AD Interview Questions
AD Interview Questions
The SYSVOL folder stores the server's copy of the domain's public files.
The contents such as group policy, users etc of the SYSVOL folder are
replicated to all domain controllers in the domain.
It’s the folder where you can find the objects missed due to conflict. Ex:
you created a user in OU which is deleted in other DC & when
replication happed ADS didn’t find the OU then it will put that in Lost &
Found Folder.
What is a site ?
DNS has two different Zones Forward Lookup Zone and Reverse Lookup
Zone. There two Zones are categorized into three zones and are as
follows:
Primary zone: It contains the read and writable copy of the DNS
Database.
Secondary Zone: It acts as a backup for the primary zone and contains
the read only copy of the DNS database.
Stub zone: It is also read-only like a secondary zone; stub zone contains
only SOA, copies of NS and A records for all name servers authoritative
for the zone
.
What is Resource Record ?
What is a Tree ?
What is REPADMIN ?
Windows Server 2008 has five Active directory related roles. below are
the list
Active Directory Domain Services (Identity): AD DS it provides
the functionality of an identity and access (IDA) solution for
enterprise networks. It also provides the mechanisms to
support, manage, and configure resources in distribution
network environments.
Active Directory Lightweight Directory Services (Applications):
AD LDS formerly known as Active directory application mode
(ADAM), provides support for directory-enabled applications.
Active Directory Certificate Services (Trust): AD CS to set up a
certificate authority for issuing digital certificates as a part of a
public key infrastructure (PKI) that binds the identity of a
person, device or service to corresponding private key.
Certificates can be used to authenticate users and computers,
provide web-based authentication, support smart card
authentication, and support application, including secure
wireless n/w, vpn, Ipsec, EFS, and more.
Active Directory Rights management Services (Integrity): AD
RMS is an information-protection technology that enables you
to implement persistent usage policy templates (for
documents) that define allowed and unauthorized use
whether online, offline, inside, or outside the firewall.
Active Directory Federation Services (Partnership): AD FS
enable an organization to extend IDA across multiple
platforms, including both window and non-windows
environments, and to project identity and access rights across
security boundaries to trusted partners.
What are application directory partitions?
Application Directory Partition is a partition space in Active
Directory which an application can use to store that application
specific data. This partition is then replicated only to some
specific domain controllers. The application directory partition
can contain any type of data except security principles (users,
computers, groups).
How do you create a new application directory partition?
Click Start, click Run, type cmd, and then click OK.
Type the following command, and then press ENTER:
C:\>repadmin /showreps
domain_controller
OR
You can use Replmon.exe for the same purpose.
OR
AD Sites and Services and nslookup gc._msdcs.
To find the GC from the command line you can try using DSQUERY
command.
dsquery server -isgc to find all the gc's in the forest
you can try dsquery server -forest -isgc.
The reason that all DCs are not GCs to start is that in large (or even
Giant) forests the DCs would all have to hold a reference to every
object in the entire forest which could be quite large and quite a
replication burden.
For a few hundred, or a few thousand users even, this not likely to
matter unless you have really poor WAN lines.
What is ADSIEDIT?
What is NETDOM?
What is REPADMIN?
Group Policy Preferences are a heap of new Group Policy settings that
were released with Windows Server 2008 that allows IT administrators
to pretty much do anything they want to configured computers in an
corporate environment. Preferences only require a Windows 2000
Active Directory and they need to be managed from a minimum of
Windows Vista/2008 however they can be applied to Windows XP
Service Pack 2 (or greater) workstations.
Offline domain join is a new process that computers that run Windows
7 or Windows Server 2008 R2 can use to join a domain without
contacting a domain controller. This makes it possible to join computers
to a domain in locations where there is no connectivity to a corporate
network.
First the computer account is created or provisioned on the domain
controller and the resulting information is stored in the metadata, and
then this information is transferred to the joining computer. The
workstation then performs the joining part without having the
connectivity with the domain controller.
You need to use Djoin.exe on the domain controller to accomplish
above. Please use Djoin.exe /? to see the syntaxes.
An example is given below:
Djoin.exe /provision /domain Name_Of_the_Domain_To_Be_Joined
/machine Client_Computer_Name /savefile File_Name.txt
Active Directory domains, you could apply only one password and
account lockout policy to all users in the domain, so if you wanted
different password and account lockout settings for different sets of
users, you had to either create a password filter or deploy multiple
domains. In Windows Server 2008 you can use fine grained password
policies to specify multiple password policies, apply different password
restrictions and account lockout policies to different sets of users within
a single domain. FGPPs become available once the domain has been
promoted to Windows Server 2008 Domain Functional Level.
How can you forcibly remove AD from a server, and what do you do
later?
Improved security
Faster logon times
More efficient access to resources