Scribd Logo
Importer

Bienvenue sur Scribd !

  • Active Directory Interview Questions and Answers

    Transféré par

    Ulaga Nathan
    82 vues4 pages
    This document discusses interview questions and answers related to Active Directory. It begins with basic questions about what Active Directory is and its components like domains, domain controllers, forests, and schemas. It then discusses topics like LDAP, FSMO roles, and the Active Directory database files. The most important FSMO role is identified as the PDC because it is responsible for user logins, password changes, and time synchronization, so if it fails there would be an immediate impact. The document provides detailed explanations for each FSMO role.

    Description originale:

    Active Directory Interview Questions and Answers

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    This document discusses interview questions and answers related to Active Directory. It begins with basic questions about what Active Directory is and its components like domains, domain controllers, forests, and schemas. It then discusses topics like LDAP, FSMO roles, and the Active Directory database files. The most important FSMO role is identified as the PDC because it is responsible for user logins, password changes, and time synchronization, so if it fails there would be an immediate impact. The document provides detailed explanations for each FSMO role.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    82 vues4 pages

    Active Directory Interview Questions and Answers

    Transféré par

    Ulaga Nathan
    This document discusses interview questions and answers related to Active Directory. It begins with basic questions about what Active Directory is and its components like domains, domain controllers, forests, and schemas. It then discusses topics like LDAP, FSMO roles, and the Active Directory database files. The most important FSMO role is identified as the PDC because it is responsible for user logins, password changes, and time synchronization, so if it fails there would be an immediate impact. The document provides detailed explanations for each FSMO role.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    ActiveDirectoryInterviewQuestionsandanswers

    ActiveDirectory(AD)RealTimeInterviewQuestionsandAnswers
    IwouldliketosharesomeoftheWindowsActiveDirectoryInterviewQuestionsandanswers,willstartwith
    basicquestionsandcontinuewithL1,L2,L3levelquestions
    WhatisActiveDirectory?
    ActiveDirectory(AD)isadirectoryservicedevelopedbyMicrosoftandusedtostoreobjectslikeUser,
    Computer,printer,Networkinformation,ItfacilitatetomanageyournetworkeffectivelywithmultipleDomain
    ControllersindifferentlocationwithADdatabase,abletomanage/changeADfromanyDomainControllersand
    thiswillbereplicatedtoallotherDCs,centralizedAdministrationwithmultiplegeographicallocation
    andauthenticatesusersandcomputersinaWindowsdomain
    WhatisLDAPandhowtheLDAPbeenusedonActiveDirectory(AD)?WhatisTree?
    TreeisahierarchicalarrangementofwindowsDomainthatshareacontiguousnamespace
    WhatisDomain?
    ActiveDirectoryDomainServicesisMicrosoftsDirectoryServer.Itprovidesauthenticationandauthorization
    mechanismsaswellasaframeworkwithinwhichotherrelatedservicescanbedeployed
    WhatisActiveDirectoryDomainController(DC)?
    DomainControlleristheserverwhichholdstheADdatabase,AllADchangesgetreplicatedtootherDCand
    visevase
    WhatisForest?
    ForestconsistsofmultipleDomainstrees.TheDomaintreesinaforestdonotformacontiguousnamespace
    howevershareacommonschemaandglobalcatalog(GC)
    WhatisSchema?
    Activedirectoryschemaisthesetofdefinitionsthatdefinethekindsofobjectandthetypeofinformationabout
    thoseobjectsthatcanbestoredinActiveDirectory
    ActivedirectoryschemaisCollectionofobjectclassandthereattributes
    ObjectClass=User
    Attributes=firstname,lastname,email,andothers
    Canwerestoreaschemapartition?TelmeabouttheFSMOroles?
    SchemaMaster
    DomainNamingMaster

    InfrastructureMaster
    RIDMaster
    PDC
    SchemaMasterandDomainNamingMasterareforestwideroleandonlyavailableoneoneachForest,Other
    rolesareDomainwideandoneforeachDomain
    ADreplicationismultimasterreplicationandchangecanbedoneinanyDomainControllerandwillget
    replicatedtoothersDomainControllers,exceptabovefileroles,thiswillbeflexiblesinglemasteroperations
    (FSMO),thesechangesonlybedoneondedicatedDomainControllersoitssinglemasterreplication
    Howtocheckwhichserverholdswhichrole?
    NetdomqueryFSMO
    WhichFSMOroleisthemostimportant?Andwhy?
    Interestingquestionwhichroleismostimportantoutof5FSMOrolesorifonerolefailsthatwillimpacttheend
    userimmediately
    MostarmatureadministratorspicktheSchemamasterrole,notsurewhymaybetheythoughSchemaisvery
    criticaltoruntheActiveDirectory
    CorrectanswerisPDC,nowthenextquestionwhy?WillexplainrolebyrolewhathappenswhenaFSMOrole
    holderfailstofindtheanswer
    SchemaMasterSchemaMasterneededtoupdatetheSchema,wedontupdatetheschemadailyright,
    whenwillupdatetheSchema?Whilethetimeofoperatingsystemmigration,installingnewExchangeversion
    andanyotherapplicationwhichrequiresextendingtheschema
    SoifareSchemaMasterServerisnotavailable,wecantabletoupdatetheschemaandnowaythiswillgoing
    toaffecttheActiveDirectoryoperationandtheenduser
    SchemaMasterneedstobeonlineandreadytomakeaschemachange,wecanplanandhavemoretimeto
    bringbacktheSchemaMasterServer
    DomainNamingMasterDomainNamingMasterrequiredtocreatinganewDomainandcreatingan
    applicationpartition,LikeSchemaMasterwedontcerateDomainandapplicationpartitionfrequently
    SoifareDomainNamingMasterServerisnotavailable,wecantabletocreateanewDomainandapplication
    partition,itmaynotaffecttheuser,usereventdidntawareDomainNamingMasterServerisdown
    InfrastructureMasterInfrastructureMasterupdatesthecrossdomainupdates,whatreallyupdatesbetween
    Domains?WheneveruserlogintoDomaintheTGThasbeencreatedwiththelistofaccessusergotthrough
    groupmembership(usergroupmembershipdetails)italsocontaintheusermembershipdetailsfromtrusted
    domain,InfrastructureMasterkeepthisinformationuptodate,itupdatereferenceinformationevery2daysby

    comparingitsdatawiththeGlobalCatalog(thatswhywedontkeepInfrastructureMasterandGCinsame
    server)
    InasingleDomainandsingleForestenvironmentthereisnoimpactiftheInfrastructureMasterserverisdown
    InaMultiDomainandForestenvironment,therewillbeimpactandwehaveenoughtimetofixtheissuebefore
    itaffecttheenduser
    RIDMasterEveryDCisinitiallyissued500RIDsfromRIDMasterServer.RIDsareusedtocreateanew
    objectonActiveDirectory,allnewobjectsarecreatedwithSecurityID(SID)andRIDisthelastpartofaSID.
    TheRIDuniquelyidentifiesasecurityprincipalrelativetothelocalordomainsecurityauthoritythatissuedthe
    SID
    Whenitgetsdownto250(50%)itrequestsasecondpoolofRIDsfromtheRIDmaster.IfRIDMasterServer
    isnotavailabletheRIDpoolsunabletobeissuedtoDCsandDCsareonlyabletocreateanewobject
    dependsontheavailableRIDs,everyDChasanywherebetween250and750RIDsavailable,sonoimmediate
    impact
    PDCPDCrequiredforTimesync,userlogin,passwordchangesandTrust,nowyouknowwhythePDCis
    importantFSMOroleholdertogetbackonline,PDCrolewillimpacttheenduserimmediatelyandweneedto
    recoverASAP
    ThePDCemulatorPrimaryDomainControllerforbackwardscompatibilityanditsresponsiblefortime
    synchronizingwithinadomain,alsothepasswordmaster.AnypasswordchangeisreplicatedtothePDC
    emulatorASAP.IfalogonrequestfailsduetoabadpasswordthelogonrequestispassedtothePDCemulator
    tocheckthepasswordbeforerejectingtheloginrequest.
    TelmeaboutActiveDirectoryDatabaseandlisttheActiveDirectoryDatabasefiles?
    NTDS.DIT
    EDB.Log
    EDB.Che
    Res1.logandRes2.log
    AllADchangesdidntwritedirectlytoNTDS.DITdatabasefile,firstwritetoEDB.Logandfromlogfileto
    database,EDB.Cheusedtotrackthedatabaseupdatefromlogfile,toknowwhatchangesarecopiedto
    databasefile.
    NTDS.DIT:NTDS.DITistheADdatabaseandstoreallADobjects,Defaultlocationisthe%system
    root%\nrds\nrds.dit,ActiveDirectorydatabaseengineistheextensiblestorageenginewhichusbasedonthe
    Jetdatabase
    EDB.Log:EDB.LogisthetransactionlogfilewhenEDB.Logisfull,itisrenamedtoEDBNum.logwherenumis
    theincreasingnumberstartingfrom1,likeEDB1.Log

    EDB.Che:EDB.Cheisthecheckpointfileusedtotracethedatanotyetwrittentodatabasefilethisindicatethe
    startingpointfromwhichdataistoberecoveredfromthelogfileincaseiffailure
    Res1.logandRes2.log:Resisreservedtransactionlogfilewhichprovidethetransactionlogfileenoughtime
    toshutdownifthediskdidnthaveenoughspace
    WhatRAIDconfigurationcanbeusedinDomainControllers?CanwekeepOS,logfiles,SYSVOL,AD
    databaseonsamelogicalDisk?

    Vous aimerez peut-être aussi