Question 41 What is Clustering. Briefly define & explain it http://www.petri.co.il/mcse_system_administrator_active_directory_interview_questions.htm http://www.globalguideline.com/interview_questions/Questions.php?

page=9&sc=Windows_Server_2003_Interview_Questions_and_Answers_

Identify Interview Questions

The following are principles to keep in mind when identifying interview questions and developing interview guides:

Identify primary questions for obtaining the necessary information, as well as secondary or probing questions to clarify each primary question. Utilize interviews to obtain information that can not be obtained through other sources or means. Ensure that you have identified the few critical, key questions required to obtain the necessary information. Often interviews are limited in time. Balance the number of questions with the time allotted for the interview. Utilize open-ended questions that encourage an explanation and discuss the key topics rather than simply provide yes or no responses.

Conduct Interviews
Conduct the interview and set the general framework for setting expectations and describing the process for each interview. At least two members should be present at the time of conducting the interview, one individual serving as the main interviewer and the other for the purpose of documenting the discussions. It is important that you have an opening script to stay consistent throughout all interviews. This will ensure a common understanding about the purpose of the interview.

Document Interview Findings

A crucial and last step is to document the interview information. Preferably soon after conducting the interview, recap and document the events. This will capture the interview details and information discussed during the interview. Document notes will be required for review by other parties. Document interview question out comes in the file : Interview 1- Candidate Assessment Form Final.lwp

Interview 1, SSO - Intel, Participants Function Name

HR Representative Interviewer 1 (SME) Interviewer 2 (SME) Satish Appan Murthy/India/IBM Sachin Arora/India/IBM Sharat Dayananda/India/IBM

Company
IBM GS India IBM GS India IBM GS India

Date Questions Created : 22 March 2005

Section 1: Technical Skills Questions

INTEL Active Directory front Questions: Question 1.
What are the five FSMO roles in AD? Answer Infrastructure Master Schema Master Domain Naming Master PDC Emulator RID Master

Question 2.
How many Infrastructure Master roles we can have in a AD Forest? Answer Depends on no. of domains in forest, One infrastructure master per domain

Question 3.
In what sequence Group Policies get applied in AD? Answer local machines -- Sites-- Domain -- OU

Question 4.
What is the difference between Authoritative and non-anthoritive restores? Answer Non-autoritive is used if we are restoring entire domain , autoritive when restoring part of domain (ef OU, users)

Question 5.
What is the impact on user logins if PDC Emulator goes down? Answer impacted. No Impact to Windows 2000, XP users, Users login from 95,98 , NT 4.0 may get

Question 6.
Difference between DC & ADC Answer There is no difference between in DC and ADC both contains write copy of AD. Both can also handles FSMO roles (If transfers from DC to ADC). It is just for identification. Functionality wise there is no difference.

Question 7
what is the database files used for Active Directory Answer NTDS.DIT

Question 8
What is the location of AD Database Answer %System root%/NTDS/NTDS.DIT

Question 9
What is a global catalog Answer Global catalog maintains Indexes about objects. It contains full information of the objects in its own domain and partial information of the objects in other domains in the forest. Universal Group membership information will be stored in global catalog servers and replicate to all GCs in the forest.

Question 10
What is Active Directory and what is the use of it Answer Active directory is a directory service, which maintains the relation ship between resources and enabling them to work together. Because of AD hierarchal structure windows 2000 is more scalable, reliable. Active directory is derived from X.500 standards where information is stored is hierarchal tree like structure. Active directory depends on two Internet standards one is DNS and other is LDAP. Information in Active directory can be queried by using LDAP protocol

Question 11
what is the physical and logical structure of AD Answer Active directory logical components are ForestsTreesDomains Physical components are Domain controller and Sites. Active directory is logically divided into 3 partitions 1.Configuration partition 2. Schema Partition 3. Domain partition 4. Application Partition (only in windows 2003 not available in windows 2000) Out of these Configuration, Schema partitions can be replicated between the domain controllers in the in the entire forest. Where as Domain partition can be replicated between the domain controllers in the same domain

Question 12
what is the role responsible for time synchronization Answer PDC Emulator is responsible for time synchronization. Time synchronization is important because Kerberos authentication depends on time stamp information

Question 13
Answer Brief all the FSMO Roles Domain Naming master and schema master are forest level roles. PDC emulator, Infrastructure master and RID master are Domain level roles; forest root performs all forest wide roles(2) by default. Domain root performs all domain wide roles (3) by default. Later we can transfer the roles Domain Naming Master: Domain naming master is responsible for maintaining the relation ship between the domains. With out this role it is not possible to add or remove any domain. Schema Master: Schema contains set of classes and attributes. eg User, computer, printer are the objects in AD which are having their own set of attributes.. Schema master is responsible for maintaining this schema. Changes to the schema will affect entire forest. PDC Emulator: Server, which is performing this role, acts as a PDC in a mixed mode to synchronize directory information between windows 2000 DC to Windows NT BDC. Server, which is performing this role, will contain latest password information. This role is also responsible for time synchronization in the forest. Infrastructure Master: It is responsible for managing group membership information in the domain. This role is responsible for updating DN when name or location of the object is modified. RID Master: Server, which is performing this role, will provide pool of RID to other domain controllers in the domain. SID is the combination of SID and RID SID=SID+RID where SID is Security identifier common for all objects in the domain and RID is relative identifier unique for each object

Question 14
How to manually configure FSMO Roles to separate DCs Answer We can configure manually by two ways Through MMC We can configure Domain Naming Master role through Active directory domains and trusts We can configure Schema Master role through Active Directory schema Other Three roles we can configure by Active directory users and computers Through command promt By using command NTDSUTILtype ROLEStype CONNECTIONSCONNECT TO SERVER SERVERNAME where server name is the name of the domain controller that you want to assign role---- Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax is transfer pdc, not transfer pdc emulator.

Question 15
what is Active Directory De-fragmentation

Answer De-fragmentation of AD means separating used space and empty space created by deleted objects and reduces directory size (only in offline De-fragmentation)

Question 16
Difference between online and offline de-fragmentation Answer Online De-fragmentation will be performed by garbage collection process, which runs for every 12 hours by default which separate used space and white space (white space is the space created because of object deletion in AD eg User) and improves the efficiency of AD when the domain controller up and running Offline defragmentation can be done manually by taking domain controller into Restoration mode. We can only reduce the file size of directory database where as the efficiency will be same as in online defragmentation

Question 17
What is tombstone period Answer Tombstones are nothing but objects marked for deletion. After deleting an object in AD the objects will not be deleted permanently. It will be remain 60 days by default (which can be configurable) it adds an entry as marked for deletion on the object and replicates to all DCs. After 60 days object will be deleted permanently from all Dcs.

Question 18
What are the different types of partitions present in AD Answer Active directory is divided into three partitions Configuration Partitionreplicates entire forest Schema Partitionreplicates entire forest Domain Partitionreplicate only in domain Application Partition (Only in Windows 2003)

Question 19
What are the (two) services required for replication Answer File Replication Service (FRS) Knowledge Consistency Checker (KCC)

Question 20
What is the use of SYSVOL folder Answer SYSVOL folder is the shared folder used by AD to pass Group policies.

Section 1: Technical Skills Questions (Continued)

INTEL OS Side Questions: Question 1.
Can you Install Terminal Server Licensing Service on a Domain Controller? Answer server. No, You cannot. It can only be installed on a member server or a workgroup

Question 2.
Apart from performing all of the functionality of a Windows NT 4.0 server, what else can a PDC emulator be used for? Answer It can also be used to synchronize time in an enterprise.

Question 3.
List the 6 steps that from powering on a server to the logon screen display of a windows 2000/2003 server? Answer POST - Power on self test NTLDR load Kernel Load Kernel Initialize Services Load User Logon

Question 4.
Can I use Network Load Balancing and Server Clusters on the Same Set of Servers? Answer No, server clusters and Network load Balancing are not supported on the same set of machines.

Question 5.
List at least 3 switches for the Boot.INI file? Answer /SOS /FASTDETECT /BOOTLOG

Question 6.
1. Difference between NT & 2000? Answer NT SAM database is a flat database. Where as in windows 2000 active directory database is a hierarchical database. In windows NT only PDC is having writable copy of SAM database but the BDC is only read only database. In case of Windows 2000 both DC and ADC is having write copy of the database Windows NT will not support FAT32 file system. Windows 2000 supports FAT32 Default authentication protocol in NT is NTLM (NT LAN manager). In windows 2000 default authentication protocol is Kerberos V5. Windows 2000 depends and Integrated with DNS. NT user Netbios names Active Directory can be backed up easily with System state data NT has system Policies 2000 has group policies

Question 7.
Difference between 2000 & 2003 Answer Application Server mode is introduced in windows 2003 Domain name and Domain controller name can be changed in 2003 which is not possible in 2000 Cross forest (Kerberos) trust is possible in 2003 which is not possible in 2000 Possible to configure stub zones in windows 2003 DNS Volume shadow copy services is introduced Windows 2003 gives an option to replicate DNS data b/w all DNS servers in forest or All DNS servers in the domain.

Question 8.
Difference between FAT,NTFS & NTFSVersion5 Answer NTFS Version 5 features Encryption is possible We can enable Disk Quotas File compression is possible Sparse files Indexing Service NTFS change journal In FAT file system we can apply only share level security. File level protection is not possible. In NTFS we can apply both share level as well as file level security NTFS supports large partition sizes than FAT file systems NTFS supports long file names than FAT file systems NTFS has better performance then FAT

Question 9.
What is the authentication protocol used in NT Answer NTLM (NT LAN Manager)

Question 10.
what is the use of terminal services Answer Terminal services can be used as Remote Administration mode to administer remotely as well as Application Server Mode to run the application in one server and users can login to that server to user that application.

Question 11.
what is the protocol used for terminal services Answer RDP

Question 12.
what is the port number for RDP Answer 3389

Question 13.
What is the process of user authentication (Kerberos V5) in windows 2000 Answer After giving logon credentials an encryption key will be generated which is used to encrypt the time stamp of the client machine. User name and encrypted timestamp information will be provided to domain controller for authentication. Then Domain controller based on the password information stored in AD for that user it decrypts the encrypted time stamp information. If produces time stamp matches to its time stamp. It will provide logon session key and Ticket granting ticket to client in an encryption format. Again client decrypts and if produced time stamp information is matching then it will use logon session key to logon to the domain. Ticket granting ticket will be used to generate service granting ticket when accessing network resources

Question 14
what are the port numbers for Kerberos, LDAP and Global catalog Answer Kerberos 88, LDAP 389, Global Catalog 3268

Question 15
what is the use of LDAP (X.500 standard?) Answer LDAP is a Light weight directory access protocol, which is used to exchange directory information from server to clients or from server to servers

Question 16
what is DFS & its usage Answer DFS is a distributed file system used to provide common environment for users to access files and folders even when they are shared in different servers physically. There are two types of DFS domain DFS and Stand alone DFS. We cannot provide redundancy for stand alone DFS in case of failure. Domain DFS is used in a domain environment which can be accessed by /domain name/root1 (root 1 is DFS root name). Stand alone DFS can be used in workgroup environment which can be accessed through /server name/root1 (root 1 is DFS root name). Both the cases we need to create

DFS root ( Which appears like a shared folder for end users) and DFS links ( A logical link which is pointing to the server where the folder is physically shared) The maximum number of Dfs roots per server is 1. The maximum numbers of Dfs root replicas are 31. The maximum number of Dfs roots per domain is unlimited. The maximum number of Dfs links or shared folders in a Dfs root is 5000it is is a domain root and 30000 if it is a standalone root in windows 2000 The maximum number of Dfs links or shared folders in a Dfs root is 5,000 for domainbased DFS and 50,000 links for stand-alone DFS in 2003.

Question 17
what is RIS and what are its requirements Answer RIS is a remote installation service, which is used to install operation system remotely. Client requirements PXE DHCP-based boot ROM version 1.00 or later NIC, or a network adapter that is supported by the RIS boot disk. Should meet minimum operating system requirements Software Requirements Below network services must be active on RIS server or any server in the network Domain Name System (DNS Service) Dynamic Host Configuration Protocol (DHCP) Active directory Directory service

Question 18
How many root replicas can be created in DFS Answer 31

Question 19
Can we establish trust relationship between two forests Answer In Windows 2000 it is not possible. In Windows 2003 it is possible

Question 20
Is it possible to rename the Domain name? Answer In Windows 2000 it is not possible. In windows 2003 it is possible.

Question 21
What is a Stub zone and what is the use of it. Answer Stub zones are a new feature of DNS in Windows Server 2003 that can be used to
streamline name resolution, especially in a split namespace scenario. They also help reduce the amount of DNS traffic on your network, making DNS more efficient especially over slow WAN links.

Question 22
What is Domain Policy, Domain controller policy, Local policy and Group policy

Answer Domain Policy will apply to all computers, users in the domain, because by default it will be associated with domain GPO, Where as Domain controller policy will be applied only on domain controller. By default domain controller security policy will be associated with domain controller GPO. Local policy will be applied to that particular machine only and effects to that computer only.

Question 23
What is folder redirection? Answer Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate folder object, an administrator can designate which folders to redirect and where To do this, the administrator needs to navigate to the following location in the Group Policy Object: User Configuration\Windows Settings\Folder Redirection In the Properties of the folder, you can choose Basic or Advanced folder redirection, and you can designate the server file system path to which the folder should be redirected. The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies.

Question 24
Is it possible to do implicit transitive forest to forest trust relation ship in windows 2003? Answer Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit trust Two-way trust One-way: incoming One-way: Outgoing

Question 25
What is universal group membership cache in windows 2003. Answer Information is stored locally once this option is enabled and a user attempts to log on for the first time. The domain controller obtains the universal group membership for that user from a global catalog. Once the universal group membership information is obtained, it is cached on the domain controller for that site indefinitely and is periodically refreshed. The next time that user attempts to log on, the authenticating domain controller running Windows Server 2003 will obtain the universal group membership information from its local cache without the need to contact a global catalog. By default, the universal group membership information contained in the cache of each domain controller will be refreshed every 8 hours.

Question 26
GPMC & RSOP in windows 2003? Answer GPMC is tool which will be used for managing group policies and will display information like how many policies applied, on which OUs the policies applied, What

are the settings enabled in each policy, Who are the users effecting by these polices, who is managing these policies. GPMC will display all the above information. RSoP provides details about all policy settings that are configured by an Administrator, including Administrative Templates, Folder Redirection, Internet Explorer Maintenance, Security Settings, Scripts, and Group Policy Software Installation. When policies are applied on multiple levels (for example, site, domain, domain controller, and organizational unit), the results can conflict. RSoP can help you determine a set of applied policies and their precedence (the order in which policies are applied).

Question 27
What is DNS & WINS Answer DNS is a Domain Naming System, which resolves Host names to IP addresses. It uses fully qualified domain names. DNS is a Internet standard used to resolve host names WINS is a Windows Internet Name Service, which resolves Netbios names to IP Address. This is proprietary for Windows

Question 28
Types of DNS Servers Answer Standard Primary DNS Secondary DNS Active Directory Integrated DNS Forwarder Caching only DNS Root hint server

Question 29
If DHCP is not available what happens to the client Answer Client will not get IP and it cannot be participated in network . If client already got the IP and having lease duration it use the IP till the lease duration expires.

Question 30
what is the process of DHCP for getting the IP address to the client Answer There is a four way negotiation process b/w client and server DHCP Discover (Initiated by client) DHCP Offer (Initiated by server) DHCP Request (Initiated by client) DHCP Acknowledgement (Initiated by Server) DHCP Negative Acknowledgement (Initiated by server if any issues after DHCP offer)

Question 31
Difference between FAT,NTFS & NTFSVersion5 Answer NTFS Version 5 features

Encryption is possible We can enable Disk Quotas File compression is possible Sparse files Indexing Service NTFS change journal In FAT file system we can apply only share level security. File level protection is not possible. In NTFS we can apply both share level as well as file level security NTFS supports large partition sizes than FAT file systems NTFS supports long file names than FAT file systems.

Question 32
What are the port numbers for FTP, Telnet, HTTP, DNS Answer FTP-21, Telnet 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389

Question 33
what are the different types of profiles in 2000 Answer Local Profiles Roaming profiles Mandatory Profiles

Question 34
What are the different backup strategies are available Answer Normal Backup Incremental Backup Differential Backup Daily Backup Copy Backup

Question 35
what are the problems that are generally come across DHCP Answer Scope is full with IP addresses no IPs available for new machines If scope options are not configured properly eg default gateway Incorrect creation of scopes etc.

Question 36
what is TTL & how to set TTL time in DNS Answer TTL is Time to Live setting used for the amount of time that the record should remain in cache when name resolution happened. We can set TTL in SOA (start of authority record) of DNS

Question 37
How to take DNS and WINS,DHCP backup Answer %System root%/system32/dns

%System root%/system32/WINS %System root%/system32/DHCP

Question 38
What is recovery console Answer Recovery console is a utility used to recover the system when it is not booting properly or not at all booting. We can perform fallowing operations from recovery console We can copy, rename, or replace operating system files and folders Enable or disable service or device startup the next time that start computer Repair the file system boot sector or the Master Boot Record Create and format partitions on drives

Question 39
What is the difference between authoritative and non-authoritative restore Answer In authoritative restore, Objects that are restored will be replicated to all domain controllers in the domain. This can be used specifically when the entire OU is disturbed in all domain controllers or specifically restore a single object, which is disturbed in all DCs In non-authoritative restore, Restored directory information will be updated by other domain controllers based on the latest modification time.

Question 40
What is tombstone period Answer Tombstones are nothing but objects marked for deletion. After deleting an object in AD the objects will not be deleted permanently. It will be remain 60 days by default (which can be configurable) it adds an entry as marked for deletion on the object and replicates to all DCs. After 60 days object will be deleted permanently from all Dcs.

Question 41
What is Clustering. Briefly define & explain it Answer Clustering is a technology, which is used to provide High Availability for mission critical applications. We can configure cluster by installing MCS (Microsoft cluster service) component from Add remove programs, which can only available in Enterprise Edition and Data center edition. In Windows we can configure two types of clusters NLB (network load balancing) cluster for balancing load between servers. This cluster will not provide any high availability. Usually preferable at edge servers like web or proxy.

Server Cluster: This provides High availability by configuring active-active or activepassive cluster. In 2 node active-passive cluster one node will be active and one node will be stand by. When active server fails the application will FAILOVER to stand by server automatically. When the original server backs we need to FAILBACK the application Quorum: A shared storage need to provide for all servers which keeps information about clustered application and session state and is useful in FAILOVER situation. This is very important if Quorum disk fails entire cluster will fails Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to identify the status of other servers in cluster.

Question 42
What is SOA Record Answer SOA is a Start Of Authority record, which is a first record in DNS, which controls the startup behavior of DNS. We can configure TTL, refresh, and retry intervals in this record.

Question 43
Can we use a Linux DNS Sever in 2000 Domain Answer We can use, But the BIND version should be 8 or greater

Question 44
What are the different levels that we can apply Group Policy Answer We can apply group policy at SITE level---Domain Level---OU level

Question 45
What is folder redirection? Answer Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate folder object, an administrator can designate which folders to redirect and where To do this, the administrator needs to navigate to the following location in the Group Policy Object: User Configuration\Windows Settings\Folder Redirection In the Properties of the folder, you can choose Basic or Advanced folder redirection, and you can designate the server file system path to which the folder should be redirected. The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies.

Section 2: Non-Technical Questions

Question 1 - Communication skills (verbal and written)
Q1.1 What do you consider good communication to be? Please describe a situation where your communication skills were used? Q1.2. Think of an occasion where you thought you were right, but after discussing with your colleagues realised there was another way to achieve the same result. (Active listening, Teaming) Q1.3 We sometimes make decisions that not everyone agrees with. Describe a situation where you had to make a decision that was not popular with your team? How did you communicate the decision to them? (Demonstrates Leadership and negotiation skills)

Question 2 - Client focus, problem solving and troubleshooting skills

Q2.1 What types of complex problems have you been asked to solve? Describe the steps you followed? Q2.2 Please give an example of where you followed all available documentation and process, but were still unable to solve the problem. What did you do? Q2.3 Describe an occasion when a Client was not satisfied with the service provided? How did you respond, and what was done to ultimately satisfy the Client.

Question 3 - Teaming skills and self-proactive

Q3.1 Why is it important to collaborate with your colleagues? How do you go about it? Q3.2 What situations have you encountered where you have had to make a major compromise or personal sacrifice? (Demonstrates Flexibility and Adaptability) Q3.3 What are the key strengths or skills you would bring to this role? (Demonstrates Strengths, limitations and training needs) Q3.4 What kind of environment do you require at work to be successful? (Demonstrates Initiative, autonomy and independence) Q3.5 Describe a project or activity that you have been involved with, where you had some autonomy in the full lifecycle of that activity: i.e.. Planning and Execution. (Demonstrates planning/organisational skills)

Section 2: Non-Technical Questions (Continued)

Question 4 - Documentation skills
Q4.1 What role does documentation play in the job that you perform? Q4.2 What if the documentation available to you to perform your role is non-existent or it exists but is very inaccurate? (Demonstrates commitment and accountability)

Question 5 - General
Q5.1 Talk me through a difficult decision you had to make, that was in opposition to the views of your immediate team. (Demonstrates Decision Making/Judgement) Q5.2 What was your biggest disappointment at school/university/career? How did you cope? (Tolerance/Stress/Emotional Resilience) Q5.3 What personal career aims do you have which you think this job will satisfy? (Achievement Orientation)