Académique Documents
Professionnel Documents
Culture Documents
QUESTIONS ON ADS
1. What is ADS ?
ADS can be defined as a logical network structure or model of Windows 2000 and
Windows 2003 in which includes forest, trees, domain, etc.
Sysvol is a special public folder located on NTFS partition of Domain controller. Sysvol
is used for storing public files like Login scripts, GPO templates, etc. The contents of
sysvol folder is replicated to all DC in the domain.
Light Weight Directory Access Protocol (LDAP) is a protocol to query or access active
directory database. It uses port number TCP 389.
www.visioninfosystems.org Page No : 1
Vision Infosystems (VIS) Interview Questions
6) What is FRS ?
FRS is replication service used for replication of DFS and Sysvol contents.
DN = Distinguish Name
For every object in active directory has a distinguished name (DN). The DN is unique
from all other objects and contains the full information needed to retrieve the object. The
DN contains the domain where the object resides and the path to the object. The DN is
made up of these attributes (or qualities):
DomainComponentName (DC)
OrganizationalUnitName (OU)
CommonName (CN)
For example
CN=ajay,OU=admins,DC=vision,DC=com
This above path specifies that a user name ajay resides in admins OU and this OU
belong to the domain vision.com
The RDN is the part of the DN that defines the actual object, called an attribute. This is
the CN, or common name.
8) What is Schema ?
The Active Directory schema defines objects that can be stored in Active Directory. The
schema is a list of definitions that determines the kinds of objects and the types of
information about those objects that can be stored in Active Directory. In simple
language schema define structure and attributes of every object stored in active directory.
A global catalog is a domain controller that stores a copy or replica of all Active
Directory objects in a forest. The global catalog stores a full copy of all objects of a
domain in which it resides and a partial copy of all objects for all other domains in the
www.visioninfosystems.org Page No : 2
Vision Infosystems (VIS) Interview Questions
forest. The partial copy stores the most commonly used attributes of all domain objects.
The global catalog provides users to searches objects easily and quickly within forest
without affecting network performance. User uses TCP port 3268 to query or access
global catalog.
10) How can we change administrator directory service restore mode password ?
We can change directory service restore mode password using ntdsuil.exe utility.
FSMO ROLES
• Schema Master : is a domain controller that handles all active directory schema
related activities in a Forest.
• Domain Naming Master : handles or controls the addition or removal of
domains in the forest.
• RID master : is a DC which assigns or distributes RIDs to every DC in a
Domain.
• PDC emulator : provides emulated PDC service for Windows NT BDCs in
mixed mode.
• infrastructure master : is responsible for updating references from objects in its
domain to objects in other domains.
In mixed mode
• To act as PDC for Windows NT BDCs
• Password changes performed by other DCs in the domain are replicated
preferentially to the PDC emulator.
• Authentication failures that occur at a given DC in a domain because of an
incorrect password are forwarded to the PDC emulator before a bad password
failure message is reported to the user.
• Account lockout is processed on the PDC emulator.
www.visioninfosystems.org Page No : 3
Vision Infosystems (VIS) Interview Questions
In native mode
• Password changes performed by other DCs in the domain are replicated
preferentially to the PDC emulator.
• Account lockout is processed on the PDC emulator.
• Authentication failures that occur at a given DC in a domain because of an
incorrect password are forwarded to the PDC emulator before a bad password
failure message is reported to the user.
• Time synchronization between DC’s
• Editing or creation of Group Policy Objects (GPO) is always done from the GPO
copy found in the PDC Emulator's SYSVOL share, unless configured not to do so
by the administrator.
If the PDC master is down or offline is effects network users. User will not able to handle
password changes, account lockout, time sync, etc. Therefore, when the PDC emulator
master is not available, you may need to immediately seize the role.
The difference between transfer and seize is that, seizing is used when the source DC is
down or offline. Seizing means forcing a DC to be take the control of the role if the
original DC is down or offline. While in case of transfer both the source and destination
DC should be online.
The infrastructure masters job is to compare objects of the local domain against objects in
other domains of the same forest. If the server holding the infrastructure master is also a
global catalog it won't ever see any differences, since the global catalog holds a partitial
copy of every object in the forest itself. Therefore the infrastructure master won't do
anything in its domain.
www.visioninfosystems.org Page No : 4
Vision Infosystems (VIS) Interview Questions
Method - I
Active Directory Users and Computers snap-in
Method - II
ntdsutil.exe is command line tools use to transfer or seize operation master roles
Method - I
Schema master : Active Directory schema snap-in
Domain naming master : Active directory domains and trust
Method - II
ntdsutil.exe is command line tools use to transfer or seize operation master roles
www.visioninfosystems.org Page No : 5
Vision Infosystems (VIS) Interview Questions
Windows NT 4.0
Windows Server 2003 family
In Active directory domains and trust snap-in, right-click on the active directory domains
and trust and then select Raise Forest functional level.
In Active directory users and computer snap-in, right-click on the active directory
domains and trust and then select Raise Forest functional level.
www.visioninfosystems.org Page No : 6
Vision Infosystems (VIS) Interview Questions
Interim mode
We can move active directory file to different location using NTDSUTIL.EXE utility.
We can only move files using directory service restore mode.
¾ Ntdsutil
¾ files
¾ move db to <DriveAndFolder>
¾ move logs to <DriveAndFolder>
¾ QUIT
www.visioninfosystems.org Page No : 7
Vision Infosystems (VIS) Interview Questions
www.visioninfosystems.org Page No : 8
Vision Infosystems (VIS) Interview Questions
Directory Services Restore Mode (DSRM) is a special boot mode. It is used to log on to
the computer when Active Directory has failed or needs to be restored.
• Normal : This option backs up the selected files and clears the archive bit if it is set.
• Copy : This option backs up the selected files and does not clear the archive bit.
• Differential : This option backs up only the selected files where the archive bit is set.
It does not clear the archive bit.
• Incremental : This option backs up only the selected files where the archive bit is
set. It clears the archive bit.
• Daily : This option does not use the archive bit. It backs up files with a Modified
timestamp that matches the backup date.
After restoring the database using NTBACKUP utility do not restart the server. Run the
following command to perform authorative restore the entire database:
¾ ntdsutil
¾ auth restore
¾ restore database
¾ quit
¾ Restart the computer.
www.visioninfosystems.org Page No : 9
Vision Infosystems (VIS) Interview Questions
¾ ntdsutil
¾ auth restore
¾ restore object cn=jsmith,ou=Sales,dc=rallencorp,dc=com
¾ quit
¾ ntdsutil
¾ auth restore
¾ restore subtree ou=Sales,dc=rallencorp,dc=com
¾ quit
Run the following command to perform a soft recovery of the transaction log files:
¾ ntdsutil
¾ files
¾ recover
¾ quit
If you continue to experience errors, you may need to run a repair, which does a low level
repair of the database, but can result in loss of data:
¾ ntdsutil
¾ files
¾ repair
¾ quit
If either the recover or repair is successful, you should then check the integrity
¾ ntdsutil
¾ files
¾ integrity
¾ quit
¾ ntdsutil
¾ semantic database analysis
¾ verbose on
¾ go
www.visioninfosystems.org Page No : 10
Vision Infosystems (VIS) Interview Questions
1. Click, Start, click Run, type ntdsutil, and then click OK.
2. At the Ntdsutil command prompt, type set dsrm password.
3. At the DSRM command prompt, type one of the following lines:
To reset the password on the server on which you are working, type reset
password on server <Servername>
3) Which are the default GPO created on a Windows 2003 Domain Controller ?
By default, when Active Directory service is installed, two active directory based GPOs
are created:
• Default Domain Policy : This default GPO is created and link to the domain, and
it affects all users and computers in the domain.
• Default Domain Controllers Policy : This GPO is linked to the Domain
Controllers OU.
Block Policy Inheritance: Blocking of Policy inheritance means to selectively block top
level policy to lower level. Eg. If we want a GPO created at domain level should not be
applied to a particular OU then we have to set Block Policy Inheritance at OU level.
No Override: No override means no one can override this policy. When No Override
option is set none of its policy settings can be overridden by any other GPO during the
processing of group policies. Eg. When a at top level GPO No Override option is set,
then no other GPO at lower level can override it (even if block policy inheritance is set).
www.visioninfosystems.org Page No : 11
Vision Infosystems (VIS) Interview Questions
Assign and publish are the 2 methods of deploying software or application via GPO.
7) what file format are supported for software deployment via GPO
.msi and .zap are the 2 format supported for software deployment under GPO.
GPO linking is a method of linking or applying same policy to multiple OU, site, etc.
GPO templates or settings are stored under sysvol folder on every DC.
Gpedit.msc
To prevent a group policy from applying to user or group, go to properties of GPO and
set the permission deny apply group policy to user or group.
www.visioninfosystems.org Page No : 12
Vision Infosystems (VIS) Interview Questions
No. You cannot apply GPO to a single user or group. All you have to do is to create and
OU and place that user or group in that particular OU and apply GPO to that OU.
No. You cannot apply GPO to a single computer. All you have to do is to create and OU
and place that computer in that particular OU and apply GPO to that OU.
GPMC tool is a group policy management console. This tool is used to manage or
administer Group Policy. With the help of this tool we can create, modify, delete,
backup/restore, etc. policies.
TRUST RELATIONSHIP
If you've determined a trust is broken, you need to reset it, which will allow users to
authenticate across it again.
Trust relationship is a feature which allows one domain to access other domain resources.
Trust relationship is used in multi-domain setup. Trust can be configure in one-way
fashion or two-way fashion.
Trust relationship is a feature which allows one domain to access other domain resources.
www.visioninfosystems.org Page No : 13
Vision Infosystems (VIS) Interview Questions
Trust relationship is a feature which allows one domain to access other domain resources.
Trust relationship is a feature which allows one domain to access other domain resources.
Trust relationship is a feature which allows one domain to access other domain resources.
Trust relationship is a feature which allows one domain to access other domain resources.
Trust relationship is a feature which allows one domain to access other domain resources.
Trust relationship is a feature which allows one domain to access other domain resources.
What is the default replication time between two DC in same site and how to change it
Which service is use for replication between DC in a domain
What is the default time for replication between DC’s in same site or between site
What is queuing policy in Windows 2000
What is garbage collection in Windows 2000
www.visioninfosystems.org Page No : 14
Vision Infosystems (VIS) Interview Questions
Which tool is used to manage a Windows 2000 domain controller from a non-domain
controller like W2k prof., Win 95/98, etc.
What is Global catalog
Types of replication
What is USN
What is the role of Global catalog in Windows 2000 domain environment
Where to place a global catalog in multi-domain and multi-site Windows 2000 forest
What is KCC (Knowledge Consistency Checker)
What is active directory connection
What is repadmin.exe
www.visioninfosystems.org Page No : 15