1. Describe how the DHCP lease is obtained.

It’s a four-step process consisting of (a) IP request, (b) IP offer, (c) IP

selection and (d) acknowledgement.

2. I can’t seem to access the Internet, don’t have any access to the
corporate network and on ipconfig my address is 169.254.*.*.
What happened?
The 169.254.*.* netmask is assigned to Windows machines running
98/2000/XP if the DHCP server is not available. The name for the
technology is APIPA (Automatic Private Internet Protocol Addressing).

3. We’ve installed a new Windows-based DHCP server, however, the

users do not seem to be getting DHCP leases off of it.
The server must be authorized first with the Active Directory.

4. How can you force the client to give up the DHCP lease if you have
access to the client PC?
ipconfig /release

5. What authentication options do Windows 2000 Servers have for

remote clients?
PAP, SPAP, CHAP, MS-CHAP and EAP.

6. What is data link layer in the OSI reference model responsible

for? Data link layer is located above the physical layer, but below
the network layer.
Taking raw data bits and packaging them into frames. The network layer
will be responsible for addressing the frames, while the physical layer is
responsible for retrieving and sending raw data bits.

7. What is binding order?

The order by which the network protocols are used for client-server
communications. The most frequently used protocols should be at the
top.

8. What is LMHOSTS file?

It’s a file stored on a host machine that is used to resolve NetBIOS to
specific IP addresses.

9. What’s the difference between forward lookup and reverse lookup

in DNS?
Forward lookup is name-to-address; the reverse lookup is address-toname.

10. How can you recover a file encrypted using EFS?

Use the domain recovery agent.

11. Explain hidden shares.

Hidden or administrative shares are share names with a dollar sign ($)
appended to their names. Administrative shares are usually created
automatically for the root of each drive letter. They do not display in the
network browse list.

12. How do the permissions work in Windows 2000? What

permissions does folder inherit from the parent?
When you combine NTFS permissions based on users and their group
memberships, the least restrictive permissions take precedence.
However, explicit Deny entries always override Allow entries.

13. Why can’t I encrypt a compressed file on Windows 2000?

You can either compress it or encrypt it, but not both.

14. If I rename an account, what must I do to make sure the renamed

account has the same permissions as the original one?
Nothing, it’s all maintained automatically.

15. What’s the most powerful group on a Windows system?

Administrators.

16. What are the accessibility features in Windows 2000?

Sticky Keys, Filter Keys Narrator, Magnifier, and On-Screen Keyboard.

17. Why can’t I get to the Fax Service Management console?

You can only see it if a fax had been installed.

18. What do I need to ensure before deploying an application via a

Group Policy?
Make sure it’s either an MSI file, or contains a ZAP file for Group Policy.

19. How do you configure mandatory profiles?

Rename ntuser.dat to ntuser.man

20. I can’t get multiple displays to work in Windows 2000.

Multiple displays have to use peripheral connection interface (PCI) or
Accelerated Graphics Port (AGP) port devices to work properly with
Windows 2000.

21. What’s a maximum number of processors Win2k supports?

2

22. I had some NTFS volumes under my Windows NT installation.

What happened to NTFS after Win 2k installation?
It got upgraded to NTFS 5.

23. How do you convert a drive from FAT/FAT32 to NTFS from the
command line?
convert c: /fs:ntfs

24. How does Internet Connection Sharing work on Windows 2000?

Internet Connection Sharing (ICS) uses the DHCP Allocator service to
assign dynamic IP addresses to clients on the LAN within the range of
192.168.0.2 through 192.168.0.254. In addition, the DNS Proxy service
becomes enabled when you implement ICS.\

25. What is Active Directory?

Active Directory is a Meta Data. Active Directory is a data base which
stores a data base like your user information, computer information and
also other network object info. It has capabilities to manage and
administer the complete Network which connect with AD.
Active Directory service is an extensible and scalable directory service
that enables you to manage network resources efficiently.
Active Directory is directory service that stores information about objects
on a network and makes this information available to users and network
administrators.
Active Directory gives network users access to permitted resources
anywhere on the network using a single logon process. It provides
network administrators with an intuitive, hierarchical view of the network
and a single point of administration for all network objects.Active
directory is a domain controller which is use to authenticate and
administrate the group of computer, user, server etc. remotely. All the
policies and security will be applicable on the client machine which one is
join the domain. And all this policies and security is defined in active
directory.

26. What is the Global Catalog?

Global Catalog is a server which maintains the information about multiple
domains with trust relationship agreement. The global catalog is a
distributed data repository that contains a searchable, partial
representation of every object in every domain in a multidomain Active
Directory forest. The global catalog is stored on domain controllers that
have been designated as global catalog servers and is distributed through
multimaster replication. Searches that are directed to the global catalog
are faster because they do not involve referrals to different domain
controllers.

27. What is LDAP?

LDAP (light weight directory access protocol) is an internet protocol which
Email and other services is used to look up information from the server.

28. What is KCC?

KCC (knowledge consistency checker) is used to generate replication
topology for inter site replication and for intrusive replication. Within site
replication traffic are done via remote procedure calls over ip, while
between sites it is done through either RPC or SMTP.

29. Where is the AD database held? What other folders are related to
AD?
The AD data base is store in NTDS.DIT file

30. What is the SYSVOL folder?

The sysVOL folder stores the server’s copy of the domain’s public files.
The contents such as group policy, users etc of the sysvol folder are
replicated to all domain controllers in the domain.

31. What is the ISTG? Who has that role by default?

Windows 2000 Domain controllers each create Active Directory
Replication connection objects representing inbound replication from
intra-site replication partners. For inter-site replication, one domain
controller per site has the responsibility of evaluating the inter-site
replication topology and creating Active Directory Replication Connection
objects for appropriate bridgehead servers within its site. The domain
controller in each site that owns this role is referred to as the Inter-Site
Topology Generator (ISTG).

32. What is REPLMON?

Replmon displays information about Active Directory Replication.
33. What is ADSIEDIT?
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as
a low-level editor for Active Directory. It is a Graphical User Interface
(GUI) tool. Network administrators can use it for common administrative
tasks such as adding, deleting, and moving objects with a directory
service. The attributes for each object can be edited or deleted by using
this tool. ADSIEdit uses the ADSI application programming interfaces
(APIs) to access Active Directory. The following are the required files for
using this tool: ADSIEDIT.DLL ADSIEDIT.MSCNETDOM.

34. What is NETDOM?

NETDOM is a command-line tool that allows management of Windows
domains and trust relationships. It is used for batch management of
trusts, joining computers to domains, verifying trusts, and secure
channels.

35. What is REPADMIN?

This command-line tool assists administrators in diagnosing replication
problems between Windows domain controllers. Administrators can use
Repadmin to view the replication topology (sometimes referred to as
RepsFrom and RepsTo) as seen from the perspective of each domain
controller. In addition, Repadmin can be used to manually create the
replication topology (although in normal practice this should not be
necessary), to force replication events between domain controllers, and
to view both the replication metadata and up-to-datedness vectors.

36. How to take the backup of AD?

For taking backup of active directory you have to do this : first go to
START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP
when the backup screen is flash then take the backup of SYSTEM STATE
it will take the backup of all the necessary information about the system
including AD backup , DNS ETC.

37. How to restore the AD?

For this do the same as above in the question 36 but in place of backup
you select the restore option and restore the system state.

38. What are the DS* commands?

You really are spoilt for choice when it comes to scripting tools for
creating Active Directory objects. In addition to CSVDE, LDIFDE and
VBScript, we now have the following DS commands: the da family built in
utility DSmod - modify Active Directory attributesDSrm - to delete Active
Directory objectsDSmove - to relocate objectsDSadd - create new
accountsDSquery - to find objects that match your query attributesDSget
- list the properties of an object

39. What’s the difference between LDIFDE and CSVDE? Usage

considerations?
CSVDE is a command that can be used to import and export objects to
and from the AD into a CSV-formatted file. A CSV (Comma Separated
Value) file is a file easily readable in Excel. I will not go to length into this
powerful command, but I will show you some basic samples of how to
import a large number of users into your AD. Of course, as with the
DSADD command, CSVDE can do more than just import users. Consult
your help file for more info.
Like CSVDE, LDIFDE is a command that can be used to import and export
objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data
Interchange Format) file is a file easily readable in any text editor;
however it is not readable in programs like Excel. The major difference
between CSVDE and LDIFDE (besides the file format) is the fact that
LDIFDE can be used to edit and delete existing AD objects (not just
users), while CSVDE can only import and export objects.

40. What is tombstone lifetime attribute?

The number of days before a deleted object is removed from the directory
services. This assists in removing objects from replicated servers and
preventing restores from reintroducing a deleted object. This value is in
the Directory Service object in the configuration NIC.

41. What are the requirements for installing AD on a new server?

1)The Domain structure
2)The Domain Name
3)storage location of the database and log file
4)Location of the shared system volume folder
5)DNS config Method
6)DNS configuration

42. What are application partitions? When do I use them?

AN application directory partition is a directory partition that is replicated
only to specific domain controller. Only domain controller running
windows Server 2003 can host a replica of application directory partition.
Using an application directory partition provides redundany, availabiltiy or
fault tolerance by replicating data to specific domain controller pr any set
of domain controllers anywhere in the forest.

43. You want to standardize the desktop environments (wallpaper,

My Documents, Start menu, printers etc.) on the computers in one
department. How would you do that? How it is possible?
Login on client as Domain Admin user change whatever you need add
printers etc go to system-User profiles copy this user profile to any
location by select Everyone in permitted to use after copy change
ntuser.dat to ntuser.man and assign this path under user profile

44. How do you create a new application partition?

Use the DnsCmd command to create an application directory partition. To
do this, use the following syntax: DnsCmd Server
Name /CreateDirectoryPartition FQDN of partition Global catalog provide a
central repository of domain information for the forest by storing partial
replicas of all domain directory partitions. These partial replicas are
distributed by multimaster replication to all global catalog servers in a
forest. It’s also used in universal global membership.

45. How do you view all the GCs in the forest?

C:\>repadmin /showreps <domain_controller> where domain_controller
is the DC you want to query to determine whether it’s a GC. The output
will include the text DSA Options: IS_GC if the DC is a GC. . . .

46. Trying to look at the Schema, how can I do that?

Type “adsiedit.msc” in run or command prompt

47. Can you connect Active Directory to other 3rd-party Directory

Services?
Name a few options. Yes, you can use dirXML or LDAP to connect to
other directories In Novell you can use E-directory

48. What is Page File and Virtual Memory?

Page File Is Storage Space For The Virtual Memory, Page File Uses Hard
Disk Space As a Memory To Provide Memory Allocation...

49. What is the difference between DNS in Windows 2000 & Windows
2003 Server?
We can rename or moved the domain name without rebuilding in
windows 2003 server, but in windows 2000 server, we can't do that.

50. Shadow copy feature available in windows2003 server but not in

windows2000 server.
A new tool to recover files. There are 220 new group polices are added in
windows2003 server over windows2000 server. In windows2000 server
support maximum 10 user’s access shared folders at a time through
network, but windows2003 server no limitation. Windows 2003 server
includes IIS in it.

51. How do you double-boot a Win 2003 server box?

The Boot.ini file is set as read-only, system, and hidden to prevent
unwanted editing. To change the Boot.ini timeout and default settings,
use the System option in Control Panel from the advanced tab and select
Startup.

52. What do you do if earlier application doesn’t run on Windows

Server 2003?
When an application that ran on an earlier legacy version of Windows
cannot be loaded during the setup function or if it later malfunctions, you
must run the compatibility mode function. This is accomplished by rightclicking
the application or setup program and selecting Properties –>
Compatibility –> selecting the previously supported operating system.

53. If you uninstall Windows Server 2003, which operating systems

can you revert to?
Win ME, Win 98, 2000, XP. Note, however, that you cannot upgrade from
ME and 98 to Windows Server 2003.

54. How do you get to Internet Firewall settings?

Start –> Control Panel –> Network and Internet Connections –> Network
Connections.

55. Where are the Windows NT Primary Domain Controller (PDC) and
its Backup Domain Controller (BDC) in Server 2003?
The Active Directory replaces them. Now all domain controllers share a
multimaster peer-to-peer read and write relationship that hosts copies of
the Active Directory.

56. How long does it take for security changes to be replicated among
the domain controllers?
Security-related modifications are replicated within a site immediately.
These changes include account and individual user lockout policies,
changes to password policies, changes to computer account passwords,
and modifications to the Local Security Authority (LSA).

57. What’s new in Windows Server 2003 regarding the DNS

management?
When DC promotion occurs with an existing forest, the Active Directory
Installation Wizard contacts an existing DC to update the directory and
replicate from the DC the required portions of the directory. If the wizard
fails to locate a DC, it performs debugging and reports what caused the
failure and how to fix the problem. In order to be located on a network,
every DC must register in DNS DC locator DNS records. The Active
Directory Installation Wizard verifies a proper configuration of the DNS
infrastructure. All DNS configuration debugging and reporting activity is
done with the Active Directory Installation Wizard.

58. When should you create a forest?

Organizations that operate on radically different bases may require
separate trees with distinct namespaces. Unique trade or brand names
often give rise to separate DNS identities. Organizations merge or are
acquired and naming continuity is desired. Organizations form
partnerships and joint ventures. While access to common resources is
desired, a separately defined tree can enforce more direct administrative
and security restrictions.

59. How can you authenticate between forests?

Four types of authentication are used across forests: (1) Kerberos and
NTLM network logon for remote access to a server in another forest; (2)
Kerberos and NTLM interactive logon for physical logon outside the user’s
home forest; (3) Kerberos delegation to N-tier application in another
forest; and (4) user principal name (UPN) credentials

60. What snap-in administrative tools are available for Active

Directory? Active Directory Domains and Trusts Manager, Active
Directory Sites and Services Manager, Active Directory Users and Group
Manager, Active Directory Replication (optional, available from the
Resource Kit), Active Directory Schema Manager (optional, available from
adminpak)

61. What types of classes exist in Windows Server 2003 Active

Directory?
Structural class. The structural class is important to the system
administrator in that it is the only type from which new Active Directory
objects are created. Structural classes are developed from either the
modification of an existing structural type or the use of one or more
abstract classes. Abstract class. Abstract classes are so named because
they take the form of templates that actually create other templates
(abstracts) and structural and auxiliary classes. Think of abstract classes
as frameworks for the defining objects. Auxiliary class. The auxiliary class
is a list of attributes. Rather than apply numerous attributes when
creating a structural class, it provides a streamlined alternative by
applying a combination of attributes with a single include action. 88 class.
The 88 class includes object classes defined prior to 1993, when the 1988
X.500 specification was adopted. This type does not use the structural,
abstract, and auxiliary definitions, nor is it in common use for the
development of objects in Windows Server 2003 environments.

62. How do you delete a lingering object?

Windows Server 2003 provides a command called Repadmin that provides
the ability to delete lingering objects in the Active Directory.

63. How is user account security established in Windows Server

2003?
When an account is created, it is given a unique access number known as
a security identifier (SID). Every group to which the user belongs has an
associated SID. The user and related group SIDs together form the user
account’s security token, which determines access levels to objects
throughout the system and network. SIDs from the security token is
mapped to the access control list (ACL) of any object the user attempts to
access.

64. If I delete a user and then create a new account with the same
username and password, would the SID and permissions stay the
same?
No. If you delete a user account and attempt to recreate it with the same
user name and password, the SID will be different.

65. What do you do with secure sign-ones in an organization with

many roaming users?
Credential Management feature of Windows Server 2003 provides a
consistent single sign-on experience for users. This can be useful for
roaming users who move between computer systems. The Credential
Management feature provides a secure store of user credentials that
includes passwords and X.509 certificates.

66. What remote access options does Windows Server 2003 support?
Dial-in, VPN, dial-in with callback.

67. Where are the documents and settings for the roaming profile
stored?
All the documents and environmental settings for the roaming user are
stored locally on the system, and, when the user logs off, all changes to
the locally stored profile are copied to the shared server folder. Therefore,
the first time a roaming user logs on to a new system the logon process
may take some time, depending on how large his profile folder is.

68. Where are the settings for all the users stored on a given
machine?
\Document and Settings\All Users

69. What languages can you use for log-on scripts?

JavaScript, VBScript, DOS batch files (.com, .bat, or even .exe)

70. What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups
for local domain resources. Global groups provide access to resources in
other trusted domains. Universal groups grant access to resources in all
trusted domains.
71. I am trying to create a new universal user group. Why can’t I?
Universal groups are allowed only in native-mode Windows Server 2003
environments. Native mode requires that all domain controllers be
promoted to Windows Server 2003 Active Directory.

72. What is LSDOU?

Its group policy inheritance model, where the policies are applied to Local
machines, Sites, Domains and Organizational Units.

73. Why doesn’t LSDOU work under Windows NT?

If the NTConfig.pol file exists, it has the highest priority among the
numerous policies.

74. Where are group policies stored?

%SystemRoot%System32\Group Policy

75. What are GPT and GPC?

Group policy template and group policy container.

76. Where is GPT stored?

%System Root%\SYSVOL\sysvol\domain name\Policies\GUID

77. You change the group policies, and now the computer and user
settings are in conflict. Which one has the highest priority?
The computer settings take priority.

78. You want to set up remote installation procedure, but do not want
the user to gain access over it. What do you do?
gponame–> User Configuration–> Windows Settings–> Remote
Installation Services–> Choice Options is your friend.

79. What’s contained in administrative template conf.adm?

Microsoft NetMeeting policies

80. How can you restrict running certain applications on a machine?

Via group policy, security settings for the group, then Software
Restriction Policies.

81. You need to automatically install an app, but MSI file is not
available. What do you do?
A .zap text file can be used to add applications using the Software
Installer, rather than the Windows Installer.

82. What’s the difference between Software Installer and Windows

Installer?
The former has fewer privileges and will probably require user
intervention. Plus, it uses .zap files.

83. What can be restricted on Windows Server 2003 that wasn’t there
in previous products?
Group Policy in Windows Server 2003 determines a user’s right to modify
network and dial-up TCP/IP properties. Users may be selectively
restricted from modifying their IP address and other network
configuration parameters.
84. How frequently is the client policy refreshed?
90 minutes give or take.
85. Where is secedit?
It’s now gpupdate.

86. You want to create a new group policy but do not wish to inherit.
Make sure you check Block inheritance.
among the options when creating the policy.

87. What is “tattooing” the Registry?

The user can view and modify user preferences that are not stored in
maintained portions of the Registry. If the group policy is removed or
changed, the user preference will persist in the Registry.

88. How do you fight tattooing in NT/2000 installations?

You can’t.

89. How do you fight tattooing in 2003 installations?

User Configuration - Administrative Templates - System - Group Policy -
enable - Enforce Show Policies Only.

90. What is Super Scope?

A super scope is an administrative feature of DHCP servers running
Windows Server 2003 that you can create and manage through the DHCP
console. Using a super scope, you can group multiple scopes as a single
administrative entity. With this feature, a DHCP server can: Support
DHCP clients on a single physical network segment (such as a single
Ethernet LAN segment) where multiple logical IP networks are used.
When more than one logical IP network is used on each physical subnet
or network, such configurations are often called multinets. Support
remote DHCP clients located on the far side of DHCP and BOOTP relay
agents (where the network on the far side of the relay agent uses
multinets).
91. What is the requirement of DNS?
Each and every system on the network has its individual and unique IP
address but we cannot remember the IP address of all, so we have
assigned a particular name to each Ip address, which is mapped with a
domain name.

92. Why WINS server is required?

Windows Internet Naming Service (WINS) is an older network service (a
protocol) that takes computer names as input and returns the numeric IP
address of the computer with that name or vice versa.

93. What is the role of network administrator?

Setting up and configuring network hardware and software Installing and
configuring network media and connections Connecting user nodes and
peripherals of all.

94. What are the Advantages and Disadvantages of DHCP?

Advantages: All the IP configuration information gets automatically
configured for your client machine by the DHCP server. If you move your
client machine to a different subnet, the client will send out it’s discover
message at boot time and work as usual. However, when you first boot
up there you will not be able to get back the IP address you had at your
previous location regardless of how little time has passed. Disadvantage:
Your machine name does not change when you get a new IP address. The
DNS (Domain Name System) name is associated with your Ipaddress and
therefore does change. This only presents a problem if other clients try to
access your machine by its DNS name.

95. What does IntelliMirror do?

It helps to reconcile desktop settings, applications, and stored files for
users, particularly those who move between workstations or those who
must periodically work offline.

96. What’s the major difference between FAT and NTFS on a local
machine?
FAT and FAT32 provide no security over locally logged-on users. Only
native NTFS provides extensive permission control on both remote and
local files.

97. How do FAT and NTFS differ in approach to user shares?

They don’t, both have support for sharing.

98. Explain the List Folder Contents permission on the folder in NTFS.
Same as Read & Execute, but not inherited by files within a folder.
However, newly created subfolders will inherit this permission.

99. I have a file to which the user has access, but he has no folder
permission to read it. Can he access it?
It is possible for a user to navigate to a file for which he does not have
folder permission. This involves simply knowing the path of the file
object. Even if the user can’t drill down the file/folder tree using My
Computer, he can still gain access to the file using the Universal Naming
Convention (UNC). The best way to start would be to type the full path of
a file into Run… window.

100. For a user in several groups, are Allow permissions restrictive or

permissive?
Permissive, if at least one group has Allow permission for the file/folder,
user will have the same permission.

101. For a user in several groups, are Deny permissions restrictive or

permissive?
Restrictive, if at least one group has Deny permission for the file/folder,
user will be denied access, regardless of other group permissions.

102. What hidden shares exist on Windows Server 2003 installation?

Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

103. What’s the difference between standalone and fault-tolerant DFS

(Distributed File System) installations?
The standalone server stores the Dfs directory tree structure or topology
locally. Thus, if a shared folder is inaccessible or if the Dfs root server is
down, users are left with no link to the shared resources. A fault-tolerant
root node stores the Dfs topology in the Active Directory, which is
replicated to other domain controllers. Thus, redundant root nodes may
include multiple connections to the same data residing in different shared
folders.

104. We’re using the DFS fault-tolerant installation, but cannot access
it from a Win98 box.
Use the UNC path, not client, only 2000 and 2003 clients can access
Server 2003 fault-tolerant shares.

105. Where exactly do fault-tolerant DFS shares store information in

Active Directory?
In Partition Knowledge Table, which is then replicated to other domain
controllers?

106. Can you use Start->Search with DFS shares?

Yes.

107. What problems can you have with DFS installed?

Two users opening the redundant copies of the file at the same time, with
no file-locking involved in DFS, changing the contents and then saving.
Only one file will be propagated through DFS.

108. I run Microsoft Cluster Server and cannot install fault-tolerant

DFS.
Yeah, you can’t. Install a standalone one.

109. Is Kerberos encryption symmetric or asymmetric?

Symmetric.

110. How does Windows 2003 Server try to prevent a middle-man

attack on encrypted line?
Time stamp is attached to the initial client request, encrypted with the
shared key.

111. What hashing algorithms are used in Windows 2003 Server?

RSA Data Security’s Message Digest 5 (MD5) produces a 128-bit hash,
and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash.

112. What third-party certificate exchange protocols are used by

Windows 2003 Server?
Windows Server 2003 uses the industry standard PKCS-10 certificate
request and PKCS-7 certificate response to exchange CA certificates with
third-party certificate authorities.

113. What’s the number of permitted unsuccessful logons on

Administrator account?
Unlimited. Remember, though, that it’s the Administrator account, not
any account that’s part of the Administrators group. \

114. If hashing is one-way function and Windows Server uses hashing

for storing passwords, how is it possible to attack the password
lists, specifically the ones using NTLMv1?
A cracker would launch a dictionary attack by hashing every imaginable
term used for password and then compare the hashes.

115. What’s the difference between guest accounts in Server 2003 and
other editions?
More restrictive in Windows Server 2003.

116. How many passwords by default are remembered when you check
"Enforce Password History Remembered"?
User’s last 6 passwords.

117. What is the difference between domain & workgroup?

Domain consists of server. Domain means a logical group of network.
domain is a centralized security and administration. workgroup means
there is no act as sever on the network.

118. How do you configure Proxy Server in Windows?

To configure proxy server in windows first install the 2 lan cards one for
internet connection and another one for sharing internet connection to
client’s pc. now first configure Internet connection and then give the IP to
2nd lan card for ex. 192.168.0.1

119. How to change in domain name?

This article describes how to change a computer's Domain Name System
(DNS) server or servers from the command line, either locally or
remotely. This operation requires you to use the Regfind.exe tool from
either the Microsoft Windows NT Server Resource

120. How will you backup DNS server?

If you are using Active Directory-integrated DNS, then your DNS
information is stored in Active Directory itself, and you'll need to back up
the entire system state. If not, however, you can back up the zone files
themselves from the c:\windows\system32\DNS directory.

121. What is all the protocol involved in Active Directory Replication?

The administrative tool, "Active Directory Sites and Services", is used to
manage Active Directory replication. Replication data is compressed
before being sent to minimize bandwidth use. There are two protocols
used to replicate AD: Normally Remote Procedure Call (RPC) is used to
replicate data and is always used for intrasite replication since it is
required to support the FRS. RPC depends on IP (internet protocol) for
transport. Simple Mail Transfer Protocol (SMTP) may be used for
replication between sites. SMTP can't replicate the domain partition,
however. Therefore the remote site would need to be in another domain
to be able to effectively use SMTP for carrying replication data.
Bridgehead server - A domain controller that is used to send replication
information to one or more other sites.

122. Difference between SID and GUID?

A security identifier (SID) is a unique value of variable length that is used
to identify a security principal or security group in Windows operating
systems. Well-known SIDs are a group of SIDs that identify generic users
or generic groups. Their values remain constant across all operating
systems.

123. Explain Stub Zone in DNS Server?

Stub zones are similar to secondary zones in that they have a read only
copy of the server that is authorative for a child DNS domain. The
difference is that secondary zones contain a copy of all the A records from
the authorative zone, stub zones contain just three records for each of
the child domains, these are the SOA (Start of Authority) for the primary
zone, the A record and NS record. This means that when a query is sent
to the stub zone it can forward it straight to the correct DNS server as it
knows its details.

124. What is all the Partition available in Active Directory?

Active Directory objects are stored in the Directory Information Tree
(DIT) which is broken into the following partitions: Schema partition -
Defines rules for object creation and modification for all objects in the
forest. Replicated to all domain controllers in the forest. Replicated to all
domain controllers in the forest, it is known as an enterprise partition.
Configuration partition - Information about the forest directory structure
is defined including trees, domains, domain trust relationships, and sites
(TCP/IP subnet group). Replicated to all domain controllers in the forest,
it is known as an enterprise partition. Domain partition - Has complete
information about all domain objects (Objects that are part of the domain
including OUs, groups, users and others). Replicated only to domain
controllers in the same domain. Partial domain directory partition - Has a
list of all objects in the directory with a partial list of attributes for each
object.The DIT holds a subset of Active Directory information and stores
enough information to start and run the Active Directory service.