Active Directory Facts:

You should know the following facts about Active Directory:

 Active Directory is based on the LDAP (Lightweight Directory Access Protocol)

standard.
 Active Directory uses DNS for locating and naming objects.
 The tree root domain is the highest level domain in a tree (a tree root domain can also
be a forest root domain).
 The tree root domain is the highest Active Directory domain in the tree.
 A tree is a group of domains based on the same name space.
 Domains in a tree:
o Are connected with a two-way transitive trust.
o Share a common schema.
o Have common global catalogs.
 A schema makes up the attributes of an object in a tree.
 The forest root domain is the first domain created in the Active Directory forest.
 There are dedicated and regional forest root domains.
 Container objects are designed to contain other objects, either other containers or leaf
objects.
 Domain container objects can contain Organizational Unit (OU) container objects.
 First level OUs can be called parents.
 Second level OUs can be called children.
 OUs can contain other OUs or any type of leaf object (e.g., users, computers,
printers).
 You cannot assign rights and permissions to OUs.
 You can assign GPOs (Group Policy Objects) to OUs.
 An Active Directory site is one or more well-connected, highly-reliable, fast TCP/IP
subnets.
 All Active Directory sites contain servers and site links (the connection between two
sites that allows replication to occur).
 A site link cost is a value assigned to a link that is used to regulate the traffic
according to the speed of the link. The higher the site link cost, the slower the link
speed.
 Domain controllers are servers that contain copies of the Active Directory database
that can be written to. Domain controllers participate in replication.
 The Active Directory database is partitioned and replicated.
 There are four types of Active Directory database partitions:
o Domain
o Configuration
o Schema
o Application
 Users find objects in Active Directory by querying the database.
 The first domain controller installed in the forest automatically becomes the global
catalog server for that domain.
 

Installation Facts

You should know the following facts about Active Directory installation:

 Active Directory requires the following:

o TCP/IP running on the servers and clients.
o A DNS server with SRV support.
o Windows 2000 or 2003 operating systems.
 After installing Windows 2003, you can install Active Directory using the Dcpromo
command.
 Members of the Domain Admins group can add domain controllers to a domain.
 Members of the Enterprise Admins group can perform administrative tasks across the
entire network, including:
o Change the Active Directory forest configuration by adding/removing
domains. (New domains are created when the first domain controller is
installed. Domains are removed when the last domain controller is
uninstalled.)
o Add/remove sites.
o Change the distribution of subnets or servers in a site.
o Change site link configuration

Advanced Installation Facts

If you are installing a Windows Server 2003 server into an existing Windows 2000 Active
Directory structure, you must first prepare Active Directory for the installation by taking the
following steps:

1. Apply Service Pack 2 or later on all domain controllers.

2. Back up your data.
3. On the schema master for the forest, disconnect the server from the network and run
Adprep /forestprep.
4. Reconnect the server and wait at least 15 minutes (or as long as a half a day or more)
for synchronization to occur.
5. If Active Directory has multiple domains, or if the infrastructure master for the
domain is on a different server than the schema master, run Adprep /domainprep on
the infrastructure master for the domain.

Keep in mind the following facts about using Adprep:

 To run /forestprep, you must be a member of the Schema Admins or Enterprise

Admins group.
 To run /domainprep, you must be a member of the Domain Admins or Enterprise
Admins group.
 If you have a single domain, and the infrastructure master is on the same server as the
schema master, you do not need to run /domainprep (/forestprep performs all
necessary functions to prepare Active Directory).
You should know the following facts about Active Directory advanced installations:

Installing from a replica media set will create the initial Active Directory database using a
backup copy and then replicate in any changes since the backup. This prevents a lot of the
replication traffic that is normally created on a network when a server is promoted to a
domain controller.

What is active directory?

A central component of windows, used to manage, and administrator users, computers and
printers in the network from active directory.

What is DNS? What is “forward lookup zone” and “reverse lookup zone”?

DNS is domain naming service and used to resolve host names to IP addresses and IP
addresses to host names. The computer understands only numbers to communicate with each
other. Its also easier way to make access websites by assigning names to websites.

When we use web address e.g. http://ittechjobs.net in browser, computer uses DNS for IP
address to redirect the website.

Forward lookup: Converting names to IP address is called forward lookup.

Reverse lookup: Resolving IP address to names is called reverse lookup.

'A' record: It is called host record and it is used to map name to IP address. This is the record
in DNS with the help of which DNS finds the host name.

'MX' Record: it is called mail exchanger record. It is the record needed to locate the mail
servers in the network. This record is also found in DNS.

What is DHCP?  What are scopes and super scopes?

DHCP: Dynamic host configuration protocol. It is used to allocate IP addresses to large

number of PCs in a network environment.

Scope: Scope contains IP address like subnet mask, gateway IP, DNS server IP and exclusion
range which a client can use to communicate with the other PCs in the network.

Super scope: When we combine two or more scopes together it is called super scope.

What are the types of LAN cables?

LAN cables are classified into CAT 5 and CAT 6.CAT 5 Supports 100 MBPS of speed while
CAT 6 supports 1 GBPS of speed.

What is the difference between LAN cable and Cross cable?

RJ45 connector connections are different in LAN cable as compared to cross cable.
E.g.:

Straight Cable                                                                                                      

Pin 1 White\Orange                                               Pin 1 White\Orange

Pin 2 Orange                                                        Pin 2 Orange

Pin3 White\Green                                                  Pin3 White\Green

Pin4 Blue                                                              Pin4 Blue

Pin5 White\Blue                                                     Pin5 White\Blue

Pin 6 Green                                                          Pin 6 Green

Pin 7 Brown                                                          Pin 7 Brown

Pin 8 White\Brown                                                 Pin 8 White\Brown

Cross Cable:

Wire Becomes

1----------------------3

2----------------------6

3----------------------1

6----------------------2

By default the LAN Cable is 100 Meters but you may observe drop of signals after 80
Meters.

Cross cable is used to connect two computers without using switch.

Describe in brief about IPCONFIG Command?

This command displays the information about IP assigned to a computer. From the output we
can know the information of IP address, DNS IP address and Gateway address assigned to
that computer.

What is APIPA Range?

When DHCP server is unavailable, windows client computer assigns an IP address itself to
communicate with other computers in the network.
APIPA stands for automatic private IP addressing. It is in the range of 169.254.X.X.

What are manageable and non manageable switches?

Manageable switches are those switches which can be administered so we can create VLAN
etc while non manageable switches can not be managed.

Windows 2000/2003 Active Directory domains utilize a Single Operation Master method
called FSMO (Flexible Single Master Operation).

The five FSMO roles are:

·         Schema master - Forest-wide and one per forest.

·         Domain naming master - Forest-wide and one per forest.

·         RID master - Domain-specific and one for each domain.

·         PDC - PDC Emulator is domain-specific and one for each domain.

·         Infrastructure master - Domain-specific and one for each domain.

By default in active directory installation, FSMO Roles are on the same DC.However,
administrator would want to transfer these roles to default DC to Different DC.

In most cases an administrator can keep the FSMO role holders in on the same DC as has
been configured by the Active Directory installation process. However, there are scenarios
where an administrator would want to move one or more of the FSMO roles from the default
holder DC to a different DC.

In order to transfer roles from one DC to another DC, administrator should aware which DC
is holding the exact role and what role it holds. Expert technical knowledge and better
understanding of technical terms are prerequisite for Administrator and he or she prepare
himself herself before implementing this terms to live servers.  

How to find which server holds the exact role. This article illustrates the few methods which
are below.

MO Role Number of DC holding this Original Dc holding the

role FSMO role
Schema One per forest The first DC in the first
domain in the forest ( The
Forest Root Domain)
Domain Naming Master One per forest The first DC in the first
domain in the forest ( The
Forest Root Domain)
RID Master One per Domain The first DC in a domain (any
domain, including the Forest
Root Domain, any Tree Root
Domain, or any Child
Domain)
PDC Emulator One per Domain The first DC in a domain (any
domain, including the Forest
Root Domain, any Tree Root
Domain, or any Child
Domain)
Infrastructure Master One per Domain The first DC in a domain (any
domain, including the Forest
Root Domain, any Tree Root
Domain, or any Child
Domain)

Finding the RID Master, PDC Emulator, and Infrastructure Masters via GUI

To find out who currently holds the Domain-Specific RID Master, PDC Emulator, and
Infrastructure Master FSMO Roles:

1.       Open the Active Directory Users and Computers snap-in from the Administrative
Tools folder.

2.       Right-click the Active Directory Users and Computers icon again and press Operation
Masters.

3.       Select the appropriate tab for the role you wish to view.

4.       When you're done click close.

Finding the Domain Naming Master via GUI

To find out who currently holds the Domain Naming Master Role:

1.       Open the Active Directory Domains and Trusts snap-in from the Administrative Tools
folder.

2.       Right-click the Active Directory Domains and Trusts icon again and press Operation
Masters.

3.       When you're done click close.

Finding the Schema Master via GUI

To find out who currently holds the Schema Master Role:

1.       Register the Schmmgmt.dll library by pressing Start > RUN and typing:

regsvr32 schmmgmt.dll

2.       Press OK. You should receive a success confirmation.

3.       From the Run command open an MMC Console by typing MMC.

4.       On the Console menu, press Add/Remove Snap-in.

5.       Press Add. Select Active Directory Schema.

6.       Press Add and press Close. Press OK.

7.       Click the Active Directory Schema icon. After it loads right-click it and press
Operation Masters.

8.       Press the Close button.

Active directory uses Kerberos Security for server to sevrer auhentication and for trust
establishment.

One way trust in which one domain is the trusted domain and other is the trusting domain.
Two way transitive trusts are by default between all domains in a forest.

As a result,users in parent domain can access resourses in child domain and vise versa.The
same senario is a with tree structure.When a user tries to access a resource in another domain
controller,the trust establishment takes place accross domain boundries.

Shortcut Trusts can be established between two domains and it is a different from the
standard trusts within the trust tree. In this situation users in one domain can rapidly
authenticated to other domains and vise versa.

he following table lists various protocols and their associated ports that might be used in
an Exchange implementation.

 
Protocol Description Ports
 
Used to communicate with mail servers and by POP3 and  
TCP 25
SMTP IMAP4 clients to send mail. Note: SMTP with SSL is
Using SSL, TCP 26  
rarely used.
Used to retrieve mail from an Exchange Server. Disabled TCP 110
POP3  
on the Exchange server by default. Using SSL, TCP 995
Used to retrieve mail and other directories from an
TCP 143
IMAP4 Exchange Server. Disabled on the Exchange server by  
Using SSL, TCP 993
default.
HTTP Used by Outlook Web Access for mail access. TCP 80  
 Using SSL, TCP 443
TCP and UDP 389 for
Active Directory access
LDAP Used to access information from Active Directory.  
TCP 3268 for Global
Catalog access
Used to retrieve information from Usenet servers on and TCP 119
NNTP  
enables sharing news group public folders. Using SSL, TCP 563
TCP 135
Used to establish an RPC connection (end point mapper) TCP 1024 and above
RPC  
and also acts as an RPC client establishing sessions. (multiple ports are
typically enabled)
When contacting Active Directory, a DNS server must be
DNS contacted for name resolution. The Exchange server uses TCP and UDP 53  
DNS to find mail servers on the Internet
Used for X.400 connections or connections to Exchange
MTA TCP 102  
5.5 servers. 
Used for communication and authentication with
Kerberos TCP and UDP 88  
Windows 2003 servers.
IP protocol 51 for AH
IP protocol 50 for ESP
UDP 500 for key
IPSec Used to secure server-to-server communications.  
exchange
TCP and UDP 88 for
Kerberos

The global catalog is a distributed data repository that contains a searchable, partial representation
of every object in every domain in a multidomain Active Directory forest. The global catalog is stored
on domain controllers that have been designated as global catalog servers and is distributed through
multimaster replication. Searches that are directed to the global catalog are faster because they do
not involve referrals to different domain controllers.

Storage Design Facts

The design of your storage system allows you to optimize the system and protect your data. An
effective design strategy considers file location, protection level for the files, and the necessary
hardware to support it. The table below identifies one way to structure the Exchange system to
ensure optimization and fault tolerance.

Drive Contents Recommended Configuration

C:\ Operating System RAID 1 or RAID 5

 The page file should be on a different physical disk from the operating
D:\ Page file system. No special protection for the page file is required.

E:\ Transaction Logs RAID 1 or if using a SAN system RAID 0+1

Exchange Store
F:\ RAID 5
Databases

1)What are different Editions of Windows 2003 server? Orkut notes

i)Standard Edition
ii)Web Edition
iii)Enterprise Edition
iv)Datacenter Edition

2)What is active directory?

Active Directory is the directory service included in the Windows Server 2003 family. Active
Directory includes the directory, which stores information about network resources, as well as all
the services that make the information available and useful. Active Directory is also the directory
service included in Windows 2000.

3)What is the active directory database name and where it is located?

Name : NTDS.Dit located in c:\windows\ntds\

4)What is the expantion of .Dit ? Scalable size of NTDS in 2k3?

.Dit – Directory Information Tree. It is scalable up to 70 TB.

5)What is schema in AD?

The Active Directory schema defines objects that can be stored in Active Directory. The schema is
a list of definitions that determines the kinds of objects and the types of information about those
objects that can be stored in Active Directory. Because the schema definitions themselves are
stored as objects, they can be administered in the same manner as the rest of the objects in
Active Directory. Normally called schema object or metadata .

6)Structure of AD in 2kX?

1)Physical structure
Sites ,Domain Controllers
2)Logical structures
Forest, Tree, Domain, OU

7)What are the domain functional levels in 2k3?

1)Mixed mode
2)Native mode
3)Interim mode
8)What is Global catalog and GC server?

The global catalog is the central repository of information about objects in a tree or forest. By
default, a global catalog is created automatically on the initial domain controller in the first domain
in the forest. A domain controller that holds a copy of the global catalog is called a global catalog
server.

9)What are the functions of GC?

A)It enables a user to log on to a network by providing universal group membership information to a
domain controller when a logon process is initiated.
B)It enables finding directory information regardless of which domain in the forest actually contains
the data.

10)What is the active directory database engine name?

ESE (Extensible Storage Engine)

11)What are the partitions available in AD?

i)Schema partition
ii) Configuration Partition
iii) Domain Partition
iv)Application Partition

12)What are the two types of replications?

Inter-site(Site to site) and Intra-site(With in site) replications.

13)What is KCC ? What is the function of the KCC?

The KCC is a built-in process that runs on all domain controllers. The KCC configures connection
objects between domain controllers. Within a site, each KCC generates its own connections. For
replication between sites, a single KCC per site generates all connections between sites.

14)What are the two trust protocols 2k3 using ?

Kerberos V5 and NTLM

15)What are the trust relations available in 2k3?

Tree-Root , Parent- Child , Shortcut, Realm, Forest trust , External trust

16)What is the hierarchy of applying Gpo in 2k3?

It is applied from parent level to child level in AD.

i) Local GPO
ii) GPOs linked to sites
iii) GPOs linked to domains
iv) GPOs linked to OUs

17)What are the protocols used on replication?

RPC over IP (Used for synchronies transfer) , SMTP over IP (Asynchronies transfer)

18)What is the default time delay on replication?

Intra site – 15 min ( KCC automatically create the topology for Replication)
Inter-site – 1 hrs.
Security related changes replicated immediately across sites.

19)What Different tables available in NTDS database?

i)Schema table
ii)Link Table
iii)Data table
iv)Configuration Table

19)Where is the FRS logs stored in and what is the database engine name?

c:\windows\ntfrs\jet\log ,The engine used is jet database engine. Ntfrs.jdb.

20)What is tombstone object in AD? What is it’s life time?

Any objects deleted from Active directory will not removed from Database immediately. That object
is called tombstone object. The default life time for that object is 60 days.For win 2k3 SP1 180 days

21) What are the FSMO roles in AD and what are the functionalities of those roles?

Every Active Directory forest must have the following roles:

1) Schema master 2) Domain naming master

These roles must be unique in the forest. This means that throughout the entire forest there can be
only one schema master and one domain naming master.
Schema Master Role
The domain controller assigned the schema master role controls all updates and modifications to the
schema. To update the schema of a forest, you must have access to the schema master. At any time,
there can be only one schema master in the entire forest.
Domain Naming Master Role
The domain controller holding the domain naming master role controls the addition or removal of
domains in the forest. There can be only one domain naming master in the entire forest at any time.
Domain-Wide Operations Master Roles
Every domain in the forest must have the following roles:
3)Relative identifier (RID), or relative ID, master 4) Primary domain controller (PDC) emulator 5)
Infrastructure master
These roles must be unique in each domain. This means that each domain in the forest can have only
one RID master, PDC emulator master, and infrastructure master.
RID Master Role
The domain controller assigned the RID master role allocates sequences of relative IDs to each of the
various domain controllers in its domain. At any time, there can be only one domain controller acting
as the RID master in each domain in the forest.
Whenever a domain controller creates a user, group, or computer object, it assigns the object a
unique security ID. The security ID consists of a domain security ID (that is the same for all security
IDs created in the domain) and a relative ID that is unique for each security ID created in the domain.

To move an object between domains (using Movetree.exe: Active Directory Object Manager), you
must initiate the move on the domain controller acting as the RID master of the domain that
currently contains the object.
PDC Emulator

Difference between DNS and WINS

WINS is used to offer NetBIOS clients the ability to resolve NetBIOS names without broadcasts within
a routed environment. This causes the network traffic to be reduced. Each client can register it's
services at the WINS server when starting and query the WINS server to resolve NetBIOS names of
other clients.
Within Windows 2000, clients are automatically installed to provide client-side support for
registering and resolving NetBIOS names. This can be disabled by disabling NetBIOS over TCP/IP in
the WINS tab of the TCP/IP protocol.
But DNS is a complete name resolution server. It resolves DNS name, NETBIOS name to IP viceversa.
Short for Domain Name System (or Service or Server), an Internet service that translates domain
names into IP addresses. Because domain names are alphabetic, they're easier to remember. The
Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a
DNS service must translate the name into the corresponding IP address. For example, the domain
name www.example.com might translate to 198.105.232.4.