?
USN journal wrap Error on sysvol
Morphed folder on Sysvol

FRS replication issues –

Sysvol share not sharing – Maybe a replication issue, please event log got more information

Tel me about Non-authoritative restore of SYSVOL or D2 restore

D2 is the default method for restoring SYSVOL and occurs automatically when you do a non-
authoritative restore of the Active Directory

When you non-authoritatively restore the SYSVOL, the local copy of SYSVOL on the restored
domain controller is compared with that of its replication partners. After the domain controller
restarts, it replicates any necessary changes, bringing it up-to-date with the other domain controllers
within the domain.
Tel me about Authoritative restore of SYSVOL or D4 restore

IN D4 restore a copy of SYSVOL that is restored from backup is authoritative for the domain. After
the necessary configurations have been made, Active Directory marks the local SYSVOL as
authoritative and it is replicated to the other domain controllers within the domain.

How to D2 and D4 restore?

Enable BurFlags registry to D2 or D4


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\
Process at Startup
BurFlags

D2, for nonauthoritative mode, restore


D4, for an authoritative mode, restore

Active Directory real time issues and solutions


By ganesamoorthy s | June 9, 2015

4 Comments

As an Windows AD Administrator I have many Active Directory real time issues and solutions, we
have seen the questions like, Tel me about 2 real time issues which you have faced in your current
Active Directory environment, share one or two challenging issues which you have worked and
resolved, Tel me most challenging issues you recently involved

Many of my blog readers are asked to share couple of real time scenarios from my past experience
to preparing for an Windows and Active Directory interview, list of articles from my previous post,
read and understand to face the interview confidently

Active Directory real time issues and solutions

DNS Entry of Domain Controller is Resolving to Incorrect value


Replsummary showing unknown for largest delta on AD replication checks
Domain Controller failed test Machineaccount on DCDIAG
AD Slow Authentication and prompting for credentials again and again
How secure channel determine the Domain controller in cross-forest
Active directory Troubleshooting
Active Directory Replication failed with “Target principal name is incorrect”
Replication failed with “The destination server is currently rejecting replication requests” Error
Troubleshoot Active Directory Server Replication

Group Policy (GPO) real time issues and solutions

Issue managing IE configuration through GPO


Why we can’t edit/view windows 2008, Vista and windows 7 GPO settings from windows 2003
Gpresult failed with ERROR Access Denied
Home page URL not working for IE7
GPO update failed in Slow Link VPN site with Event ID 1000 and 1054
Group Policy Processing over Slow Links
Group Policy slow link detection on windows server 2008
Other real time issues and solutions, Printer, User Profile and Account
lockout

Account lockout
How to resolve the Print Spooler service crash issue (Print spooler service is not running)
How to find the domain controller that contains the lingering object
Reconfigure roaming profile folder and home folder permission for all the users

You might also like