Technical Interview Questions For System Admin Network Admin

TECHNICAL INTERVIEW QUESTIONS FOR SYSTEM ADMIN
1 | Technical Interview Questions for System/Network Administrator By-VIJayK
Networking
What is an IP address?
DEF1 Every machine on a network has a unique identifying number, called an IP Address. DEF2 Every device connected to the public Internet is assigned a unique number known as an Internet Protocol (IP) address. IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look something like 127.0.0.1. Since these numbers are usually assigned to internet service providers within region-based blocks, an IP address can often be used to identify the region or country from which a computer is connecting to the Internet. An IP address can sometimes be used to show the user's general location. Because the numbers may be tedious to deal with, an IP address may also be assigned to a Host name, which is sometimes easier to remember. Hostnames may be looked up to find IP addresses, and viceversa. At one time ISPs issued one IP address to each user. These are called static IP addresses. Because there is a limited number of IP addresses and with increased usage of the internet ISPs now issue IP addresses in a dynamic fashion out of a pool of IP addresses (Using DHCP). These are referred to as dynamic IP addresses. This also limits the ability of the user to host websites, mail servers, ftp servers, etc. In addition to users connecting to the internet, with virtual hosting, a single machine can act like multiple machines (with multiple domain names and IP addresses).
What is a subnet mask?

DEF1 an IP address has two components, the network address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>). It is called a subnet mask because it is used to identify network address of an IP address by performing bitwise AND operation on the netmask. A Subnet mask is a 32-bit number that masks an IP address, and divides the IP address into network address and host address. Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses are reserved for special purpose. The "0" address is assigned a network address and "255" is assigned to a broadcast address, and they cannot be assigned to a host. DEF2 A subnet mask defines the part of an IP address that is the network ID and the part of an IP address that is the host ID. A subnet mask is composed of four octets, similar to an IP address. In simple IP networks, the subnet mask defines full octets as part of the network ID and host ID. A 255 represents an octet that is the part of the network ID, and 0 represents an octet that is part of the host ID. In complex IP networks, octets can be subdivided.
What is ARP?
ARP stands for Address Resolution Protocol and was touched on in the previous question as a means of resolving a IP address to an actual physical network card address. All network cards have a unique 48 bit address, that is written as six hexadecimal pairs, e.g. 00-A0-247A-01-48, and this address is hard coded into the network card. You can view your network cards hardware address by typing In CMD Ipconfig /all
What is ARP Cache Poisoning?

ARP stands for Address Resolution Protocol. Every computer in a LAN has 2 identifiers: IP and MAC address. IP is either entered by the user or dynamically allocated by a server. But the MAC address is unique for any Ethernet card. For example, if you have 2 Ethernet cards, one for wired and the other for Wi-Fi, you have 2 MAC addresses on your machine. The MAC address is a hardware code for your Ethernet card. Now, ARP is the protocol that matches every IP with a certain MAC address in ARP table that is saved on your switch in your LAN. ARP cache poisoning is changing this ARP table on the switch. For Normal case, when a machine tries to connect to another machine. The first machine goes to the ARP table with the other machine IP, the ARP table provides the MAC address for the other machine and the communication starts. But if someone plays with the table, the first machine goes with the IP and the ARP table will provide a faulty MAC address to a 3rd machine who wants to intrude through your communication.
What is the ANDing process?

DEF1 In order to determine whether a destination host is local or remote, a computer will perform a simple mathematical computation referred to as an AND operation. While the sending host does this operation internally, understanding what takes place is the key to understanding how an IP-based system knows whether to send packets directly to a host or to a router. DEF2 Notice that when the resulting AND values are converted back to binary, it becomes clear that the two hosts around different networks. Computer A is on subnet 192.168.56.0, while the destination host is on subnet 192.168.64.0, which means that Computer a will next be sending the data to a router. Without ANDing, determining local and remote host scan is difficult. Once youre very familiar with Subnetting and calculating ranges of addresses, recognizing local and remote hosts will become much more intuitive. Whenever youre in doubt as to whether hosts are local or remote, use the ANDing process. You should also notice that the ANDing process always produces the subnet ID of a given host.
What is a default gateway? What happens if I don't have one?

A gateway is a routing device that knows how to pass traffic between different subnets and networks. A computer will know some routes (a route is the address of each node a packet must go through on the Internet to reach a specific destination), but not the routes to every address on the Internet. It wont even know all the routes on the nearest subnets. A gateway will not have this information either, but will at least know the addresses of other gateways it can hand the traffic off to. Your default gateway is on the same subnet as your computer, and is the gateway your computer relies on when it doesnt know how to route traffic. The default gateway is typically very similar to your IP address, in that many of the numbers may be the same. However, the default gateway is not your IP address. CON A Default gateway is a node (a router) on a TCP/IP Network that serves as an access point to another network. a default gateway is used by a host when the IP packet destination address belongs to someplace outside the local subnet.
Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?
If we are using public IP address, we can browse the internet. If it is having an intranet address a gateway is needed as a router or firewall to communicate with internet. CON Without default gateway you cannot browse internet. It doesnt matter if you are on public or private network. Default Gateway is required to route your IP packets from your network to the other networks.
What is a subnet?
(SUBNET work) A logical division of a local area network which is created to improve performance and provide security. To enhance performance, subnets limit the number of nodes that compete for available bandwidth. Instead of one network handling all the traffic, the network is divided into groups of clients and servers that interact with each other most of the time. For security, the subnet divisions can be based on servers that have restricted applications. Routers are bridges are used to traverse network segments. In an IP network, the subnet is identified by a subnet mask
What is APIPA?
(Automatic Private IP Addressing) The Windows function that provides DHCP auto configuration addressing APIPA assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client when a DHCP server is either permanently or temporarily unavailable. Designed for small non-routable networks, if a DHCP server becomes available later, the APIPA address is replaced with one from the
DHCP server. For example, when a Windows Vista machine starts up, it waits only six seconds to find a DHCP server before assigning an IP from the APIPA range. It then continues to look for a DHCP server. Previous versions of Windows looked for a DHCP server for up to three minutes And the IPCONFIG utility reports the IP as an "Auto configuration IP address." See IPCONFIG.
What is an RFC Name a few if possible not necessarily the numbers just the idea behind them?
DEF A Request for Comments (RFC) document defines a protocol or policy used on the Internet. An RFC can be submitted by anyone. Eventually, if it gains enough interest, it may evolve into an Internet Standard Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an original RFC are assigned a new RFC number. 821 - Simple Mail Transfer Protocol 822 - Standard for the format of ARPA Internet text messages 974 - Mail routing and the domain system 1035 - Domain names - implementation and specification 1123 - Requirements for Internet hosts - application and support 1321 - The MD5 Message-Digest Algorithm
What is RFC 1918?

RFC 1918 is Address Allocation for Private Internets The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) We will refer to the first block as "24-bit block", the second as "20-bit block", and to the third as "16-bit" block. Note that (in pre-CIDR notation) the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and third block is a set of 256 contiguous class C network numbers.
What is CIDR?
DEF1 CIDR is a new addressing scheme for the Internet which allows for more efficient allocation of IP addresses than the old Class A, B, and C address scheme DEF2 (Classless Inter-Domain Routing) An expansion of the IP addressing system that allows for a more efficient and appropriate allocation of addresses. The original class-based method used fixed fields for network IDs, which was wasteful. For example, Class A and B networks can address 16 million and 65 thousand hosts respectively, and most organizations given those addresses never had intentions of putting that many computers on the Internet (see IP address for more details). From Fixed to Variable
CIDR changed the fixed fields into variable-length fields, allowing addresses to be assigned with finer granularity. The CIDR IP address includes a number that tells how the address is split between networks and hosts. For example, in the CIDR address 204.12.01.42/18 the /18 indicates that the first 18 bits are used for network ID and the remaining 14 (there are 32 bits in the IP address) are used for host ID (see super netting). Routing Is More Manageable Blocks of CIDR addresses have been given to ISPs, who in turn disseminate them to their customers, which may be end users or smaller ISPs. CIDR reduces the burden on Internet routers by aggregating routes so that one IP address represents all the thousands of customers serviced by a single ISP. All packets sent to any of those customer addresses are routed via the one IP address, requiring only one entry in the routing table. In 1990, there were about 2,000 routes on the Internet. By 1995, there were more than 30,000. Without CIDR, the routers on the Internet backbone would not have been able to support the increasing number of Internet hosts. See private IP address. CIDR Prefixes The following table shows the number of hosts allotted to each CIDR block. Note that the CIDR number /13, /14, etc. is called the CIDR "prefix" even though it is written at the end of the IP address. It is called the prefix because it represents the number of bits in the network ID, and the network ID is the "first" part of the IP address. CIDR Number of Prefix Hosts /13 /14 /15 /16 /17 /18 /19 /20 /21 /22 /23 /24 /25 /26 /27 524,288 262,144 131,072 65,536 32,768 16,384 8,192 4,096 2,048 1,024 512 256 128 64 32
Why Do We Need CIDR?

With a new network being connected to the Internet every 30 minutes the Internet was faced with two critical problems: Running out of IP addresses Running out of capacity in the global routing tables
Running out of IP Addresses There is a maximum number of networks and hosts that can be assigned unique addresses using the Internet's 32-bit long addresses. Traditionally, the Internet assigned "classes" of addresses: Class A, Class B and Class C were the most common. Each address had two parts: one part to identify a unique network and the second part to identify a unique host in that network. Another way the old Class A, B, and C addresses were identified was by looking at the first 8 bits of the address and converting it to its decimal equivalent. Address Class Class A Class B Class C # Network Bits 8 bits 16 bits 24 bits # Hosts Bits 24 bits 16 bits 8 bits Decimal Address Range 1-126 128-191 192-223
Using the old Class A, B, and C addressing scheme the Internet could support the following: 126 Class A networks that could include up to 16,777,214 hosts each Plus 65,000 Class B networks that could include up to 65,534 hosts each Plus over 2 million Class C networks that could include up to 254 hosts each
(Some addresses are reserved for broadcast messages, etc.). Because Internet addresses were generally only assigned in these three sizes, there was a lot of wasted addresses. For example, if you needed 100 addresses you would be assigned the smallest address (Class C), but that still meant 154 unused addresses. The overall result was that while the Internet was running out of unassigned addresses, only 3% of the assigned addresses were actually being used. CIDR was developed to be a much more efficient method of assigning addresses. Global Routing Tables at Capacity A related problem was the sheer size of the Internet global routing tables. As the number of networks on the Internet increased, so did the number of routes. A few years back it was forecasted that the global backbone Internet routers were fast approaching their limit on the number of routes they could support. Even using the latest router technology, the maximum theoretical routing table size is approximately 60,000 routing table entries. If nothing was done the global routing tables would have reached capacity by mid-1994 and all Internet growth would be halted.
You have the following Network ID: 192.115.103.64/27. What is the IP range for your network?
It ranges from 192.115.103.64 - 192.115.103.96 But the usable address is from 192.115.103.64 - 192.115.103.94 192.115.103.95 - it is the broadcast address 192.115.103.96 - will be the IP address of next range We can use 30 hosts in this network
You have the following Network ID: 131.112.0.0. You need at least 500 hosts per network. How many networks can you create? What subnet mask will you use?
If you need 500 users then 2^9th would give you 512 (Remember the first and last are network and broadcast), 510 Usable. So of your 32 bits you would turn the last 9 off for host and that would give you give you a 255.255.254.0 subnet mask (11111111.11111111.11111110.00000000). Now that we know that we can see that you have the first 7 of your third octet turned on so to figure out how many subnets you have us the formula 2^7th= 128. So you can have 128 subnets with 500 people on them.
You need to view at network traffic. What will you use? Name a few tools
Winshark or tcp dump You can use Network Monitor. http://support.microsoft.com/kb/148942 Etheral Wireshark Fluke OptiView Suite Sitrace Iris Network Analyzer
How do I know the path that a packet takes to the destination?

Use tracert Command for Tracing Route
What does the ping 192.168.0.1 -l 1000 -n 100 command do?

The ping command will send roundtrip packets to a destination (other PC, router, printer, etc.) and see how long it takes. The 192.168.0.1 is the destination (which, by the way is a typical default IP address of a router.) The -l 1000 is how big the packet should be in bytes. The default is 32, if the -l parameter is not used. And the -n 100 is saying to send it 100 times. The default is 4, when this parameter is not used.
What is DHCP? What are the benefits and drawbacks of using it?
DEF DHCP is Dynamic Host Configuration Protocol. In a networked environment it is a method to assign an 'address' to a computer when it boots up. Benefit: A system administrator need not worry about computers being able to access networked resources. Disadvantages: (I'm still looking for it)
Describe the steps taken by the client and DHCP server in order to obtain an IP address.
This process of assigning the IP addresses by the DHCP server also known as DORA (Discover Offer Request and Acknowledgement). Client makes a UDP Broadcast to the server about the DHCP discovery. DHCP offers to the client. In response to the offer Client requests the server. Server responds all the IP Add/mask/gty/dns/wins info along with the acknowledgement packet.
At least one DHCP server must exist on a network. Once the DHCP server software is installed, you create a DHCP scope, which is a pool of IP addresses that the server manages. When clients log on, they request an IP address from the server, and the server provides an IP address from its pool of available addresses. DHCP was originally defined in RFC 1531 (Dynamic Host Configuration Protocol, October 1993) but the most recent update is RFC 2131 (Dynamic Host Configuration Protocol, March 1997). The IETF Dynamic Host Configuration (dhc) Working Group is chartered to produce a protocol for automated allocation, configuration, and management of IP addresses and TCP/IP protocol stack parameters.
What is the DHCPNACK and when do I get one? Name 2 scenarios.

DEF The DHCPNACK or Negative Acknowledgment is a packet that the server sends if the IP address is not available in stand of DHCPACK (in use on other client for example) or the address is no longer valid. In case of DHCPNACK the client must restart the lease process in order to get an IP address. Recently I saw a lot of queries regarding when the Microsoft DHCP server issues a NAK to DHCP clients. For simplification purposes, I am listing down the possible scenarios in which the server should NOT issue a NAK. This should give you a good understanding of DHCP NAK behavior. When a DHCP server receives a DHCP Request with a previously assigned address specified, it first checks to see if it came from the local segment by checking the GIADDR field. If it originated from the local segment, the DHCP server compares the requested address to the IP address and subnet mask belonging to the local interface that received the request. DHCP server will issue a NAK to the client ONLY IF it is sure that the client, "on the local subnet", is asking for an address that doesn't exist on that subnet. The server will send a NAK EXCEPT in the following scenarios:1. Requested address from possibly the same subnet but not in the address pool of the server:This can be the failover scenario in which 2 DHCP servers are serving the same subnet so that when one goes down, the other should not NAK to clients which got an IP from the first server. 2. Requested address on a different subnet:If the Address is from the same superscope to which the subnet belongs, DHCP servers will ACK the REQUEST.
What ports are used by DHCP and the DHCP clients?

Requests are on UDP reversed port 68 & Server replies on UDP reversed port 67
Describe the process of installing a DHCP server in an AD infrastructure.

Terms you'll need to understand: DHCP Lease duration Scopes Superscopes Multicast scopes Scope options
Techniques you'll need to master: Installing DHCP Understanding the DHCP lease process Creating scopes, superscopes, and multicast scopes Configuring the lease duration Configuring optional IP parameters that can be assigned to DHCP clients Understanding how DHCP interacts with DNS Configuring DHCP for DNS integration Authorizing a DHCP server in Active Directory Managing a DHCP server Monitoring a DHCP server
Introduction The TCP/IP protocol is an Active Directory operational requirement. This means that all computers on a Windows 2000 network require a unique IP address to communicate with the Active Directory. Static IP addresses can add a lot of administrative overhead. Not only can management of static IP addresses become time consuming, but such management also increases the chances of miss configured parameters. Imagine having to manually type 10,000 IP addresses and not make a single error. The Dynamic Host Configuration Protocol (DHCP) can be implemented to centralize the administration of IP addresses. Through DHCP, many of the tasks associated with IP addressing can be automated. However, implementing DHCP also introduces some security issues because anyone with physical access to the network can plug in a laptop and obtain IP information about the internal network. In this chapter, you'll learn how to implement a DHCP server, including the installation process, authorization of the server, and the configuration of DHCP scopes. The chapter ends by looking at how to manage a DHCP server and monitor its performance. Process TO Installing Dhcp Server IN Server 2008 Infrastructure: Go to... START-->Administrative Tools --> Server Manager -->Roles (Right Click)
--> Add Roles (Here a Add roles wizard will appear) -->Check the box of DHCP Server --> Click next --> Next --> In IPv4 DNS settings Give the parent domain Name and DNS server IP address and validate it... Click Next --> Add the DHCP scopes --> Disable DHCPv6... Click Next --> Finally Click on INSTALL This was the process for installing the DHCP server.
What is a dhcp server?

A DHCP Server (Dynamic Host Configuration Protocol) automatically gives network devices (computer, smart phone, etc.) the configuration information required to communicate on a network. The DHCP server will assign a device an IP address, a subnet mask and a default gateway. Some DHCP servers will also provide the network device with further configuration information such as the address of a DNS (Domain Name Server). When your computer or smart phone connects to a wireless network, it has most likely recieved is configuration from a DHCP server.
Describe the DHCP leasing process?

DHCP Lease Process A DHCP-enabled client obtains a lease for an IP address from a DHCP server. Before the lease expires, the DHCP server must renew the lease for the client or the client must obtain a new lease. Leases are retained in the DHCP server database approximately one day after expiration. This grace period protects a client's lease in case the client and server are in different time zones, their internal clocks are not synchronized, or the client is off the network when the lease expires.
The DHCP lease process is a process that occurs when a computer which is a DHCP client initially boots up on the network, to provide an IP address and any additional TCP/IP configuration parameters to these clients. The terminology and concepts used when discussing DHCP leasing or the DHCP lease process is summarized below: DHCP lease: This is the amount of time for which a DHCP client is allowed to make use of a specific IP addresses. The default setting for the DHCP lease is 8 days. DHCP lease process: The process which occurs when the client initially boots up on the network. The DHCP lease process enables DHCP clients to automatically obtain IP addresses from a DHCP server. DHCP Discovery Broadcast message: This is a message sent over the network by a client computer that wants to obtain an IP address from a DHCP server. DHCP Offer message: This is message sent by DHCP servers that serves as a reply to a Discovery Broadcast message.
DHCP Request Broadcast message: This message indicates that the client accepted an IP address offer from the first DHCP server which responded to it. The client broadcasts this particular message so that all the other DHCP servers that offered addresses to the client can withdraw their IP addresses. DHCP Acknowledge message: This message is sent by the DHCP server to the DHCP client, and is the process whereby which the IP address lease is assigned to the client. Unlimited lease duration: If you do not want the IP address assigned for a particular client to expire, you assign unlimited lease duration. DHCP scopes: A scope can be defined as a set of IP addresses which the DHCP server can allocate or assign to DHCP clients. A scope contains specific configuration information for clients that have IP addresses which are within a particular scope. Scope information for each DHCP server is specific to that particular DHCP server only, and is not shared between DHCP servers. During the DHCP lease process, the DHCP scopes configured for a DHCP server is used to provide a DHCP client with an IP address. You can configure different lease duration settings for each DHCP scope. The lease duration rules which should be implemented when you determine the lease duration time for the scope of each of your subnets are:
Use a shorter lease duration time if you have numerous mobile users, and if you are working in an environment that constantly has configuration changes. Use a longer lease duration time if the following statements are true: There are no mobile computers The environment does not continually experience configuration changes
Increase the default setting of 8 days if the number of IP addresses for each subnet is by far greater than the number of DHCP devices within your environment. Use a shorter lease duration period if you have a limited number of IP addresses for each subnet, and you are near to meeting limit. Understanding the DHCP Lease Process: The DHCP lease process is a four-step process that occurs when a DHCP client initially boots up on the network. The DHCP process remains unchanged since its initial introduction with Windows NT 4.0. During the DHCP lease process, negotiation for an IP address occurs between a DHCP server and a client that needs to obtain an IP address. In a TCP/IP based network, to uniquely identify computers on the network, each computer must have a unique IP address. To communicate on the Internet and private TCP/IP network, all hosts defined on the network must have IP addresses. The 32-bit IP address identifies a particular host on the network. With DHCP, the system assigns IP addresses to clients, which in turn leads to less incorrect configurations of IP addresses. This is mainly due to IP configuration information being entered at one location, and the server distributing this information to clients. Duplicated IP addresses are also prevented. The DHCP lease process that occurs between the DHCP server and client is a simple process. The negotiation process for an IP address consists of four messages sent between the DHCP server and the DHCP client.
Two messages from the client Two messages from the DHCP server
When the server assigns IP addresses to DHCP clients, it starts allocating addresses commencing from the bottom of its scope range, and starts moving to the top of its scope range. All unused addresses have to be used before the DHCP server: Allocates a previously used IP addresses to a new DHCP client. The DHCP server first assigns IP addresses that have not been used for the longest amount of time prior to assigning other previously used IP addresses. Allocates an expired IP addresses to a new DHCP client
During the four-step DHCP lease process, the events that occur are defined by the types of DHCP messages which are exchanged between the DHCP server and DHCP client: DHCPDISCOVER message: This message is used to request an IP address lease from a DHCP server. The message is sent when the client boots up on the network. The message is sent as a broadcast packet over the network, requesting for a DHCP server to respond to it DHCPOFFER message: This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers. DHCPREQUEST message: The client sends the initial DHCP server which responded to its request a DHCP Request message. The message basically indicates that the client is requesting the particular IP address for lease. The other DHCP servers who offered addresses withdraw those addresses at this point. DHCPACK message: The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby which the DHCP server assigns the IP address lease to the DHCP client.
The four steps involved in the DHCP lease process is often called DORA: Discover Offer Request Acknowledge
What is DHCPINFORM?
DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options. While PPP remote access clients do not use DHCP to obtain IP addresses for the remote access connection, Windows 2000 and Windows 98 remote access clients use the DHCPInform message to obtain DNS server IP addresses, WINS server IP addresses, and a DNS domain name. The DHCPInform message is sent after the IPCP negotiation is concluded. The DHCPInform message received by the remote access server is then forwarded to a DHCP server. The remote access server forwards DHCPInform messages only if it has been configured with the DHCP Relay Agent.
Describe the integration between DHCP and DNS.

Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes. DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company's network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs. This integration provides practical operational efficiencies that lower total cost of ownership. Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP addresscentric network services data. Windows Server 2003 DNS supports DHCP by means of the dynamic update of DNS zones. By integrating DHCP and DNS in a DNS deployment, you can provide your network resources with dynamic addressing information stored in DNS. To enable this integration, you can use the Windows Server 2003 DHCP service. The dynamic update standard, specified in RFC 2136: Dynamic Updates in the Domain Name System (DNS UPDATE), automatically updates DNS records. Both Windows Server 2003 and Windows 2000 support dynamic update, and both clients and DHCP servers can send dynamic updates when their IP addresses change. Dynamic update enables a DHCP server to register address (A) and pointer (PTR) resource records on behalf of a DHCP client by using DHCP Client FQDN option 81. Option 81 enables the DHCP client to provide its FQDN to the DHCP server. The DHCP client also provides instructions to the DHCP server describing how to process DNS dynamic updates on behalf of the DHCP client. The DHCP server can dynamically update DNS A and PTR records on behalf of DHCP clients that are not capable of sending option 81 to the DHCP server. You can also configure the DHCP server to discard client A and PTR records when the DHCP client lease is deleted. This reduces the time needed to manage these records manually and provides support for DHCP clients that cannot perform dynamic updates. In addition, dynamic update simplifies the setup of Active Directory by enabling domain controllers to dynamically register SRV resource records. If the DHCP server is configured to perform DNS dynamic updates, it performs one of the following actions: The DHCP server updates resource records at the request of the client. The client requests the DHCP server to update the DNS PTR record on behalf of the client, and the client registers A. The DHCP server updates DNS A and PTR records regardless of whether the client requests this action or not.
By itself, dynamic update is not secure because any client can modify DNS records. To secure dynamic updates, you can use the secure dynamic update feature provided in Windows Server 2003. To delete outdated records, you can use the DNS server aging and scavenging feature.
What options in DHCP do you regularly use for an MS network?

Automatic providing IP address Subnet mask
DNS server Domain name Default getaway or router
What are User Classes and Vendor Classes in DHCP?

Microsoft Vendor Classes The following list contains pre-defined vendor classes that are available in Windows 2000 DHCP server. Collapse this tableExpand this table MSFT 5.0 Microsoft Windows 2000 options Class that includes all Windows 2000 DHCP clients. MSFT 98 Microsoft Windows 98 options Class that includes all Windows 98 and Microsoft Windows Millennium Edition (Me) DHCP clients. MSFT Microsoft options Class that includes all Windows 98, Windows Me, and Windows 2000 DHCP clients.
Class Data
Class Name
Description
If you have non-Microsoft DHCP clients, you can define other vendor-specific classes on the DHCP server. When you define such classes, make sure the vendor class identifier that you define matches the identifier used by the clients. Back to the top User Classes The following list contains pre-defined user classes that are available in Windows 2000 DHCP server. Collapse this tableExpand this table Unspecified Default user class All DHCP clients that have no user class specified. RRAS. Microsoft Default Routing and Remote Access class All DialUp Networking (DUN) clients. Bootp Default Bootp class All Bootp clients
Class ID
Class Type
Description
In addition to these pre-defined classes, you can also add custom user classes for Windows 2000 DHCP clients. When you configure such classes, you must specify a custom identifier that corresponds to the user class defined on the DHCP server.
How do I configure a client machine to use a specific User Class?

The command to configure a client machine to use a specific user class is
ipconfig /setclassid "<Name of your Network card>" <Name of the class you created on DHCP and you want to join (Name is case sensitive)> E.g.: ipconfig /setclassid Local Area Network" Accounting
What is the BOOTP protocol used for, where might you find it in Windows network infrastructure?
BootP (RFC951) provides a unique IP address to the requester (using port 67) similar to the DHCP request on port 68 AND can provide (where supported) the ability to boot a system without a hard drive (ie: a diskless client)
Apple OS X 10.* Server supports BootP (albeit) renamed as NetBoot. The facility allows the Admin to maintain a selected set of configurations as boot images and then assign sets of client systems to share(or boot from) that image. For example Accounting, Management, and Engineering departments have elements in common, but which can be unique from other departments. Performing upgrades and maintenance on three images is far more productive that working on all client systems individually. Startup is obviously network intensive, and beyond 40-50 clients, the Admin needs to carefully subnet the infrastructure, use gigabit switches, and host the images local to the clients to avoid saturating the network. This will expand the number of BootP servers and multiply the number of images, but the productivity of 1 BootP server per 50 clients is undeniable :) Sunmicro, Linux, and AIX RS/600 all support BootP.
What is BootP?
BOOTP, short for Bootstrap Protocol, is a protocol used to allow an Ethernet network device to obtain an IP Address over the network. A device that wants to obtain an IP address broadcasts a BootP request that identifies the device by it's MAC address, an identifying six octet number ( ex: 00:A0:45:08:CD:8D) that is uniquely assigned to a device by its manufacturer. A BootP server on the network, sees the request and sends a BootP reply containing a desired IP address (ex: 192.168.1.10) to the device, thereby making it now become accessible to higher level network communications using that IP address. For Industrial Ethernet, MAC addresses serve as the basis of networking in order to establishing communication and direct data traffic. This level of communications is referred to as "layer 2" in the OSI model. IP addresses are assigned to devices (and switches) to support the "higher layer" protocols that are used produce complex, functioning networks. After being assigned an IP address, a managed switch can now be accessed, configured and monitored for remote diagnostics via a standard Webbrowser. In addition, the switch will now respond to standard networking diagnostic tests such as "pinging". A switch without an IP address cannot provide this very simple, but powerful network diagnostic capability. To avoid potential duplicate IP address confusion, Phoenix Contact managed switches ship without an
IP address. Assigning an IP address via BootP is quick and easy with Phoenix Contact's freeware IPAssign tool. BootP is also a means to boot a "diskless client" system.
DNS zones describe the differences between the 4 types.

Dns zone is actual file which contains all the records for a specific domain. Forward Lookup Zones: - This zone is responsible to resolve host name to ip. Reverse Lookup Zones: - This zone is responsible to resolve ip to host name. Stub Zone: - Stubzone is read only copy of primary zone. But it contains only 3 records viz The SOA for the primary zone, NS record and a Host (A) record.
DNS record types describe the most important ones

A (Host): Classic resource record. Maps hostname to IP (ipv4) PTR: Maps IP to hostname (Reverse of a (Host) AAAA: Maps hostname to IP (ipv6) Cname: Canonical name, in plain English an alias. Such as Web Server, FTP Server, Chat Server NS: Identifies DNS name servers. Important for forwarders MX: Mail servers, particularly for other domains.MX records required to deliver internet email. SRV: Required for Active Directory. Whole family of underscore service, records, for example, GC = global catalog. SOA: Make a point of finding the Start of Authority (SOA) tab at the DNS Server. For more knowledge Srv records: - A SRV or Service Record is a category of data in the DNS specifying information on available services. When looking up for a service, you must first lookup the SRV Record for the service to see which server actually handles it. Then it looks up the Address Record for the server to connect to its IP Address. Authoritative Name Server [NS] Record:-A Zone should contain one NS Record for each of its own DNS servers (primary and secondary). This mostly is used for Zone Transfer purposes (notify). These NS Records have the same name as the Zone in which they are located. SOA:-This record is used while synchronizing data between multiple computers. A given zone must have precisely one SOA record which contains Name of Primary DNS Server, Mailbox of the Responsible Person, Serial Number: Used by Secondary DNS Servers to check if the Zone has changed. If the Serial Number is higher than what the Secondary Server has, a Zone Transfer will be initiated, Refresh Interval: How often Secondary DNS Servers should check if changes are made to the zone, Retry Interval: How often Secondary DNS Server should retry checking, if changes are made - if the first refresh fails, Expire Interval: How long the Zone will be valid after a refresh. Secondary Servers will discard the Zone if no refresh could be made within this interval. Minimum (Default) TTL: Used as the default TTL for new Records created within the zone. Also used by other DNS Server to cache negative responses (such as Record does not exist, etc.).
Describe the process of working with an external domain name

Serving Sites with External Domain Name Servers If you host Web sites on this server and have a standalone DNS server acting as a primary (master) name server for your sites, you may want to set up your control panel's DNS server to function as a secondary (slave) name server: To make the control panel's DNS server act as a secondary name server: 1. 2. 3. 4. 5. Go to Domains > domain name > DNS Settings (in the Web Site group). Click Switch DNS Service Mode. Specify the IP address of the primary (master) DNS server. Click Add. Repeat steps from 1 to 5 for each Web site that needs to have a secondary name server on this machine.
To make the control panel's DNS server act as a primary for a zone: 1. 2. Go to Domains > domain name > DNS Settings (in the Web Site group). Click Switch DNS Service Mode. The original resource records for the zone will be restored.
If you host Web sites on this server and rely entirely on other machines to perform the Domain Name Service for your sites (there are two external name servers - a primary and a secondary), switch off the control panel's DNS service for each site served by external name servers. To switch off the control panel's DNS service for a site served by an external name server: 1. 2. Go to Domains > domain name > DNS Settings (in the Web Site group). Click Switch off the DNS Service in the Tools group. Turning the DNS service off for the zone will refresh the screen, so that only a list of name servers remains.
Note: The listed name server records have no effect on the system. They are only presented on the screen as clickable links to give you a chance to validate the configuration of the zone maintained on the external authoritative name servers. Repeat the steps from 1 to 3 to switch off the local domain name service for each site served by external name servers.
If you wish to validate the configuration of a zone maintained on authoritative name servers: 1. 2. Go to Domains > domain name > DNS Settings (in the Web Site group). Add to the list the entries pointing to the appropriate name servers that are authoritative for the zone: click Add, specify a name server, and click OK. Repeat this for each name server you would like to test.
The records will appear in the list.
Click the records that you have just created. Parallels Plesk Panel will retrieve the zone file from a remote name server and check the resource records to make sure that domain's resources are properly resolved.
The results will be interpreted and displayed on the screen.
Describe the importance of DNS to AD.

When you install Active Directory on a server, you promote the server to the role of a domain controller for a specified domain. When completing this process, you are prompted to specify a DNS domain name for the Active Directory domain for which you are joining and promoting the server. If during this process, a DNS server authoritative for the domain that you specified either cannot be located on the network or does not support the DNS dynamic update protocol, you are prompted with the option to install a DNS server. This option is provided because a DNS server is required to locate this server or other domain controllers for members of an Active Directory domain.
Describe a few methods of finding an MX record for a remote domain on the Internet.
In order to find MX Records for SMTP domains you can use Command-line tools such as NSLOOKUP or DIG. You can also use online web services that allow you to perform quick searches and display the information in a convenient manner. In nslookup prompt type > set type=mx > hotmail.com Non-authoritative answer: hotmail.com MX preference = 5, mail exchanger = mx3.hotmail.com hotmail.com MX preference = 5, mail exchanger = mx4.hotmail.com hotmail.com MX preference = 5, mail exchanger = mx1.hotmail.com hotmail.com MX preference = 5, mail exchanger = mx2.hotmail.com
What does "Disable Recursion" in DNS mean?

In the Windows 2000/2003 DNS console (dnsmgmt.msc), under a server's Properties -> Forwarders tab is the setting do not use recursion for this domain. On the Advanced tab you will find the confusingly similar option Disable recursion (also disables forwarders). Recursion refers to the action of a DNS server querying additional DNS servers (e.g. local ISP DNS or the root DNS servers) to resolve queries that it cannot resolve from its own database. So what is the difference between these settings?
The DNS server will attempt to resolve the name locally, and then will forward requests to any DNS servers specified as forwarders. If Do not use recursion for this domain is enabled, the DNS server will pass the query on to forwarders, but will not recursively query any other DNS servers (e.g. external DNS servers) if the forwarders cannot resolve the query. If Disable recursion (also disables forwarders) is set, the server will attempt to resolve a query from its own database only. It will not query any additional servers. If neither of these options is set, the server will attempt to resolve queries normally: ... the local database is queried ... if an entry is not found, the request is passed to any forwarders that are set ... if no forwarders are set, the server will query servers on the Root Hints tab to resolve queries beginning at the root domains.
What could cause the Forwarders and Root Hints to be grayed out?
Win2K configured your DNS server as a private root server.
What is a "Single Label domain name" and what sort of issues can it cause?
Single-label names consist of a single word like "contoso".
Single-label DNS names cannot be registered by using an Internet registrar. Client computers and domain controllers that joined to single-label domains require additional configuration to dynamically register DNS records in single-label DNS zones. Client computers and domain controllers may require additional configuration to resolve DNS queries in single-label DNS zones. By default, Windows Server 2003-based domain members, Windows XP-based domain members, and Windows 2000-based domain members do not perform dynamic updates to single-label DNS zones. Some server-based applications are incompatible with single-label domain names. Application support may not exist in the initial release of an application, or support may be dropped in a future release. For example, Microsoft Exchange Server 2007 is not supported in environments in which single-label DNS is used. Some server-based applications are incompatible with the domain rename feature that is supported in Windows Server 2003 domain controllers and in Windows Server 2008 domain controllers. These incompatibilities either block or complicate the use of the domain rename feature when you try to rename a single-label DNS name to a fully qualified domain name.
What is the "in-addr.arpa" zone used for?

When creating DNS records for your hosts, A records make sense. After all, how can the world find your mail server unless the IP address of that server is associated with its hostname within a DNS
database? However, PTR records aren't as easily understood. If you already have a zone file, why does there have to be a separate in-addr.arpa zone containing PTR records matching your A records? And who should be making those PTR records--you or your provider? Let's start by defining in-addr.arpa. .arpa is actually a TLD like .com or .org. The name of the TLD comes from Address and Routing Parameter Area and it has been designated by the IANA to be used exclusively for Internet infrastructure purposes. In other words, it is an important zone and an integral part of the inner workings of DNS. The RFC for DNS (RFC 1035) has an entire section on the in-addr.arpa domain. The first two paragraphs in that section state the purpose of the domain: "The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network in the Internet. Note that both of these services are similar to functions that could be performed by inverse queries; the difference is that this part of the domain name space is structured according to address, and hence can guarantee that the appropriate data can be located without an exhaustive search of the domain space." In other words, this zone provides a database of all allocated networks and the DNS reachable hosts within those networks. If your assigned network does not appear in this zone, it appears to be unallocated. And if your hosts don't have a PTR record in this database, they appear to be unreachable through DNS. Assuming an A record exists for a host, a missing PTR record may or may not impact on the DNS reach ability of that host, depending upon the applications running on that host. For example, a mail server will definitely be impacted as PTR records are used in mail header checks and by most anti-SPAM mechanisms. Depending upon your web server configuration, it may also depend upon an existing PTR record. This is why the DNS RFCs recommend that every A record has an associated PTR record. But who should make and host those PTR records? Twenty years ago when you could buy a full Class C network address (i.e. 254 host addresses) the answer was easy: you. Remember, the in-addr.arpa zone is concerned with delegated network addresses. In other words, the owner of the network address is authoritative (i.e. responsible) for the host PTR records associated with that network address space. If you only own one or two host addresses within a network address space, the provider you purchased those addresses from needs to host your PTR records as the provider is the owner of (i.e. authoritative for) the network address. Things are a bit more interesting if you have been delegated a CIDR block of addresses. The in-addr.arpa zone assumes a classful addressing scheme where a Class A address is one octet (or /8), a Class B is 2 octets (or /16) and a Class C is 3 octets (or /24). CIDR allows for delegating address space outside of these boundaries--say a /19 or a /28. RFC 2317 provides a best current practice for maintaining in-addr.arpa with these types of network allocations. Here is a summary regarding PTR records:
Dont wait until users complain about DNS unreachability be proactive and ensure there is an associated PTR record for every A record. If your provider hosts your A records, they should also host your PTR records. If you only have one or two assigned IP addresses, your provider should host your PTR records as they are authoritative for the network those hosts belong to. If you own an entire network address (e.g. a Class C address ending in 0), you are responsible for hosting your PTR records. If you are configuring an internal DNS server within the private address ranges (e.g. 10.0.0.0 or 192.168.0.0), you are responsible for your own internal PTR records. Remember: the key to PTR hosting knows who is authoritative for the network address for your domain. When in doubt, it probably is not you.
What are the requirements from DNS to support AD?

When you install Active Directory on a member server, the member server is promoted to a domain controller. Active Directory uses DNS as the location mechanism for domain controllers, enabling computers on the network to obtain IP addresses of domain controllers. During the installation of Active Directory, the service (SRV) and address (A) resource records are dynamically registered in DNS, which are necessary for the successful functionality of the domain controller locator (Locator) mechanism. To find domain controllers in a domain or forest, a client queries DNS for the SRV and A DNS resource records of the domain controller, which provide the client with the names and IP addresses of the domain controllers. In this context, the SRV and A resource records are referred to as Locator DNS resource records. When adding a domain controller to a forest, you are updating a DNS zone hosted on a DNS server with the Locator DNS resource records and identifying the domain controller. For this reason, the DNS zone must allow dynamic updates (RFC 2136) and the DNS server hosting that zone must support the SRV resource records (RFC 2782) to advertise the Active Directory Directory service. For more information about RFCs, see DNS RFCs. If the DNS server hosting the authoritative DNS zone is not a server running Windows 2000 or Windows Server 2003, contact your DNS administrator to determine if the DNS server supports the required standards. If the server does not support the required standards, or the authoritative DNS zone cannot be configured to allow dynamic updates, then modification is required to your existing DNS infrastructure. For more information, see Checklist: Verifying DNS before installing Active Directory and Using the Active Directory Installation Wizard. Important The DNS server used to support Active Directory must support SRV resource records for the Locator mechanism to function. For more information, see managing resource records. It is recommended that the DNS infrastructure allows dynamic updates of Locator DNS resource records (SRV and A) before installing Active Directory, but your DNS administrator may add these resource records manually after installation.
After installing Active Directory, these records can be found on the domain controller in the following location: systemroot\System32\Config\Netlogon.dns.
How do you manually create SRV records in DNS?

This is on windows server Go to run ---> dnsmgmt.msc right click on the zone you want to add Srv record to and choose "other new record" and choose service location (Server).....
Name 3 benefits of using AD-integrated zones.

1. 2. 3. 4. 5. You can give easy name resolution to your clients. By creating AD- integrated zone you can also trace hacker and spammer by creating reverse zone. AD integrated zoned all for incremental zone transfers which on transfer changes and not the entire zone. This reduces zone transfer traffic. AD Integrated zones support both secure and dynamic updates. AD integrated zones are stored as part of the active directory and support domain-wide or forestwide replication through application partitions in AD.
What are the benefits of using Windows 2003 DNS when using AD-integrated zones?
DNS supports Dynamic registration of SRV records registered by a Active Directory server or a domain controller during promotion. With the help of SRV records client machines can find domain controllers in the network. 1. 2. 3. DNS supports Secure Dynamic updates. Unauthorized access is denied. Exchange server needs internal DNS or AD DNS to locate Global Catalog servers. Active Directory Integrated Zone. If you have more than one domain controller (recommended) you need not worry about zone replication. Active Directory replication will take care of DNS zone replication also. If your network uses DHCP with Active Directory then no other DHCP will be able to service client requests coming from different network. It is because DHCP server is authorized in AD and will be the only server to participate on network to provide IP Address information to client machines. Moreover, you can use NT4 DNS with Service Pack 4 or later. It supports both SRV record registration and Dynamic Updates.
4.
5.
Using Microsoft DNS gives the following benefits: you implement networks that require secure updates. You want to take benefit of Active Directory replication. You want to integrate DHCP with DNS for Low-level clients to register their Host records in Zone database.
You installed a new AD domain and the new (and first) DC has not registered its SRV records in DNS. Name a few possible causes.
The machine cannot be configured with DNS client her own The DNS service cannot be run
What are the benefits and scenarios of using Stub zones?

One of the new features introduced in the Windows Server 2003-based implementation of DNS are stub zones. Its main purpose is to provide name resolution in domains, for which a local DNS server is not authoritative. The stub zone contains only a few records: - Start of Authority (SOA) record pointing to a remote DNS server that is considered to be the best source of information about the target DNS
domain, - one or more Name Server (NS) records (including the entry associated with the SOA record), which are authoritative for the DNS domain represented by the stub zone, - corresponding A records for each of the NS entries (providing IP addresses of the servers). While you can also provide name resolution for a remote domain by creating a secondary zone (which was a common approach in Windows Server 2000 DNS implementation) or delegation (when dealing with a contiguous namespace), such approach forces periodic zone transfers, which are not needed when stub zones are used. Necessity to traverse network in order to obtain individual records hosted on the remote Name Servers is mitigated to some extent by caching process, which keeps them on the local server for the duration of their Time-to-Live (TTL) parameter. In addition, records residing in a stub zone are periodically validated and refreshed in order to avoid lame delegations.
What are the benefits and scenarios of using Conditional Forwarding?

The benefits are speed up name resolution in certain scenarios. According to research that is forwarded to the correct server or with specific speed. And down where DNS queries are sent in specific areas.
What are the differences between Windows Clustering, Network Load Balancing and Round Robin, and scenarios for each use?
I will make a few assumptions here: 1) By "Windows Clustering Network Load Balancing" you mean Windows Network Load Balancing software included in Windows Server software a.k.a NLB., and 2) By Round Robin, you mean DNS Round Robin meaning the absence of a software or hardware load balancing device, or the concept of the Round Robin algorithm available in just about every load balancing solution. Microsoft NLB is designed for a small number (4 - 6) of Windows Servers and a low to moderate number of new connections per second, to provide distribution of web server requests to multiple servers in a virtual resource pool. Some would call this a "cluster", but there are suttle differences between a clustered group of devices and a more loosely configured virtual pool. From the standpoint of scalability and performance, almost all hardware load balancing solutions are superior to this and other less known software load balancing solutions [e.g. Bright Tiger circa 1998]. DNS Round Robin is an inherent load balancing method built into DNS. When you resolve an IP address that has more than one A record, DNS hands out different resolutions to different requesting local DNS servers. Although there are several factors effecting the exact resulting algorithm (e.g. DNS caching, TTL, multiple DNS servers [authoritative or cached]), I stress the term "roughly" when I say it roughly results in an even distribution of resolutions to each of the addresses specified for a particular URL. It does not however, consider availability, performance, or any other metric and is completely static. The basic RR algorithm is available in many software and hardware load balancing solutions and simply hands the next request to the next resource and starts back at the first resource when it hits the last one. NLB is based on proprietary software, meant for small groups of Windows servers only on private networks, and is dynamic in nature (takes into account availability of a server, and in some cases performance). "Round Robin", DNS or otherwise, is more generic, static in nature (does not take into
account anything but the resource is a member of the resource pool and each member is equal), and ranges from DNS to the default static load balancing method on every hardware device in the market.
How do I work with the Host name cache on a client computer?

Use the command nbtstat. -a (adapter status) Lists the remote machine's name table given its name -A (Adapter status) Lists the remote machine's name table given its IP address. -c (cache) Lists NBT's cache of remote [machine] names and their IP addresses -n (names) Lists local NetBIOS names. -r (resolved) Lists names resolved by broadcast and via WINS -R (Reload) Purges and reloads the remote cache name table -S (Sessions) Lists sessions table with the destination IP addresses -s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names. -RR (Release Refresh) Sends Name Release packets to WINS and then, starts Refresh
How do I clear the DNS cache on the DNS server?

This for a DNS server uses the command "dnscmd" with options. e.g.: dnscmd dnssvr1.contoso.com /clearcache to clear DNS Cache in client do the following: 1. 2. 3. 4. 5. 6. Start Run Type "cmd" and press enter In the command window type "ipconfig /flushdns" If done correctly it should say "Successfully flushed the DNS Resolver Cache." If you receive an error "Could not flush the DNS Resolver Cache: Function failed during execution.
What is the 224.0.1.24 address used for?

WINS server group address Used to support auto discovery and dynamic configuration of replication for WINS servers. For more information, see WINS replication overview.
What is WINS and when do we use it?

Windows Internet Name Service (WINS) provides a dynamic replicated database service that can register and resolve NetBIOS names to IP addresses used on your network. The Microsoft Windows Server 2003 family provides WINS, which enables the server computer to act as a NetBIOS name server and register and resolve names for WINS-enabled client computers on your network as described in the NetBIOS over TCP/IP standards.
Can you have a Microsoft-based network without any WINS server on it? What are the "considerations" regarding not using WINS?
Yes, you can. WINS was designed to speed up information flow about the Windows workstations in a network. It will work without it, and most networks do not utilize WINS servers anymore because it is based on an old protocol (NetBUI) which is no longer in common use.
Describe the differences between WINS push and pull replications.

To replicate database entries between a pair of WINS servers, you must configure each WINS server as a pull partner, a push partner, or both with the other WINS server. A push partner is a WINS server that sends a message to its pull partners, notifying them that it has new WINS database entries. When a WINS server's pull partner responds to the message with a replication request, the WINS server sends (pushes) copies of its new WINS database entries (also known as replicas) to the requesting pull partner. A pull partner is a WINS server that pulls WINS database entries from its push partners by requesting any new WINS database entries that the push partners have. The pull partner requests the new WINS database entries that have a higher version number than the last entry the pull partner received during the most recent replication.
What is the difference between tombstoning a WINS record and simply deleting it?
Simple deletion: removes the records that are selected in the WINS console only from the local WINS server you are currently managing. If the WINS records deleted in this way exist in WINS data replicated to other WINS servers on your network, these additional records are not fully removed. Also, records that are simply deleted on only one server can reappear after replication between the WINS server where simple deletion was used and any of its replication partners. Tombstoning: marks the selected records as tombstoned, that is, marked locally as extinct and immediately released from active use by the local WINS server. This method allows the tombstoned records to remain present in the server database for purposes of subsequent replication of these records to other servers. When the tombstoned records are replicated, the tombstone status is updated and applied by other WINS servers that store replicated copies of these records. Each replicating WINS server then updates and tombstones
Name the NetBIOS names you might expect from a Windows 2003 DC that is registered in WINS.
If a Microsoft Windows NT 3.5-based client computer does not receive a response from the primary Windows Internet Name Service (WINS) server, it queries the secondary WINS server to resolve a NetBIOS name. However, if a NetBIOS name is not found in the primary WINS server's database, a Windows NT 3.5-based client does not query the secondary WINS server. In Microsoft Windows NT 3.51 and later versions of the Windows operating system, a Windows-based client does query the secondary WINS server if a NetBIOS name is not found in the primary WINS server's database. Clients that are running the following versions In Windows NT 3.51, Windows NT 4, Windows 95, Windows 98, Windows 2000, Windows Millennium Edition, Windows XP, and Windows Server 2003, you can specify up to 12 WINS servers. Additional WINS servers are useful when a requested name is not found in the primary WINS server's database or in the secondary WINS server's database. In this situation, the WINS client sends a request to the next server in the list.
Describe the role of the routing table on a host and on a router.

In inter networking, the process of moving a packet of data from source to destination. Routing is usually performed by a dedicated device called a router. Routing is a key feature of the Internet because it enables messages to pass from one computer to another and eventually reach the target machine. Each intermediary computer performs routing by passing along the message to the next computer. Part of this process involves analyzing a routing table to determine the best path. A device that forwards data packets along networks a router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISPs network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. Very little filtering of data is done through routers.
What are routing protocols? Why do we need them? Name a few.

DEF Routing Protocol is a protocol that specifies how routers communicate with each other to disseminate information that allows them to select routes between any two nodes on a network. Typically, each router has a prior knowledge only of its immediate neighbors. A routing protocol shares this information so that routers have knowledge of the network topology at large. For a discussion of the concepts behind routing protocols, see: Routing. The term routing protocol may refer more specifically to a protocol operating at Layer 3 of the OSI model which similarly disseminates topology information between routers. Many routing protocols used in the public Internet are defined in documents called RFCs. There are three major types of routing protocols, some with variants: link-state routing protocols, path vector protocols and distance vector routing protocols. The specific characteristics of routing protocols include the manner in which they either prevent routing loops from forming or break routing loops if they do form, and the manner in which they
determine preferred routes from a sequence of hop costs and other preference factors. IGRP (Interior Gateway Routing Protocol) EIGRP (Enhanced Interior Gateway Routing Protocol) OSPF (Open Shortest Path First) RIP (Routing Information Protocol) IS-IS (Intermediate System to Intermediate System)
What are router interfaces? What types can they be?

The interfaces on a router provide network connectivity to the router. The console and auxiliary ports are used for managing the router. Routers also have ports for LAN and WAN connectivity. He LAN interfaces usually include Ethernet, Fast Ethernet, Fiber Distributed Data Interface (FDDI), or Token Ring. The AUI port is used to provide LAN connectivity. You can use a converter to attach your LAN to the router. Some higher-end routers have separate interfaces for ATM (Asynchronous Transfer Mode) as well. Sync and Async serial interfaces are used for WAN connectivity. ISDN (Integrated Services Digital Network) interfaces are used to provide the ISDN connectivity. Using ISDN, you can transmit both voice and data.
In Windows 2003 routing, what are the interface filters?

NAT acts as a middle man between the internal and external network; packets coming from the private network are handled by NAT and then transferred to their intended destination. A single external address is used on the Internet so that the internal IP addresses are not shown. A table is created on the router that lists local and global addresses and uses it as a reference when translating IP addresses. NAT can work in several ways: Static NAT An unregistered IP address is mapped to a registered IP address on a one-to-one basis - which is useful when a device needs to be accessed from outside the network. Dynamic NAT An unregistered IP address is mapped to a registered IP address from a group of registered IP addresses. For example, a computer 192.168.10.121 will translate to the first available IP in a range from 212.156.98.100 to 212.156.98.150. Overloading A form of dynamic NAT, it maps multiple unregistered IP addresses to a single registered IP address, but in this case uses different ports. For example, IP address 192.168.10.121 will be mapped to 212.56.128.122:port_number (212.56.128.122:1080). Overlapping this when addresses in the inside network overlap with addresses in the outside network - the IP
addresses are registered on another network too. The router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. How NAT works A table of information about each packet that passes through is maintained by NAT. When a computer on the network attempts to connect to a website on the Internet: the header of the source IP address is changed and replaced with the IP address of the NAT computer on the way out the "destination" IP address is changed (based on the records in the table) back to the specific internal private class IP address in order to reach the computer on the local network on the way back in Network Address Translation can be used as a basic firewall the administrator is able to filter out packets to/from certain IP addresses and allow/disallow access to specified ports. It is also a means of saving IP addresses by having one IP address represent a group of computers. Setting up NAT to setup NAT you must start by opening the Configure your server wizard in administrative tools and selecting the RRAS/VPN Server role. Now press next and the RRAS setup wizard will open. The screen below shows the Internet Connection screen in which you must specify which type of connection to the Internet and whether or not you want the basic firewall feature to be enabled. Press Next to continue. The installation process will commence and services will be restarted, after which the finish screen will be displayed - showing what actions have taken place. Configuring NAT Configuration of NAT takes place from the Routing and Remote Access mmc found in the Administrative Tools folder in the Control Panel or on the start menu. The screenshot below shows the routing and remote access mmc. Select which interface you wish to configure and double click it. This will bring up the properties window giving you the option to change settings such as packet filtering and port blocking, as well as enabling/disabling certain features, such as the firewall. The remote router (set up previously) properties box is shown below. The NAT/Basic Firewall tab is selected. You are able to select the interface type to specify what the network connection will be. In my example I have selected for the interface to be a public interface connected to the internet. NAT and the basic firewall option have also been enabled. The inbound and outbound buttons will open a window that will allow you restrict traffic based on IP address or protocol packet attributes. As per your instructions, certain TCP packets will be dropped before they reach the client computer. Thus, making the network safer and giving you more functionality. This is useful if, for example, you wanted to reject all packets coming from a blacklisted IP address or restrict internal users access to port 21 (ftp). For further firewall configuration, go to the Services and Ports tab. Here you can select which services you would like to provide your users access to. You can also add more services by specifying details such as the incoming and outgoing port number. List of services shown in the above screenshot are preset. Press Add to bring up the window that will allow the creation of a new service or select an available service and press Edit to modify that service. You will be asked to specify the name, TCP and UDP port number and the IP address of the computer hosting that service. If the services in the list arent enabled then any client computer on the Windows 2003 domain will not be able to access that specific service. For example, if the computer was configured as shown in the
image above and a client computer tried to connect to an ftp site, he would be refused access. This section can prove to be very useful for any sized networks, but especially small ones. That concludes this article. As you have seen, Network Address Translation is a useful feature that adds diversity and security to a network in a small to medium sized company. With the advent
What is NAT?
DEF1 (Network Address Translation) An IETF standard that allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network. The NAT technology, which is implemented in a router, firewall or PC, converts private IP addresses (such as in the 192.168.0.0 range) of the machine on the internal private network to one or more public IP addresses for the Internet. It changes the packet headers to the new address and keeps track of them via internal tables that it builds. When packets come back from the Internet, NAT uses the tables to perform the reverse conversion to the IP address of the client machine. NAT is also provided with Windows Internet Connection Sharing. DEF2 NAT allows an Internet Protocol (IP) network to maintain public IP addresses separately from private IP addresses. NAT is a popular technology for Internet connection sharing. It is also sometimes used in server load balancing applications on corporate networks.
What is the real difference between NAT and PAT?

NAT is a feature of a router that will translate IP addresses. When a packet comes in, it will be rewritten in order to forward it to a host that is not the IP destination. A router will keep track of this translation, and when the host sends a reply, it will translate back the other way. PAT translates ports, as the name implies, and likewise, NAT translates addresses. Sometimes PAT is also called Overloaded NAT
How do you configure NAT on Windows 2003?

To configure the Routing and Remote Access and the Network Address Translation components, your computer must have at least two network interfaces: one connected to the Internet and the other one connected to the internal network. You must also configure the network translation computer to use Transport Control Protocol/Internet Protocol (TCP/IP). If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN) adapter to connect to the Internet, install your dial-up device before you configure Routing and Remote Access. Use the following data to configure the TCP/IP address of the network adapter that connects to the internal network:
TCP/IP address: 192.168.0.1 Subnet mask: 255.255.255.0 No default gateway Domain Name System (DNS) server: provided by your Internet service provider (ISP) Windows Internet Name Service (WINS) server: provided by your ISP Use the following data to configure the TCP/IP address of the network adapter that connects to the external network: TCP/IP address: provided by your ISP Subnet mask: provided by your ISP Default gateway: provided by your ISP DNS server: provided by your ISP WINS server: provided by your ISP Before you continue, verify that all your network cards or all your dial-up adapters are functioning correctly. Configure Routing and Remote Access To activate Routing and Remote Access, follow these steps: 1. 2. 3. 4. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access. Right-click your server, and then click Configure and Enable Routing and Remote Access. In the Routing and Remote Access Setup Wizard, click Next, click Network address translation (NAT), and then click Next. Click Use this public interface to connect to the Internet, and then click the network adapter that is connected to the Internet. At this stage you have the option to reduce the risk of unauthorized access to your network. To do so, click to select the Enable security on the selected interface by setting up Basic Firewall check box. Examine the selected options in the Summary box, and then click Finish.
5.
Configure dynamic IP address assignment for private network clients You can configure your Network Address Translation computer to act as a Dynamic Host Configuration Protocol (DHCP) server for computers on your internal network. To do so, follow these steps: 1. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access. 2. Expand your server node, and then expand IP Routing. 3. Right-click NAT/Basic Firewall and then click Properties. 4. In the NAT/Basic Firewall Properties dialog box, click the Address Assignment tab. 5. Click to select the automatically assign IP addresses by using the DHCP allocator check box. Notice that default private network 192.168.0.0 with the subnet mask of 255.255.0.0 is automatically added in the IP address and the Mask boxes. You can keep the default values, or you can modify these values to suit your network. 6. If your internal network requires static IP assignment for some computers -- such as for domain controllers or for DNS servers -- exclude those IP addresses from the DHCP pool. To do this, follow these steps:
Click Exclude. In the Exclude Reserved Addresses dialog box, click Add, type the IP address, and then click OK. Repeat step b for all addresses that you want to exclude. Click OK.
Configure name resolution To configure name resolution, follow these steps: 1. 2. 3. 4. Click Start, point to All Programs, point to Administrative Tools, and then click Routing and Remote Access. Right-click NAT/Basic Firewall and then click Properties. In the NAT/Basic Firewall Properties dialog box, click the Name Resolution tab. Click to select the Clients using Domain Name System (DNS) check box. If you use a demand-dial interface to connect to an external DNS server, click to select the Connect to the public network when a name needs to be resolved check box, and then click the appropriate dial-up interface in the list.
How do you allow inbound traffic for specific hosts on Windows 2003 NAT?
You can use the Windows Server 2003 implementation of IPSec to compensate for the limited protections provided by applications for network traffic, or as a network-layer foundation of a defense-in-depth strategy. Do not use IPSec as a replacement for other user and application security controls, because it cannot protect against attacks from within established and trusted communication paths. Your authentication strategy must be well defined and implemented for the potential security provided by IPSec to be realized, because authentication verifies the identity and trust of the computer at the other end of the connection.
What is VPN? What types of VPN does Windows 2000 and beyond work with natively?
IPSec, L2TP and PPTP VPN server is also known as L2TP server in native mode & in PPTP in mixed mode. VPN gives extremely secure connections between private networks linked through the Internet. It allows remote computers to act as though they were on the same secure, local network.
What is IAS? In what scenarios do we use it?

Internet Authentication Service IAS is deployed in these common scenarios: 1) Dial-up corporate access. 2) Outsourced corporate access through service providers. 3) Internet access.
What's the difference between mixed mode and Native mode in AD when dealing with RRAS?
The domain functional levels that can be set for Active Directory in Windows Server 2003 are listed below. The Windows 2000 Mixed and Windows Native domain functional levels were available in Windows 2000 to enable backward compatibility to operating systems such as Windows NT 4.0. The latter two functional levels are only available with Windows Server 2003. Windows 2000 Mixed : This is the default functional level implemented when you install a Windows Server 2003 domain controller. The basic Active Directory features are available when this mode is configured. Windows 2000 Native : In Windows 2000 Native functional level, the backup domain controllers of Windows NT is not supported as domain controllers in the domain. Only Windows 2000 domain controllers and Windows Server 2003 domain controllers are supported. The main differences between Windows 2000 Mixed and Windows 2000 Native when discussing Active Directory features is that features like group nesting, or using Universal Groups and Security ID Histories (SIDHistory) is not available in Windows 2000 Mixed, but is available in Windows 2000 Native. Windows Server 2003 Interim : This functional level is used when Windows NT domains are directly upgraded to Windows Server 2003. Windows Server 2003 Interim is basically identical to Windows 2000 Native. The key point to remember on Windows Server 2003 Interim is that this functional level is used when the forests in your environment do not have Windows 2000 domain controllers. Windows Server 2003 : This domain functional level is used when the domain only includes Windows Server 2003 domain controllers. The features available for the new Windows Server 2003 Interim and Windows Server 2003 domain functional levels are discussed later on in this article. The forest functional level can also be raised to enable additional Active Directory features. You have to though first raise the functional of domains within a forest before you can raise the forest functional level to Windows Server 2003. The domain functional level in this case has to be Windows 2000 Native or Windows Server 2003 before you raise the forest functional level. Domain controllers in the domains of the forest automatically have their functional level set to Windows Server 2003 when you raise the forest functional level to Windows Server 2003. Additional Active Directory features are immediately available for each domain in the forest. The forest functional levels that can be set for Active Directory in Windows Server 2003 listed below. Windows 2000 : In this forest functional level, Windows NT, Windows 2000 and Windows Server 2003 domain controllers can exist in domains. Windows Server 2003 Interim : Windows NT backup domain controllers and Windows Server 2003 domain controllers can exist in domains. Windows Server 2003 : The domain controllers are all running Windows Server 2003.
Your Exchange organization is a candidate for native mode operation if you have no remaining Exchange 5.5 servers--or plans to add any--and you don't require Exchange 5.5 connectors. Now that you know about native vs. mixed mode, you may want to start planning a switch to native mode. While making the switch isn't difficult, it's permanent. Begin testing and refining your plan for switching to native mode in a lab environment now.
What is the "RAS and IAS" group in AD?

A Domain local group by default, this group has no members. Computers that are running the Routing and Remote Access service are added to the group automatically. Members of this group have access to certain properties of User objects, such as Read Account Restrictions, Read Logon Information, and Read Remote Access Information.
What are Conditions and Profile in RRAS Policies?

Remote access policies are an ordered set of rules that define whether remote access connection attempts are either authorized or rejected. Each rule includes one or more conditions (which identifies the criteria), a set of profile settings (to be applied on the connection attempt), and a permission setting (grant or deny) for remote access. This can be compared like a brain of the door-keeper (VPN server) which allows entry to your network from outside. Remote access policy decides who can access what resources from where using what tunnel settings. So configuring proper set of policies is important.
What types or authentication can a Windows 2003 based RRAS work with?
Routing and Remote Access Service (RRAS) and Internet Authentication Service (IAS), specifically: Support for L2TP/IPSec over NAT Network Access Quarantine, MSCHAPv2, MSCHAP, SPAP, EAP, Digest authentication NetBIOS-related enhancements EAP-TLS improvements improved remote access client support IAS Proxy RRAS was introduced as a built-in component in Windows 2000 Server (but it is also available as an add-on for Windows NT 4.0 Server). As its name indicates, it combines routing and remote access functionality into a single administrative interface, allowing the server to be turned into a secure, software-based router or a remote access server, or both. IAS (which first appeared in Windows 2000 server) is Microsoft's implementation of Remote Authentication Dial-In User Service (RADIUS), and its primary purpose is to provide authentication, authorization, and accounting functionality for remote access. Because of its role, it closely interacts with RRAS. Hence, this article describes both.
Windows 2003 RRAS has a number of new, no security-related features. It supports Point-to- Point Protocol over Ethernet (PPPoE), reflecting the growing popularity of broadband communication. It can also function as a bridge, combining separate, mixed media segments into a single networking subnet. What might also be a bit of surprise is the dependency between RRAS and Internet Connection Firewall (ICF), since this component was not available in Windows 2000. Like its Windows XP equivalent, the new version of ICF operates as a stateful firewall (intended for protecting Internet Connection Sharing), which means it tracks sessions initiated from the internal network and, by default, permits inbound traffic only if it constitutes part of these sessions. In addition, ICF selectively permits incoming traffic based on the targeted port and redirects it to any of internal IP addresses (on the same or a different port). Since the same functionality can be provided by RRAS (configurable from the NAT/Basic firewall tab of the interface properties dialog box in IP Routing node of the Routing and Remote Access MMC console snap-in), Microsoft decided to make them mutually exclusive. However, ICF must be disabled to activate RRAS to take full advantage of the security-related features detailed below.
How does SSL work?

SSL works by making sure processing transactions on line are secure by using different encryption/decryption programs SSL stands for Single Socket Layer and is a protocol (set of rules) used to secure Web connections. SSL works by the sharing of encrypted keys, or passwords. The keys are created in pairs---one a public key and one a private key. When the keys are traded in a particular manner between two parties, this protocol assures the parties in communication they are transacting with one another and not a hacker or phisher. It also assures the data being transmitted are not intercepted by someone else.
How does IPSec work?

IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit
How do I deploy IPSec for a large number of computers?

Just use this program Server and Domain Isolation Using IPsec and Group Policy
What types of authentication can IPSec use?

Deploying L2TP/IPSec-based Remote Access Deploying L2TP-based remote access VPN connections using Windows Server 2003 consists of the following: Deploy certificate infrastructure Deploy Internet infrastructure Deploy AAA infrastructure Deploy VPN servers Deploy intranet infrastructure Deploy VPN clients
What is PFS (Perfect Forward Secrecy) in IPSec?

In an authenticated key-agreement protocol that uses public key cryptography; perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future. Forward secrecy has been used as a synonym for perfect forward secrecy [1], since the term perfect has been controversial in this context. However, at least one reference [2] distinguishes perfect forward secrecy from forward secrecy with the additional property that an agreed key will not be compromised even if agreed keys derived from the same long-term keying material in a subsequent run are compromised.
How do I monitor IPSec?

The IP Security Monitor snap-in, a new feature in Windows Server 2003, can be used to monitor and troubleshoot IPSec activity. The IP Security Monitor snap-in provides enhanced IPSec security monitoring. As long as the IPSec policy is active, you can monitor how the IPSec policy is functioning within your networking environment through the IP Security Monitor. The main administrative activities which you can perform through the IP Security Monitor snap-in are listed here: Customize the IP Security Monitor display Monitor IPSec information on the local computer. Monitor IPSec information on remote computers. View IPSec statistics. View information on IPSec policies View security associations information. View generic filters View specific filters Search for specific filters based on IP address by default, the computer which is listed in the IP Security Monitor snap-in is the local computer. You can though add another computer(s) which you want to monitor to the IP Security Monitor
Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?

You can see the packages to pass, but you can not see its contents IPSec Packet Types IPSec packet types include the authentication header (AH) for data integrity and the encapsulating security payload (ESP) for data confidentiality and integrity. The authentication header (AH) protocol creates an envelope that provides integrity, data origin identification and protection against replay attacks. It authenticates every packet as a defense against session-stealing attacks. Although the IP header itself is outside the AH header, AH also provides limited verification of it by not allowing changes to the IP header after packet creation (note that this usually precludes the use of AH in NAT environments, which modify packet headers at the point of NAT). AH packets use IP protocol 51. The encapsulating security payload (ESP) protocol provides the features of AH (except for IP header authentication), plus encryption. It can also be used in a null encryption mode that provides the AH protection against replay attacks and other such attacks, without encryption or IP header authentication. This can allow for achieving some of the benefits of IPSec in a NAT environment that would not ordinarily work well with IPSec. ESP packets use IP protocol 50.
What can you do with NETSH?

Netsh is a command-line scripting utility that allows you to, either locally or remotely, display, modify or script the network configuration of a computer that is currently running. Usage: netsh [-a AliasFile] [-c Context] [-r RemoteMachine] [Command | -f ScriptFile] The following commands are available: Commands in this context: ? - Displays a list of commands. add - Adds a configuration entry to a list of entries. delete - Deletes a configuration entry from a list of entries. dump - Displays a configuration script. exec - Runs a script file. help - Displays a list of commands. interface - Changes to the `interface' context. ras - Changes to the `ras' context. routing - Changes to the `routing' context. set - Updates configuration settings. show - Displays information.
How do I look at the open ports on my machine?

In Windows Simply Type command in cmd netstat a
ACTIVE Directory
What is Active Directory?

An advanced hierarchical directory service that comes with Windows servers and used for managing permissions and user access to network resources Introduced in Windows 2000, Active Directory is a domain-based network that is structured like the Internet's Domain Naming System (DNS). Using the LDAP directory access protocol, a company's workgroups (departments, sections, offices, etc.) are assigned domain names similar to Web addresses, and any LDAP-compliant Windows, Mac, Unix or Linux client can access them. Active Directory can function in a heterogeneous, enterprise network and encompass other directories including NDS and NIS+. Cisco supports Active Directory in its IOS router operating system. See domain-based network, LDAP, forests and trees, Internet domain name, ADSI and directory service.
What is LDAP?
(Lightweight Directory Access Protocol) A protocol used to access a directory listing. LDAP support is implemented in Web browsers and e-mail programs, which can query an LDAP-compliant directory. LDAP is a sibling protocol to HTTP and FTP and uses the ldap:// prefix in its URL. LDAP is a simplified version of the DAP protocol, which is used to gain access to X.500 directories. It is easier to code the query in LDAP than in DAP, but LDAP is less comprehensive. For example, DAP can initiate searches on other servers if an address is not found, while LDAP cannot in its initial specification. See DSML and ADSI
Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictionaries used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server ) you can use dirXML or LDAP to connect to other directories (i.e. E-directory from Novell).
Where is the AD database held? What other folders are related to AD?
The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. The active directory uses the sysvol folder as well the file is called as ntds.dit. Along with this file there are other files also present in this folder. The files are created when you run dcpromo. The list of files and use of those files are listed below 1. ntds.dit : This is the main database file for active directory.
2.
3. 4. 5.
edb.log : When a transaction performed to ad database, like writing some data first the data will be stored to this file. And after that it will be sent to database. So the system performance will be depends on how this data from edb.log file will be written to ntds.dit res1.log : Used as reserve space in the case when drive had low space. It is basically 10MB in size and created when we run dcpromo. res2.log : Same as res1.log. It is also 10MB in size and the purpose also same. edb.chk : This file records the transactions committed to ad database. During shutdown, shutdown statement is written to this file. If it is not found when the system rebooted, the ad database tries to check with edb.log for the updated information. Edb corruption or Edb active directory corruption is really serious. However you can get this repaired by using edb repair tool.
The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. The active directory uses the sysvol folder as well
What is the SYSVOL folder?

All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition. B: The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS) forest. This is a quote from Microsoft themselves, basically the domain controller info stored in files like your group policy stuff is replicated through this folder structure Network clients access the contents of the SYSVOL tree by using the following shared folders: NETLOGON SYSVOL
Name the AD NCs and replication issues for each NC

Name the AD NCs and replication issues for each NC Schema NC, Configuration NC, Domain NC Schema NC This NC is replicated to every other domain controller in the forest. It contains information about the Active Directory schema, which in turn defines the different object classes and attributes within Active Directory. Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide configuration information pertaining to the physical layout of Active Directory, as well as information about display specifiers and forest-wide Active Directory quotas. Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the NC that contains the most commonly-accessed Active Directory data: the actual users, groups, computers, and other objects that reside within a particular Active Directory domain.
What are application partitions? When do I use them

An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition. Application directory partitions are usually created by the applications that will use them to store and replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool. One of the benefits of an application directory partition is that, for redundancy, availability, or fault tolerance, the data in it can be replicated to different domain controllers in a forest
How do you create a new application partition

ANSWERA When you create an application directory partition, you are creating the first instance of this partition. You can create an application directory partition by using the create nc option in the domain management menu of Ntdsutil. When creating an application directory partition using LDP or ADSI, provide a description in the description attribute of the domain DNS object that indicates the specific application that will use the partition. For example, if the application directory partition will be used to store data for a Microsoft accounting program, the description could be Microsoft accounting application. Ntdsutil does not facilitate the creation of a description. To create or delete an application directory partition 1. 2. 3. 4. Open Command Prompt. Type: Ntdsutil At the Ntdsutil command prompt, type: domain management At the domain management command prompt, do one of the following:
To create an application directory partition, type: create ncApplicationDirectoryPartitionDomainCo... Start >> RUN>> CMD >> type there "NTDSUTIL" Press Enter Ntdsutil: domain management Press Enter Domain Management: Create NC dc=, dc=, dc=com <> ANSWERB Create an application directory partition by using the DnsCmd command Use the DnsCmd command to create an application directory partition. To do this, use the following syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition To create an application directory partition that is named CustomDNSPartition on a domain controller that is named DC-1, follow these steps: 1. 2. Click Start, click Run, type cmd, and then click OK. Type the following command, and then press ENTER:dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com
When the application directory partition has been successfully created, the following information appears: DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed successfully. Configure an additional domain controller DNS server to host the application directory partition Configure an additional domain controller that is acting as a DNS server to host the new application directory partition that you created. To do this, use the following syntax with the DnsCmd command: DnsCmd ServerName /EnlistDirectoryPartition FQDN of partition To configure the example domain controller that is named DC-2 to host this custom application directory partition, follow these steps: 1. 2. Click Start, click Run, type cmd, and then click OK. Type the following command, and then press ENTER:dnscmd DC-2 /enlistdirectorypartition CustomDNSPartition.contoso.com
The following information appears: DNS Server DC-2 enlisted directory partition: CustomDNSPartition.contoso.com Command completed successfully.
How do you view replication properties for AD partitions and DCs?

By using replication monitor
Go to start > run > type repadmin Go to start > run > type replmon
What is the Global Catalog?

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers. In addition to configuration and schema directory partition replicas, every domain controller in a Windows 2000 Server or Windows Server 2003 forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object. The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.
How do you view all the GCs in the forest?

C:\>repadmin /showreps domain_controller OR -You can use Replmon.exe for the same purpose OR-AD Sites and Services and nslookup gc_msdcs. To find the in GC from the command line you can try using DSQUERY command. dsquery server -isgc to find all the gc's in the forest you can try dsquery server -forest -isgc.
Why not make all DCs in a large forest as GCs?

ANSWER1 The reason that all DCs are not GCs to start is that in large (or even Giant) forests the DCs would all have to hold a reference to every object in the entire forest which could be quite large and quite a replication burden. For a few hundred, or a few thousand users even, this not likely to matter unless you have really poor WAN lines.
ANSWER2 There can be only one GC. If we make all DCs as GC then There will be huge amount network traffic which can choke the network There will be problems in replications There will be issues in consistency of objects in the forest There would be issues in authentications There will be chances of duplicate objects in the domains That is why there is only ONE GC per forest which has all the info about the objects groups etc.
Trying to look at the Schema, how can I do that?

Different database servers use different commands to look at a schema. Additionally, the client software that you use has features that make it easier to manipulate database objects. MS SQL Server sp_help lists all tables in a schema sp_help [tablename] displays information for table [tablename] Oracle select table_name from sys.user_tables list all tables for the current schema select t.* from sys.user_tab_columns t list all tables, columns, and data types for the current schema There are entire websites dedicated to database programming. Windows Active Directory I believe this question is referring to the Active Directory schema, in which case, adsiedit.exe is a good place to start. Please follow this link for more info: http://technet.microsoft.com/en-us/library/cc757747.aspx#w2k3tr_schem_tools_dzid Option to view the schema Register schmmgmt.dll using this command c:\windows\system32>regsvr32 schmmgmt.dll Open mmc --> add snapin --> add Active directory schema Name it as schema.msc Open administrative tool --> schema.msc
What are the Support Tools? Why do I need them?

Support Tools are the tools that are used for performing the complicated tasks easily. These can also be the third party tools. Some of the Support tools include DebugViewer, DependencyViewer, RegistryMonitor, etc.
-edit by Casquehead I believe this question is reffering to the Windows Server 2003 Support Tools, which are included with Microsoft Windows Server 2003 Service Pack 2. They are also available for download here: http://www.Microsoft.com/downloads/details.aspx?familyid=96A35011-FD83-419D-939B9A772EA2DF90&displaylang=en You need them because you cannot properly manage an Active Directory network without them. Here they are, it would do you well to familiarize yourself with all of them. Acldiag.exe Adsiedit.msc Bitsadmin.exe Dcdiag.exe Dfsutil.exe Dnslint.exe Dsacls.exe Iadstools.dll Ktpass.exe Ldp.exe Netdiag.exe Netdom.exe Ntfrsutl.exe Portqry.exe Repadmin.exe Replmon.exe Setspn.exe
What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?
What is LDP? A: The Lightweight Directory Access Protocol, or LDAP is an application protocol for querying and modifying directory services running over TCP/IP.[1] A directory is a set of objects with attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of names (either of persons or organizations) organized alphabetically, with each name having an address and phone number attached. An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain name system (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries). Its current version is LDAPv3, which is specified in a series of Internet Engineering Task Force (IETF) Standard Track Requests for comments (RFCs) as detailed in RFC 4510. LDAP means Light-Weight Directory Access Protocol. It determines how an object in an Active
directory should be named. LDAP (Lightweight Directory Access Protocol) is a proposed open standard for accessing global or local directory services over a network and/or the Internet. A directory, in this sense, is very much like a phone book. LDAP can handle other information, but at present it is typically used to associate names with phone numbers and email addresses. LDAP directories are designed to support a high volume of queries, but the data stored in the directory does not change very often. It works on port no. 389. LDAP is sometimes known as X.500 Lite. X.500 is an international standard for directories and full-featured, but it is also complex, requiring a lot of computing resources and the full OSI stack. LDAP, in contrast, can run easily on a PC and over TCP/IP. LDAP can access X.500 directories but does not support every capability of X.500 What is REPLMON? A: Replmon is the first tool you should use when troubleshooting Active Directory replication issues. As it is a graphical tool, replication issues are easy to see and somewhat easier to diagnose than using its command line counterparts. The purpose of this document is to guide you in how to use it, list some common replication errors and show some examples of when replication issues can stop other network installation actions. for more go to http://www.techtutorials.net/articles/replmon_howto_a.html What is ADSIEDIT?
A: ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL ADSIEDIT.MSC Regarding system requirements, a connection to an Active Directory environment and Microsoft Management Console (MMC) is necessary What is NETDOM? A: NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels A: Enables administrators to manage Active Directory domains and trust relationships from the command prompt. Netdom is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use netdom, you must run the netdom command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator. You can use netdom to: Join a computer that runs Windows XP Professional or Windows Vista to a Windows Server 2008 or Windows Server 2003 or Windows 2000 or Windows NT 4.0 domain. Provide an option to specify the organizational unit (OU) for the computer account. Generate a random computer password for an initial Join operation.
Manage computer accounts for domain member workstations and member servers. Management operations include: Add, Remove, Query. An option to specify the OU for the computer account. An option to move an existing computer account for a member workstation from one domain to another while maintaining the security descriptor on the computer account. Establish one-way or two-way trust relationships between domains, including the following kinds of trust relationships: From a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain to a Windows NT 4.0 domain. From a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain to a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain in another enterprise. Between two Windows 2000 or Windows Server 2003 or Windows Server 2008 domains in an enterprise (a shortcut trust). The Windows Server 2008 or Windows Server 2003 or Windows 2000 Server half of an interoperable Kerberos protocol realm. Verify or reset the secure channel for the following configurations: Member workstations and servers. Backup domain controllers (BDCs) in a Windows NT 4.0 domain. Specific Windows Server 2008 or Windows Server 2003 or Windows 2000 replicas. Manage trust relationships between domains, including the following operations: Enumerate trust relationships (direct and indirect). View and change some attributes on a trust. Syntax Netdom uses the following general syntaxes: NetDom <Operation> [<Computer>] [{/d: | /domain:} <Domain>] [<Options>] NetDom help <Operation http://technet.microsoft.com/en-us/library/cc772217.aspx
What are sites? What are they used for?

One or more well-connected (highly reliable and fast) TCP/IP subnets a site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network. B: A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets.[3] Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic. Sites can be linked to other Sites. Site-linked objects may be assigned a cost value that represents the speed, reliability, availability, or other real property of a physical resource. Site Links may also be assigned a schedule
What's the difference between a site link's schedule and interval?

Any time two networks are separated by links that are heavily used during parts of the day and are idle during other parts of the day, put those networks into separate sites. You can use the ability to
schedule replication between sites to prevent replication traffic from competing with other traffic during high usage hours. In simple words you can define it as the time when you allow the replication to happen. Interval is also a part of schedule but it takes cares of the replication polling frequency. In other words in a said schedule of say 9:00 AM to 1 PM replication polling should occur in every 15 minutes. Schedule here is 9:00 AM to 1 PM Interval is every 15 minutes
What is the KCC?

KCC comes under Active Directory Section. KCC: Knowledge Consistency Checker. DEF As soon as you install the second domain controller in a forest, a process called the knowledge consistency checker begins running on every domain controller. The KCC is responsible for generating the replication topology and dynamically handling the changes and failures within the replication topology. By default the KCC on every domain controller recalculates the replication topology for every 15mins. The more the replication topology, the more the processing power it takes to perform. DEF2 With in a Site, a Windows server 2003 service known as the KCC automatically generates a topology for replication among the domain controllers in the domain using a ring structure. The Kcc is a built in process that runs on all domain controllers. The KCC analyzes the replication topology within a site every 15 minute to ensure that it still works. If you add or remove a domain controller from the network or a site, the KCC reconfigures the topology to reflect the change. DEF3 KCC is Knowledge Consistency Checker, which creates the connection object that links the DCs into common replication topology and dictates the replication routes between one DC to another in Active Directory forest
What is the ISTG? Who has that role by default?

Intersite Topology Generator (ISTG), which is responsible for the connections among the sites. By default Windows 2003 Forest level functionality has this role. By Default the first Server has this role. If that server can no longer perform this role then the next server with the highest GUID then takes over the role of ISTG
What are the requirements for installing AD on a new server?

An NTFS partition with enough free space (250MB minimum) An Administrator's username and password The correct operating system version A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway) A network connection (to a hub or to another computer via a crossover cable) An operational DNS server (which can be installed on the DC itself) A Domain name that you want to use The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder) From the Petri IT Knowledge base.
What can you do to promote a server to DC if you're in a remote location with slow WAN link?
Take the system state backup of current Global Catalog server Write/burn it on the CD Send the CD to the destination (remote location) On the new server which needs to be promoted to be DC Type dcpromo/adv on run Then follow the steps. Click Run, type dcpromo /adv to open the Active Directory Installation Wizard with the option to create an additional domain controller from restored backup files. On the Domain Controller Type page, click Additional domain controller for an existing domain, and then click next. On the Copying Domain Information page, can do any of the following steps: Click From these restored backup files, and type or Browse to locate the restored files, and then click next. On the Network Credentials page, type the user name, password, and user domain of the user account you want to use for this operation, and then click next. The user account must be a member of the Domain Admins group for the target domain. On the Database and Log Folders page, type the location in which you want to install the database and log folders, or click Browse to choose a location, and then click next. On the Shared System Volume page, type the location in which you want to install the Sysvol folder, or click Browse to choose a location, and then click next. On the Directory Services Restore Mode Administrator Password page, type and confirm the password that you want to assign to the Administrator account for this server, and then click next. Use this password when starting the computer in Directory Services Restore Mode. Restart the computer.
How can you forcibly remove AD from a server, and what do you do later?
dcpromo /forceremoval forcibly remove AD from a Server. After you use the dcpromo /forceremoval command, all the remaining metadata for the demoted DC is
not deleted on the surviving domain controllers, and therefore you must manually remove it by using the NTDSUTIL command.
Can I get user passwords from the AD database?

The passwords in AD are not stored encrypted by default, so they cannot be decrypted. They are hashed. The only way to recover the data from a hash is with some sort of a hacking algorithm that attempts to crack the hash (such tools exist).
What tool would I use to try to grab security related packets from the wire?
You must use sniffer-detecting tools to help stop the snoops. ... A good packet sniffer would be "ethereal" http://www.ethereal.com/
Name some OU design considerations.

OU design requires balancing requirements for delegating administrative rights - independent of Group Policy needs - and the need to scope the application of Group Policy. The following OU design recommendations address delegation and scope issues: Applying Group Policy An OU is the lowest-level Active Directory container to which you can assign Group Policy settings. Delegating administrative authority Usually don't go more than 3 OU levels
What is tombstone lifetime attribute?

The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and preventing restores from reintroducing a deleted object. This value is in the Directory Service object in the configuration NIC By default 2000 (60 days) 2003 (180 days)
What do you do to install a new Windows 2003 DC in a Windows 2000 AD?

If you plan to install windows 2003 server domain controllers into an existing windows 2000 domain or upgrade a windows 2000 domain controllers to windows server 2003, you first need to run the Adprep.exe utility on the windows 2000 domain controllers currently holding the schema master and infrastructure master roles. The adprep / forestprer command must first be issued on the windows 2000 server holding schema master role in the forest root doman to prepare the existing schema to support windows 2003 active directory. The adprep /domainprep command must be issued on the sever holding the infrastructure master role in the domain where 2000 server will be deployed
What do you do to install a new Windows 2003 R2DC in a Windows 2003 AD?
If you're installing Windows 2003 R2 on an existing Windows 2003 server with SP1 installed, you require only the second R2 CD-ROM. Insert the second CD and the r2auto.exe will display the Windows 2003 R2 Continue Setup screen. If you're installing R2 on a domain controller (DC), you must first upgrade the schema to the R2 version (this is a minor change and mostly related to the new Dfs replication engine). To update the schema, run the Adprep utility, which you'll find in the Cmpnents\r2\adprep folder on the second CD-ROM. Before running this command, ensure all DCs are running Windows 2003 or Windows 2000 with SP2 (or later). Here's a sample execution of the Adprep /forestprep command: D:\CMPNENTS\R2\ADPREP>adprep /forestprep ADPREP WARNING: Before running adprep, all Windows 2000 domain controllers in the forest should be upgraded to Windows 2000 Service Pack 1 (SP1) with QFE 265089, or to Windows 2000 SP2 (or later). QFE 265089 (included in Windows 2000 SP2 and later) is required to prevent potential domain controller corruption. For more information about preparing your forest and domain see KB article Q3311 61 at http://support.microsoft.com. [User Action] If ALL your existing Windows 2000 domain controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENT ER to quit. C Opened Connection to SAVDALDC01 SSPI Bind succeeded Current Schema Version is 30 Upgrading schema to version 31 Connecting to "SAVDALDC01" Logging in as current user using SSPI Importing directory from file "C:\WINDOWS\system32\sch31.ldf" Loading entries..................................................... ...................................................... 139 entries modified successfully. The command has completed successfully Adprep successfully updated the forest-wide information. After running Adprep, install R2 by performing these steps:
1. 2. 3.
4. 5.
Click the "Continue Windows Server 2003 R2 Setup" link, as the figureshows. At the "Welcome to the Windows Server 2003 R2 Setup Wizard" screen, click next. You'll be prompted to enter an R2 CD key (this is different from your existing Windows 2003 keys) if the underlying OS wasn't installed from R2 media (e.g., a regular Windows 2003 SP1 installation). Enter the R2 key and click next. Note: The license key entered for R2 must match the underlying OS type, which means if you installed Windows 2003 using a volume-license version key, then you can't use a retail or Microsoft Developer Network (MSDN) R2 key. You'll see the setup summary screen which confirms the actions to be performed (e.g., Copy files). Click Next. After the installation is complete, you'll see a confirmation dialog box. Click Finish
How would you find all users that have not logged on since last month?
Using only native commands, JSILLD.bat produces a sorted/formatted report of Users who have not logged on since YYYYMMDD. The reports is sorted by Username and list the user's full name and last logon date. The syntax for using JSILLD.bat is: JSILLD \Folder\OutputFile.Ext YYYYMMDD [/N] Where: YYYYMMDD will report all users who have not logged on since this date. /N is an optional parameter that will bypass users who have never logged on. JSILLD.bat contains: @echo off setlocal if {%2}=={} goto syntax if "%3"=="" goto begin if /i "%3"=="/n" goto begin :syntax @echo Syntax: JSILLD File yyyymmdd [/N] endlocal goto :EOF :begin if /i "%2"=="/n" goto syntax set dte=%2 set XX=%dte:~0,4% if "%XX%" LSS "1993" goto syntax set XX=%dte:~4,2% if "%XX%" LSS "01" goto syntax if "%XX%" GTR "12" goto syntax set XX=%dte:~6,2% if "%XX%" LSS "01" goto syntax if "%XX%" GTR "31" goto syntax set never=X if /i "%3"=="/n" set never=/n set file=%1 if exist %file% del /q %file% for /f "Skip=4 Tokens=*" %%i in ('net user /domain^|findstr /v /c:"----"^|findstr /v /i /c:"The command completed"') do ( do call :parse "%%i"
) endlocal goto :EOF :parse set str=#%1# set str=%str:#"=% set str=%str:"#=% set substr=%str:~0,25%# set substr=%substr: =% set substr=%substr: #=% set substr=%substr:#=% if "%substr%"=="" goto :EOF for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i" set substr=%str:~25,25%# set substr=%substr: =% set substr=%substr: #=% set substr=%substr:#=% if "%substr%"=="" goto :EOF for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i" set substr=%str:~50,25%# set substr=%substr: =% set substr=%substr: #=% set substr=%substr:#=% if "%substr%"=="" goto :EOF for /f "Skip=1 Tokens=*" %%i in ('net user "%substr%" /domain') do call :parse1 "%%i" goto :EOF :parse1 set ustr=%1 if %ustr%=="The command completed successfully." goto :EOF set ustr=%ustr:"=% if /i "%ustr:~0,9%"=="Full Name" set fullname=%ustr:~29,99% if /i not "%ustr:~0,10%"=="Last logon" goto :EOF set txt=%ustr:~29,99% for /f "Tokens=1,2,3 Delims=/ " %%i in ('@echo %txt%') do set MM=%%i&set DD=%%j&set YY=%%k if /i "%MM%"=="Never" goto tstnvr goto year :tstnvr if /i "%never%"=="/n" goto :EOF goto report :year if "%YY%" GTR "1000" goto mmm if "%YY%" GTR "92" goto Y19 set /a YY=100%YY%%%100 set YY=%YY% + 2000 goto mmm :Y19 set YY=19%YY% :mmm set /a XX=100%MM%%%100 if %XX% LSS 10 set MM=0%XX% set /a XX=100%DD%%%100 if %XX% LSS 10 set DD=0%XX% set YMD=%YY%%MM%%DD%
if "%YMD%" GEQ "%dte%" goto :EOF :report set fullname=%fullname% # set fullname=%fullname:~0,35% set substr=%substr% # set substr=%substr:~0,30% @echo %substr% %fullname% %txt% >> %file%
What are the DS* commands?

New DS (Directory Service) Family of built-in command line utilities for Windows Server 2003 Active Directory New DS built-in tools for Windows Server 2003 The DS (Directory Service) group of commands are split into two families. In one branch are DSadd, DSmod, DSrm and DSMove and in the other branch are DSQuery and DSGet. When it comes to choosing a scripting tool for Active Directory objects, you really are spoilt for choice. The the DS family of built-in command line executables offer alternative strategies to CSVDE, LDIFDE and VBScript. Let me introduce you to the members of the DS family: DSadd - add Active Directory users and groups DSmod - modify Active Directory objects DSrm - to delete Active Directory objects DSmove - to relocate objects DSQuery - to find objects that match your query attributes DSget - list the properties of an object DS Syntax These DS tools have their own command structure which you can split into five parts: 12345 Tool object "DN" (as in LDAP distinguished name) -switch value For example: DSadd user "cn=billy, ou=managers, dc=cp, dc=com" -pwd cX49pQba This will add a user called Billy to the Managers OU and set the password to cx49Qba Here are some of the common DS switches which work with DSadd and DSmod -pwd (password) -upn (userPrincipalName) -fn (FirstName) -samid (Sam account name). The best way to learn about this DS family is to logon at a domain controller and experiment from the command line. I have prepared examples of the two most common programs. Try some sample commands for DSadd.
Two most useful Tools: DSQuery and DSGet the DSQuery and DSGet remind me of UNIX commands in that they operate at the command line, use powerful verbs, and produce plenty of action. One pre-requisite for getting the most from this DS family is a working knowledge of LDAP. If you need to query users or computers from a range of OU's and then return information, for example, office, department manager. Then DSQuery and DSGet would be your tools of choice. Moreover, you can export the information into a text file
What's the difference between LDIFDE and CSVDE? Usage considerations?

Ldifde Ldifde creates, modifies, and deletes directory objects on computers running Windows Server 2003 operating systems or Windows XP Professional. You can also use Ldifde to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services. The LDAP Data Interchange Format (LDIF) is a draft Internet standard for a file format that may be used for performing batch operations against directories that conform to the LDAP standards. LDIF can be used to export and import data, allowing batch operations such as add, create, and modify to be performed against the Active Directory. A utility program called LDIFDE is included in Windows 2000 to support batch operations based on the LDIF file format standard. This article is designed to help you better understand how the LDIFDE utility can be used to migrate directories. http://support.microsoft.com/kb/237677 Csvde Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format. You can also support batch operations based on the CSV file format standard. Csvde is a command-line tool that is built into Windows Server 2008 in the/system32 folder. It is available if you have the AD DS or Active Directory Lightweight Directory Services (AD LDS) server role installed. To use csvde, you must run the csvde command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator. http://technet.microsoft.com/en-us/library/cc732101.aspx DIFFERENCE USAGE WISE Csvde.exe is a Microsoft Windows 2000 command-line utility that is located in the Systemroot\System32 folder after you install Windows 2000. Csvde.exe is similar to Ldifde.exe, but it extracts information in a comma-separated value (CSV) format. You can use Csvde to import and export Active Directory data that uses the comma-separated value format. Use a spreadsheet program such as Microsoft Excel to open this .csv file and view the header and value information. See
Microsoft Excel Help for information about functions such as Concatenate that can simplify the process of building a .csv file. Note Although Csvde is similar to Ldifde, Csvde has a significant limitation: it can only import and export Active Directory data by using a comma-separated format (.csv). Microsoft recommends that you use the Ldifde utility for Modify or Delete operations. Additionally, the distinguished name (also known as DN) of the item that you are trying to import must be in the first column of the .csv file or the import will not work. The source .csv file can come from an Exchange Server directory export. However, because of the difference in attribute mappings between the Exchange Server directory and Active Directory, you must make some modifications to the .csv file. For example, a directory export from Exchange Server has a column that is named "obj-class" that you must rename to "objectClass." You must also rename "Display Name" to "displayName."
What are the FSMO roles? Who has them by default? What happens when each one fails?
FSMO stands for the Flexible single Master Operation It has 5 Roles: Schema Master: The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest. Infrastructure Master: When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain. Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and
a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role. Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security Principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain. PDC Emulator: The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage. The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their inbound time partner. :: In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions: :: Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator. Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user. Account lockout is processed on the PDC emulator. Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator. The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients. This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment.
What FSMO placement considerations do you know of?

Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory. In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO
roles from the default holder DC to a different DC. Windows Server 2003 Active Directory is a bit different than the Windows 2000 version when dealing with FSMO placement. In this article I will only deal with Windows Server 2003 Active Directory, but you should bear in mind that most considerations are also true when planning Windows 2000 AD FSMO roles
I want to look at the RID allocation table for a DC. What do I do?
1. Install support tools from OS disk(OS Inst: Disk=>support=>tools=>suptools.msi) 2. In Command prompt type dcdiag /test:ridmanager /s:system1 /v (system1 is the name of our DC)
What's the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why?
Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available. If the domain controller that is the Schema Master FSMO role holder is temporarily unavailable, DO NOT seize the Schema Master role. If you are going to seize the Schema Master, you must permanently disconnect the current Schema Master from the network. If you seize the Schema Master role, the boot drive on the original Schema Master must be completely reformatted and the operating system must be cleanly installed, if you intend to return this computer to the network. NOTE: The Boot Partition contains the system files (\System32). The System Partition is the partition that contains the startup files, NTDetect.com, NTLDR, Boot.ini, and possibly Ntbootdd.sys.
The Active Directory Installation Wizard (Dcpromo.exe) assigns all 5 FSMO roles to the first domain controller in the forest root domain. The first domain controller in each new child or tree domain is assigned the three domain-wide roles. Domain controllers continue to own FSMO roles until they are reassigned by using one of the following methods
How do you configure a "stand-by operation master" for any of the roles?
1. 2. 3. 4. 5. Open Active Directory Sites and Services. Expand the site name in which the standby operations master is located to display the Servers folder. Expand the Servers folder to see a list of the servers in that site. Expand the name of the server that you want to be the standby operations master to display its NTDS Settings. Right-click NTDS Settings, click New, and then click Connection.
6. In the Find Domain Controllers dialog box, select the name of the current role holder, and then click OK. 7. In the New Object-Connection dialog box, enter an appropriate name for the Connection object or accept the default name, and click OK
How do you backup AD?

Backing up Active Directory is essential to maintain an Active Directory database. You can back up Active Directory by using the Graphical User Interface (GUI) and command-line tools that the Windows Server 2003 family provides.
You frequently backup the system state data on domain controllers so that you can restore the most current data. By establishing a regular backup schedule, you have a better chance of recovering data when necessary. To ensure a good backup includes at least the system state data and contents of the system disk, you must be aware of the tombstone lifetime. By default, the tombstone is 60 days. Any backup older than 60 days is not a good backup. Plan to backup at least two domain controllers in each domain, one of at least one backup to enable an authoritative restore of the data when necessary. System State Data Several features in the windows server 2003 family make it easy to backup Active Directory. You can backup Active Directory while the server is online and other network function can continue to function. System state data on a domain controller includes the following components: Active Directory system state data does not contain Active Directory unless the server, on which you are backing up the system state data, is a domain controller. Active Directory is present only on domain controllers. The SYSVOL shared folder: This shared folder contains Group policy templates and logon scripts. The SYSVOL shared folder is present only on domain controllers. The Registry: This database repository contains information about the computer's configuration. System startup files: Windows Server 2003 requires these files during its initial startup phase. They include the boot and system files that are under windows file protection and used by windows to load, configure, and run the operating system. The COM+ Class Registration database: The Class registration is a database of information about Component Services applications. The Certificate Services database: This database contains certificates that a server running Windows server 2003 uses to authenticate users. The Certificate Services database is present only if the server is operating as a certificate server. System state data contains most elements of a system's configuration, but it may not include all of the information that you require recovering data from a system failure. Therefore, be sure to backup all boot and system volumes, including the System State, when you back up your server. Restoring Active Directory In Windows Server 2003 family, you can restore the Active Directory database if it becomes corrupted
or is destroyed because of hardware or software failures. You must restore the Active Directory database when objects in Active Directory are changed or deleted. Active Directory restore can be performed in several ways. Replication synchronizes the latest changes from every other replication partner. Once the replication is finished each partner has an updated version of Active Directory. There is another way to get these latest updates by Backup utility to restore replicated data from a backup copy. For this restore you don't need to configure again your domain controller or no need to install the operating system from scratch. Active Directory Restore Methods You can use one of the three methods to restore Active Directory from backup media: primary restore, normal (non authoritative) restore, and authoritative restore. Primary restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of Administrators group can perform the primary restore on local computer, or user should have been delegated with this responsibility to perform restore. On a domain controller only Domain Admins can perform this restore. Normal restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state. Authoritative restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. Ntdsutil is a command line utility to perform an authoritative restore along with windows server 2003 system utilities. The Ntdsutil command-line tool is an executable file that you use to mark Active Directory objects as authoritative so that they receive a higher version recently changed data on other domain controllers does not overwrite system state data during replication
How do you restore AD?

Restoring Active Directory in Windows Server 2003 family, you can restore the Active Directory database if it becomes corrupted or is destroyed because of hardware or software failures. You must restore the Active Directory database when objects in Active Directory are changed or deleted. Active Directory restore can be performed in several ways. Replication synchronizes the latest changes from every other replication partner. Once the replication is finished each partner has an updated version of Active Directory. There is another way to get these latest updates by Backup utility to restore replicated data from a backup copy. For this restore you don't need to configure again your domain controller or no need to install the operating system from scratch. Active Directory Restore Methods You can use one of the three methods to restore Active Directory from backup media: primary restore, normal (non authoritative) restore, and authoritative restore.
Primary restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of Administrators group can perform the primary restore on local computer, or user should have been delegated with this responsibility to perform restore. On a domain controller only Domain Admins can perform this restore. Normal restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state. Authoritative restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. Ntdsutil is a command line utility to perform an authoritative restore along with windows server 2003 system utilities. The Ntdsutil command-line tool is an executable file that you use to mark Active Directory objects as authoritative so that they receive a higher version recently changed data on other domain controllers does not overwrite system state data during replication. METHOD A. You can't restore Active Directory (AD) to a domain controller (DC) while the Directory Service (DS) is running. To restore AD, perform the following steps. Reboot the computer. At the boot menu, select Windows 2000 Server. Don't press Enter. Instead, press F8 for advanced options. You'll see the following text. OS Loader V5.0 Windows NT Advanced Options Menu Please selects an option: Safe Mode Safe Mode with Networking Safe Mode with Command Prompt Enable Boot Logging Enable VGA Mode Last Known Good Configuration Directory Services Restore Mode (Windows NT domain controllers only) Debugging Mode Use | and | to move the highlight to your choice. Press Enter to choose. Scroll down, and select Directory Services Restore Mode (Windows NT domain controllers only). Press Enter. When you return to the Windows 2000 Server boot menu, press Enter. At the bottom of the screen, you'll see in red text Directory Services Restore Mode (Windows NT domain controllers only). The computer will boot into a special safe mode and won't start the DS. Be aware that during this time the machine won't act as a DC and won't perform functions such as authentication.
Start NT Backup. Select the Restore tab. Select the backup media, and select System State. Click Start Restore. Click OK in the confirmation dialog box. After you restore the backup, reboot the computer and start in normal mode to use the restored information. The computer might hang after the restore completes; Sometimes it takes a 30-minute wait on some machines.
How do you change the DS Restore admin password?

ANSWER1 The Administrator password that you use when you start Recovery Console or when you press F8 to start Directory Service Restore Mode is stored in the registry-based Security Accounts Manager (SAM) on the local computer. The SAM is located in the\System32\Config folder. The SAMbased account and password are computer specific and they are not replicated to other domain controllers in the domain. For ease of administration of domain controllers or for additional security measures, you can change the Administrator password for the local SAM. To change the local Administrator password that you use when you start Recovery Console or when you start Directory Service Restore Mode, use one of the following methods. Back to the top Method 1 If Windows 2000 Service Pack 2 or later is installed on your computer, you can use the Setpwd.exe utility to change the SAM-based Administrator password. To do this: 1. Log on to the computer as the administrator or a user who is a member of the Administrators group. 2. At a command prompt, change to the\System32 folder. 3. To change the local SAM-based Administrator password, type setpwd, and then press ENTER. To change the SAM-based Administrator password on a remote domain controller, type the following command at a command prompt, and then press ENTER setpwd /s:servername where servername is the name of the remote domain controller. 4. When you are prompted to type the password for the Directory Service Restore Mode Administrator account, type the new password that you want to use. NOTE: If you make a mistake, repeat these steps to run setpwd again. For additional information about the Setpwd.exe utility, click the article number below to view the article in the Microsoft Knowledge Base: 271641 (http://support.microsoft.com/kb/271641/EN-US/) The Configure Your Server Wizard Sets Blank Recovery Password Back to the top Method 2 1. Log on to the computer as the administrator or a user who is a member of the Administrators group. 2. Shut down the domain controller on which you want to change the password. 3. Restart the
computer. When the selection menu screen is displayed during restar, press F8 to view advanced startup options. 4. Click the Directory Service Restore Mode option. 5. After you log on, use one of the following methods to change the local Administrator password: at a command prompt, type the following command: net user administrator * Use the Local User and Groups snap-in (Lusrmgr.msc) to change the Administrator password. 6. Shut down and restart the computer. You can now use the Administrator account to log on to Recovery Console or Directory Services Restore Mode using the new password. For additional information about how to secure the local SAM, click the article number below to view the article in the Microsoft Knowledge Base: 223301 (http://support.microsoft.com/kb/223301/EN-US/) Protection of the Administrator Account in the Offline SAM ANSWER2 To Reset the DSRM Administrator Password 1. 2. 3. 4. Click Start, click Run, type ntdsutil, and then click OK. At the Ntdsutil command prompt, type set dsrm password. At the DSRM command prompt, type one of the following lines: To reset the password on the server on which you are working, type reset password on server null. The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.
-orTo reset the password for another server, type reset password on server ServerName, where ServerName is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password. 6. At the DSRM command prompt, type q. 7. At the Ntdsutil command prompt, type q to exit 5.
Why can't you restore a DC that was backed up 4 months ago?

Because of the tombstone life which is set to only 60 days
What are GPOs?

Group Policy gives you administrative control over users and computers in your network. By using Group Policy, you can define the state of a user's work environment once, and then rely on Windows Server 2003 to continually force the Group Policy settings that you apply across an entire organization or to specific groups of users and computers. Group Policy Advantages You can assign group policy in domains, sites and organizational units.
All users and computers get reflected by group policy settings in domain, site and organizational unit. No one in network has rights to change the settings of Group policy; by default only administrator has full privilege to change, so it is very secure. Policy settings can be removed and can further rewrite the changes. Where GPO's store Group Policy Information Group Policy objects store their Group Policy information in two locations: Group Policy Container: The GPC is an Active Directory object that contains GPO status, version information, WMI filter information, and a list of components that have settings in the GPO. Computers can access the GPC to locate Group Policy templates, and domain controller does not have the most recent version of the GPO, replication occurs to obtain the latest version of the GPO. Group Policy Template: The GPT is a folder hierarchy in the shared SYSVOL folder on a domain controller. When you create GPO, Windows Server 2003 creates the corresponding GPT which contains all Group Policy settings and information, including administrative templates, security, software installation, scripts, and folder redirection settings. Computers connect to the SYSVOL folder to obtain the settings. The name of the GPT folder is the Globally Unique Identifier (GUID) of the GPO that you created. It is identical to the GUID that Active Directory uses to identify the GPO in the GPC. The path to the GPT on a domain controller is systemroot\SYSVOL\sysvol. Managing GPOs To avoid conflicts in replication, consider the selection of domain controller, especially because the GPO data resides in SYSVOL folder and the Active Directory. Active Directory uses two independent replication techniques to replicate GPO data among all domain controllers in the domain. If two administrator's changes can overwrite those made by other administrator, depends on the replication latency. By default the Group Policy Management console uses the PDC Emulator so that all administrators can work on the same domain controller. WMI Filter WMI filters is use to get the current scope of GPOs based on attributes of the user or computer. In this way, you can increase the GPOs filtering capabilities beyond the security group filtering mechanisms that were previously available. Linking can be done with WMI filter to a GPO. When you apply a GPO to the destination computer, Active Directory evaluates the filter on the destination computer. A WMI filter has few queries that active Directory evaluates in place of WMI repository of the destination computer. If the set of queries is false, Active Directory does not apply the GPO. If set of queries are true, Active Directory applies the GPO. You write the query by using the WMI Query Language (WQL); this language is similar to querying SQL for WMI repository. Planning a Group Policy Strategy for the Enterprise When you plan an Active Directory structure, create a plan for GPO inheritance, administration, and deployment that provides the most efficient Group Policy management for your organization. Also consider how you will implement Group Policy for the organization. Be sure to consider the delegation of authority, separation of administrative duties, central versus decentralized administration, and design flexibility so that your plan will provide for ease of use as well as administration. Planning GPOs Create GPOs in way that provides for the simplest and most manageable design -- one in which you can use inheritance and multiple links.
Guidelines for Planning GPOs Apply GPO settings at the highest level: This way, you take advantage of Group Policy inheritance. Determine what common GPO settings for the largest container are starting with the domain and then link the GPO to this container. Reduce the number of GPOs: You reduce the number by using multiple links instead of creating multiple identical GPOs. Try to link a GPO to the broadest container possible level to avoid creating multiple links of the same GPO at a deeper level. Create specialized GPOs: Use these GPOs to apply unique settings when necessary. GPOs at a higher level will not apply the settings in these specialized GPOs. Disable computer or use configuration settings: When you create a GPO to contain settings for only one of the two levels-user and computer-disable the logon and prevents accidental GPO settings from being applied to the other area.
What is the order in which GPOs are applied?

Use the Group Policy Management Console on SBS 2008. I've become quite familiar with how to change GP settings. Before I knew that best practice was NOT to change an existing GPO but to create new ones, I made many changes to the "Windows SBS User Policy". These mostly worked fine. I've since learned the best way to create new group policies is to right click on the domain and select "Create a GPO in this Domain and link it here". Now to my question:- In what order are Group Policies Applied? There are lots of different "groups" (if thats the right word) such as.. Default Domain Controllers Policy Default Domain Policy Windows SBS Client - Windows XP Policy Windows SBS User Policy etc.
Name a few benefits of using GPMC.

Microsoft released the Group Policy Management Console (GPMC) years ago, which is an amazing innovation in Group Policy management. The tool provides control over Group Policy in the following manner: Easy administration of all GPOs across the entire Active Directory Forest View of all GPOs in one single list Reporting of GPO settings, security, filters, delegation, etc. Control of GPO inheritance with Block Inheritance, Enforce, and Security Filtering Delegation model Backup and restore of GPOs Migration of GPOs across different domains and forests
With all of these benefits, there are still negatives in using the GPMC alone. Granted, the GPMC is needed and should be used by everyone for what it is ideal for. However, it does fall a bit short when you want to protect the GPOs from the following:
Role based delegation of GPO management Being edited in production, potentially causing damage to desktops and servers Forgetting to back up a GPO after it has been modified Change management of each modification to every GPO
What are the GPC and the GPT? Where can I find them?
GPOs store group policy settings in two locations: a Group Policy container (GPC) (preferred) and a Group Policy template (GPT). The GPC is an Active Directory object that stores version information, status information, and other policy information (for example, application objects). The GPT is used for file-based data and stores software policy, script, and deployment information. The GPT is located on the system volume folder of the domain controller. A GPO can be associated with one or more Active Directory containers, such as a site, domain, or organizational unit. Multiple containers can be associated with the same GPO, and a single container can have more than one associated GPO.
What are GPO links? What special things can I do to them?

To apply the settings of a GPO to the users and computers of a domain, site, or OU, you need to add a link to that GPO. You can add one or more GPO links to each domain, site, or OU by using GPMC. Keep in mind that creating and linking GPOs is a sensitive privilege that should be delegated only to administrators who are trusted and understand Group Policy.
What can I do to prevent inheritance from above?

IN OOPS Concept Declare your class as Final. A final class cannot be inherited by any other class. You can block policy inheritance for a domain or organizational unit. Using block inheritance prevents GPOs linked to higher sites, domains, or organizational units from being automatically inherited by the child-level. By default, children inherit all GPOs from the parent, but it is sometimes useful to block inheritance. For example, if you want to apply a single set of policies to an entire domain except for one organizational unit, you can link the required GPOs at the domain level (from which all organizational units inherit policies by default), and then block inheritance only on the organizational unit to which the policies should not be applied
How can I override blocking of inheritance?

A. Group Policies can be applied at multiple levels (Sites, domains, organizational Units) and multiple GP's for each level. Obviously it may be that some policy settings conflict hence the application order
of Site - Domain - Organization Unit and within each layer you set order for all defined policies but you may want to force some polices to never be overridden (No Override) and you may want some containers to not inherit settings from a parent container (Block Inheritance). A good definition of each is as follows: No Override - This prevents child containers from overriding policies set at higher levels Block Inheritance - Stops containers inheriting policies from parent containers No Override takes precedence over Block Inheritance so if a child container has Block Inheritance set but on the parent a group policy has No Override set then it will get applied. Also the highest No Override takes precedence over lower No Override's set. To block inheritance perform the following: 1. 2. 3. 4. 5. Start the Active Directory Users and Computer snap-in (Start - Programs - Administrative Tools Active Directory Users and Computers) Right click on the container you wish to stop inheriting settings from its parent and select Properties Select the 'Group Policy' tab Check the 'Block Policy inheritance' option Click here to view image Click Apply then OK
To set policies to never be overridden perform the following: 1. Start the Active Directory Users and Computer snap-in (Start - Programs - Administrative Tools Active Directory Users and Computers) 2. Right click on the container you wish to set a Group Policy to not be overridden and select Properties 3. Select the 'Group Policy' tab 4. Click Options 5. Check the 'No Override' option 6. Click OK 7. Click Apply then OK
How can you determine what GPO was and was not applied for a user? Name a few ways to do that.
Simply use the Group Policy Management Console created by MS for that very purpose, allow you to run simulated policies on computers or users to determine what policies are enforced. Link in sources 1. Group Policy Management Console (GPMC) can provide assistance when you need to troubleshoot GPO behaviour. It allows you toexamine the settings of a specific GPO, and is can also be used to determine how your GPOs are linked to sites, domains, and OUs. The Group Policy Results report collects information on a computer and user, to list the policy settings which are
2.
enabled. To create a Group Policy Results report, right-click Group Policy Results, and select Group Policy Results Wizard on the shortcut menu. This launches the Group Policy Results Wizard, which guides you through various pages to set parameters for the information that should be displayed in the Group Policy Results report. Gpresult.exe Click Start > RUN > CMD > gpresult, this will also give you information of applied group policies.
A user claims he did not receive a GPO, yet his user and computer accounts are in the right OU, and everyone else there gets the GPO. What will you look for?
ANSWER 1: You may also want to check the computers event logs. If you find event ID 1085 then you may want to download the patch to fix this and reboot the computer. ANSWER 2: Start Troubleshooting by running RSOP.MSC (Resultant Set of Policy) or gpresult /z to verify whether relevant GPO actually apply to that user?. This also can be a reason of slow network, you can change the default setting by using the Group Policy MMC snap-in. This feature is enabled by default, but you can disable it by using the following policy: Administrative Templates\System\Logon\Always wait for the network at computer startup and logon. Identify which GPOs they correspond to; verify that they are applicable to the computer/user (based on the output of RSOP.MSC/gpresult)
Name some GPO settings in the computer and user parts.

Group Policy Object (GPO) computer=Computer Configuration, User=User ConfigurationName some GPO settings in the computer and user parts
What are administrative templates?

The GPO setting is divided between the Computer settings and the User settings. In both parts of the GPO you can clearly see a large section called Administrative Templates. Administrative Templates are a large repository of registry-based changes (in fact, over 1300 individual settings) that can be found in any GPO on Windows 2000, Windows XP, and Windows Server 2003. By using the Administrative Template sections of the GPO you can deploy modifications to machine (called HKEY_LOCAL_MACHINE in the registry) and user (called HKEY_CURRENT_USER in the registry) portions of the Registry of computers that are influenced by the GPO. The Administrative Templates are Unicode-formatted text files with the extension .ADM and are used to create the Administrative Templates portion of the user interface for the GPO Editor.
What's the difference between software publishing and assigning?

ANS An administrator can either assign or publish software applications. Assign Users the software application is advertised when the user logs on. It is installed when the user clicks on the software application icon via the start menu, or accesses a file that has been associated with the software application. Assign Computers The software application is advertised and installed when it is safe to do so, such as when the computer is next restarted. Publish to users the software application does not appear on the start menu or desktop. This means the user may not know that the software is available. The software application is made available via the Add/Remove Programs option in control panel, or by clicking on a file that has been associated with the application. Published applications do not reinstall themselves in the event of accidental deletion, and it is not possible to publish to computers.
Can I deploy non-MSI software with GPO?

Yes, via .zap packages - although you won't get full benefits provided by MSI technology. More info at http://technet.microsoft.com/en-us/library/cc782152(WS.10).aspx and http://technet.microsoft.com/en-us/library/cc782152(WS.10).aspx (step by step guide)
You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that?
Login on client as Domain Admin user change whatever you need add printers etc go to system-User profiles copy this user profile to any location by select Everyone in permitted to use after copy change ntuser.dat to ntuser.man and assign this path under user profile.
Hardware
What is FSB?
FSB or Front Side Bus is a bus (group of signals) which connects the computer processor to the North Bridge/memory controller. FSB speed decides the speed of memory access.
What are Vcore and Vi/o?

Vcore is the Voltage for the CPU core; Vio is the Voltage for the Chipset, RAM and AGP slot
On what type of socket can you install a Pentium 4 CPU?

Socket 478 (mPGA478B) is a Pin Grid Array (PGA) socket for microprocessors based on Intel Net Burst architecture. This socket was introduced in August 2001 as replacement for short-lived socket 423. The socket 478 supports desktop and mobile Pentium 4 and Celeron processors from 1.4 GHz to 3.46 GHz with effective front-side bus frequencies 400 MHz - 1066 MHz (100 MHz - 266 MHz QDR). This socket was phased out in favor of socket 775 (LGA775).
What is SMP?
In computing, symmetric multiprocessing or SMP involves a multiprocessor computer-architecture where two or more identical processors can connect to a single shared main memory. Most common multiprocessor systems today use SMP architecture. In case of multi-core processors, the SMP Architecture applies to the cores, treating them as separate processors.
Which Intel and AMD processors support SMP?

The most popular entry level SMP systems use the x86 instruction set architecture and are based on Intel's Xeon, Pentium D, Core Duo & Core 2 Duo based processors and AMD's athlon64 X2, Quad FX or Opteron 200 & 2000 Series.
How do LGA sockets differ from PGA and SEC?

PGA - Pin Grid Array (CPU with Pins) LGA - Lang Grid Array (CPU with contacts and the socket on the motherboard holds pins)
What is the difference between Pentium 4 and Pentium Core 2 Duo? Explain the new technology.
The Simple facts are All Core 2 Duo Processors are Dual Core Processors... All Pentium D Processors are Dual Core Processors... All Intel Dual Core Processors are Dual Core Processors
Pentium D is nothing but 2 Prescott Processors side by side runs very hot, not a good Over Clocker Intel Core 2 Duo processors are next gen processors from Intel on 65 nm platforms developed from Ground up with new Architecture called Core so they are whole new Processors just Jump like Pentium 2 to Pentium 3 or Pentium 4 Expect one Core 2 Duo Lowest End Processors like E4400/E4300 taking up and beating Intel Pentium D 3.8 GHz ones with ease runs damn cool and super over clocker Intel Dual Core Processors are just launched striped down version of Core 2 Duos.. there are 2 in Market for Desktop range, E2140 runs at 1.6 GHz with 1 MB L2 and 800 MHz FSB and E2160 with 1.8 GHz with same specs of E2140. these are not Pentium D rather they are same batch like Core 2 Duo based on the new Core Technology. they perform same like Core 2 Duos but they were launched with a very low price to counter the market of super low cost but high performer AMD X2 range line up to AMD X2 4000
What technology enables you to upgrade your computer's BIOS by simply using software?
The Technology is called 'FLASHING'. In this technology EPROM Chips are used to store BIOS, and can be erased and re-written using Software.
What happens if you dissemble the battery located on the Mother-Board?

System time will be reset to default.
How do L1, L2, and L3 work?

L1 cache is physically next to the processing core and is implemented in SRAM, or Static RAM which is fast and constant when powered on. It does not require refresh cycles. It is generally split with half used for instruction code and the the other used for data. L2 cache is physically close to the core, but is implemented in DRAM or Dynamic RAM and goes through refresh cycles many time a second to retain its memory. It is not as fast as L1 and cannot be accessed during refresh.
L3 cache has come into vogue with the advent of multi-core CPUs. Whereas these chips will have both L1 and L2 caches for each separate core; there is a common fairly large L3 shared by all cores. It is usually the size of all other caches combined or a few multiples of all other caches combined. It is also implemented in DRAM. One unusual thing is that a multi-core chip that is running software that may not be capable of or need all cores will have a core flush its caches into the L3 before that core goes dormant.
How should we install RAM on a Dual-Channel Motherboard?

The system will run faster if you install two DIMMs because dual channeling can be used if both Channel B slots are filled. Dual channelling is faster than single channeling.
What is the advantage of serial over parallel bus?

Parallel holds a decided speed advantage over serial if the crosstalk between lines can be overcome. The speed advantage however is theoretical because one can send as many bits as one has lines for example if there are 64 lines and two handshake lines you can send 64 bits while the serial port is clocking out bits one at a time. The disadvantage is that you have to have a physical wire for each bit and as I said earlier due to parallel lines remains noisy thus the clock is limited unless you use twisted shielded pairs. The problem with the noise fix is costs, so computer manufacturers won't go the mile for parallel. This is why you have seen computers go to SATA, and USB. It has to do with cost more than speed. Right now the traffic limiter in computers is hard drives which can deliver much less in data than a processor can handle. Processors use parallel buses that is what the frontside bus is and the memory bus. While processors can handle serial data it is very time consuming so you see SATA, USB processors and Serial bus processors that the main processor hands that process off to. The serial processor does a direct memory access and dumps data to memory, sets an interrupt that the main processor "services" by doing a direct memory read. This is also done with parallel data only much faster. In a nutshell the serial clocks data in a clocked bit method, and parallel transfers data with data ready and data received handshake lines thus, they go fast as the processor can deliver up to a fixed clock frequency.
How much power is supplied to each USB port?

The USB 1.x and 2.0 specifications provide a 5 V supply on a single wire from which connected USB devices may draw power. The specification provides for no more than 5.25 V and no less than 4.75 V (5 V5%) between the positive and negative bus power lines. For USB 2.0 the voltage supplied by lowpowered hub ports is 4.4 V to 5.25 V
When should you change your bus-powered USB hub to a self-powered USB hub?
Powered USB hubs are the best choice if you're going to be connecting "heavy duty" items to the hub, such as scanners that don't have an individual power supply (they get their power from the USB port). This will reduce the use of your computer's power supply. If you're using a laptop, a powered hub can help lengthen battery life - but then again, if you have power on a laptop you're most likely using its AC adapter. In most cases, non-powered USB hubs should be okay; if there's no need for you to spend the extra money, don't
What is a UPS?
(Uninterruptible Power Supply) A device that provides battery backup when the electrical power fails or drops to an unacceptable voltage level. Small UPS systems provide power for a few minutes; enough to power down the computer in an orderly manner, while larger systems have enough battery for several hours. In mission critical datacenters, UPS systems are used for just a few minutes until electrical generators take over
What is the difference between standby and online UPS?

The offline UPS is in standby mode. The charger is maintaining the battery, but the inverter stage is not running. Power goes from input to output, bypassing the inverter. In this configuration, the charger and inverter design is less, as the charger is usually in trickle mode and the inverter does not need to run continuously. On power fail, the inverter starts up and takes the load. There is a glitch in output, a few line cycles, but most loads can handle this. The online UPS runs all the time. The charger now runs the inverter, as well as maintaining charge on the battery. The inverter supplies the load. Power goes from input to charger to inverter to output. In this configuration, the charger and inverter design is more, as they need to run continuously. On power fail, there is no glitch, because the inverter is already running and supplying the load. Usually, there is synchronization between the inverter and the line, so that failure of the inverter can initiate fall-back to the line without glitch.
What is LBA (in Hard-Disks)?

(Logical Block Addressing) A method used to address hard disks by a single sector number rather than by cylinder, head and sector (CHS). LBA was introduced to support ATA/IDE drives as they reached 504MB, and Enhanced BIOSs in the PC translated CHS addressing into LBA addressing. Subsequent ATA specifications raised support to 8.4GB, 128GB and 128PB (petabytes), the latter capacity we hope never to reach on our home PC in many lifetimes.
How many Hard Disks can you install on an E-IDE controller?

E-IDE, also called PATA, can support two drives per connector. SATA only supports one drive per port.
Can you configure two hard disks to use the Master setting on the same PC?
Yes, as long as you're using a ATA controller for them. This procedure will not work, nor is required, on SATA disks, since each SATA disk is automatically the master of that channel to which it is connected. SATA cables are thin and have small connectors, while ATA (IDE/EIDE) cables are wide and have big connectors (40-pin headers). Power down the computer. In order to configure both (E)IDE disks for the Master role, unplug all (E)IDE devices (this can include CD-ROMs, ZIP drives etc.). You will need to configure each disk to be a Master, and since only one (1) Master can exist on a given channel, a maximum of two (2) Masters can be configured, each on a different channel. Locate a set of jumpers on the rear side of the disk (the connector side). On top of the disk drive will be a quick technical specification on how to set these jumpers in order for the disk to become a Master (I cannot provide a general 'rule of thumb' since each hard drive manufacturer uses different configurations). The disk will already be in any one configuration shown on the specification, and this should help you orient the reference picture properly. After setting the hard drives to be Masters, connect them to the PC - each one on its own strip. It is now time to reconfigure other (E)IDE devices to conform to this configuration. In general, each (E)IDE device will have a set of jumpers just like the hard disks do, and most will have a reference image printed somewhere on them to aid in master/slave/cable-select configuration. The rule of thumb for CD and DVD devices, however, is to set the jumper on the middle two pins, vertically (it's typically Master, Slave, Cable-Select read right-to-left). Once the configuration of Slave devices is complete, they too can be reconnected to the PC's motherboard and power.
The last step is to power the PC up and configure the BIOS by entering its SETUP program. To do so, on the start-up screen find a text that says "Hit [key] to enter SETUP" or something similar, and hit that key (it may be required to hit [Esc] prior to that if you have the Full Screen Logo feature present and enabled). Once within SETUP, an inspection of the Basic Settings configuration is prudent. This is to make sure that the previous configuration wasn't pre-set to the previous physical configuration (it speeds up the start-up process). If in doubt, set all devices and their modes to "Auto". Usually there will be a short, somewhat-helpful description of a setting somewhere on the screen
What is the difference between Narrow-SCSI and Wide-SCSI?

The wide SCSI-2 uses a wider data path & emdash;16 bit rather than the normal 8 bit & emdash; for the same 10 Mbps. Combining both fast and wide can, in theory, reach 20 Mbps.
What is SAS?
Serial Attached SCSI (SAS) is a computer bus used to move data to and from computer storage devices such as hard drives and tape drives. SAS depends on a point-to-point serial protocol that replaces the parallel SCSI bus technology that first appeared in the mid 1980s in data centers and workstations, and it uses the standard SCSI command set. SAS offers backwards-compatibility with second-generation SATA drives. SATA 3 Gbit/s drives may be connected to SAS backplanes, but SAS drives may not be connected to SATA backplanes. The T10 technical committee of the International Committee for Information Technology Standards (INCITS) develops and maintains the SAS protocol; the SCSI Trade Association (SCSITA) promotes the technology
What are the three main reasons for using RAID?

There are three primary reasons that RAID was implemented: Redundancy Increased Performance Lower Costs
Redundancy is the most important factor in the development of RAID for server environments. This allowed for a form of backup of the data in the storage array in the event of a failure. If one of the drives in the array failed, it could either be swapped out for a new drive without turning the systems off (referred to as hot swappable) or the redundant drive could be used. The method of redundancy depends on which version of RAID is used. The increased performance is only found when specific versions of the RAID are used. Performance will also be dependent upon the number of drives used in the array and the controller. All managers of IT departments like low costs. When the RAID standards were being developed, cost was also a key issue. The point of a RAID array is to provide the same or greater storage capacity for a system compared to using individual high capacity hard drives. A good example of this can be seen in the price differences between the highest capacity hard drives and lower capacity drives. Three drives of a smaller size could cost less than an individual high-capacity drive but provide more capacity. There are typically three forms of RAID used for desktop computer systems: RAID 0, RAID 1 and RAID 5. In most cases, only the first two of these versions is available and one of the two technically is not a form of RAID.
Is RAID 0 considered to be a redundant Solution? Why?

No. If any of the disks fail, data is lost.
How many disks can be used for RAID 1?

The total no. of disks that are required to make RAID 1 is 3
How RAID 5 works?

A RAID 5 uses block -level striping with parity data distributed across all member disks. RAID 5 has achieved popularity due to its low cost of redundancy. This can be seen by comparing the number of drives needed to achieve a given capacity. RAID 1 or RAID 0+1, which yield redundancy, give only s / 2 storage capacity, where s is the sum of the capacities of n drives used. In RAID 5, the yield is . As an implemented in a disk controller, some with hardware support for parity calculations (hardware RAID cards) and some using the main system processor (motherboard based RAID controllers), it can also be done at the operating system level, e.g., using Windows Dynamic Disks or with mdam in Linux. A minimum of three disks is required for a complete RAID 5 configuration. In some implementations a degraded RAID 5 disk set can be made (three disk set of which only two are online), while mdadm supports a fully-functional (non-degraded) RAID 5 setup with two disks - which function as a slow RAID-1, but can be expanded with further volumes. In the example on the right, a read request for block A1 would be serviced by disk 0. A simultaneous read request for block B1 would have to wait, but a read request for B2 could be serviced concurrently by disk 1. example, four 1TB drives can be made into a 2 TB redundant array under RAID 1 or RAID 1+0, but the same four drives can be used to build a 3 TB array under RAID 5. Although RAID 5 is commonly
What is the smallest number of disks required for RAID5?

A minimum of 3 disk drives for Raid-5 volume
What other types of RAID do you know?

Raid0 raid1 raid5 raid10 raid50
What are the six steps for laser printing?

1. Cleaning. The drum is cleaned of any residual toner and electrical charge. 2. Conditioning. The drum is conditioned to contain a high electrical charge.
3. Writing. A laser beam discharges the high charge down to a lower charge, but only in places where toner should go. 4. Developing. Toner is placed onto the drum where the charge has been reduced. 5. Transferring. A strong electrical charge draws the toner off the drum onto the paper. This is the first step that takes place outside the cartridge. 6. Fusing. Heat and pressure fuse the toner to the paper.
What is the difference between PCI-EX x1 and PCI-EX x16?

the x1 slot is the very small slot on your motherboard, it is usually used for USB expansion cards, Network adapters and some soundcards. The x16 is used for graphics cards because it has(you guessed it) 16 times the bandwidth to allow better performance in games.
Microsoft-Based Operating Systems
What is the difference between a workgroup and a domain?

In workgroup, all computers are peers; no computer has control on another computer. Each computer has a set of user accounts. To use any computer in a workgroup you should have the account on that computer. All computers must be in the same network or subnet. In domain One or more computers are servers. Network administrators use servers to control the security and permissions for all computers on the domain. This makes it easy to make changes because the changes are automatically made to all computers. If you have a user account on the domain, you can log on to any computer on the domain without needing an account on that computer. There can be hundreds or thousands of computers. The computers can be on different local networks.
What are the major advantages of working in a domain model?

Advantage of Doamin Enviroment Data Cetertralization Security Effictive Permission Single Platform to manngae whole network User can login to any computer and access their rsourses any time and much more
What types of operating system installation methods do you know?

Direcet Installtion through CD/DVD or Removable Drive Remote Installation Services (RIS) Unattended Installation Image Deployment
What is an answer file?

ANSWER1 Answer file which can be used when installing Microsoft Windows on a large number of machines. Self installation Unattended installation, without the need of initial launch of the process ANSWER2 When we are use sysprep utility in microsoft operating systems platform that time we need to use an answe file.
How would you create an answer file for Windows XP? How would you create one for Windows Vista?
You can create an answer file by using two tools: The Setup Manager wizard to create it automatically. A text editor such as Notepad to create it manually.
You can create the answer file from scratch or modify an existing one. Using the Setup Manager Wizard. The Setup Manager wizard is available on the Windows 2000 Professional operating system CD in the Deploy.cab file of the Support\Tools folder. The Setup Manager wizard helps you create and modify an answer file by providing prompts for the information that is required for the answer file and then creating it. The Setup Manager wizard can create a new answer file, import an existing answer file for modification, or create a new file based on the configuration of the computer on which it is running. The following is a list of parameters that can be configured with the Setup Manager wizard in the order in which they are presented. The Setup Manager wizard then generates the results as answer file keys. Set user interaction. This sets the level of user interaction that is appropriate during the setup process. Set default user information. Specify an organization or user name. Define computer names. When an administrator enters multiple names during the setup process, Setup Manager automatically generates the UDF file that is required in order to add those unique names to each system during setup. If the administrator imports names from a text file, Setup Manager converts each name to a UDF file. The administrator can also set an option to generate unique machine names. Set an administrator password. The administrator can set an administrative password and hide it from users. The Setup Manager wizard can also be set to prompt the user for the administrative password during setup. Display settings. The administrator can automatically set the display color depth, screen area, and refresh frequency display settings. Configure network settings. Any custom network-setting option that can be configured from the desktop can be configured remotely using the Setup Manager Wizard. The interface for setting network settings in the wizard is the same interface that the user sees on their desktop. Using Setup Manager the administrator can also join computers to a domain or workgroup, or automatically create accounts in the domain. Set time zone and regional options. Set the correct time zone using the same property sheet that user would access to change the time zone locally. Specify regional options such as date, time, numbers, character sets, and keyboard layout. Set Internet Explorer settings. The administrator can use Setup Manager to carry out the basic setup for Internet connections, such as connecting to proxy servers. If the organization wishes to customize the browser, the administrator can use Setup Manager to access the customization tool that is part of the Internet Explorer Administration Kit available from www.Microsoft.com/windows/ieak . Set telephony settings.
Set telephony properties such as area codes and dialing rules. Add Cmdlines.txt files. These files are used to install additional components, such as applications. For example, the administrator can add the command line to run office setup by including the command line for office setup in the cmdlines.txt file. Create an installation folder. Use the default installation folder, \\winnt, to generate a unique folder during setup or to set a custom folder. Install printers. Set up multiple printers as part of the installation process. Add commands to the Run Once section. Set up commands that run automatically the first time a user logs on. These may include running an application setup program, running a resource kit tool, or changing security settings. Run commands at the end of Setup. Specify commands that run at the end of the setup process and before users log onto the system, such as launching an application setup file. Copy additional files. Specify additional files to be copied to the user's desktop, such as device-driver libraries. The administrator can also use Setup Manager to specify where these files are copied. Create a distribution folder. Create a distribution folder on the network that includes the required Windows source files. You can also add files that you want to copy or supply additional device drivers for use with Windows. Setup Manager cannot perform the following functions: Specify system components, such as Internet Information Services. Create Txtsetup.oem files. Create subfolders in the distribution folder.
Answer File Specifications Created by Setup Manager Installation path Specifies the desired path on the destination computer in which to install Windows 2000 Server. Upgrade option Specifies whether to upgrade from Windows 95 or Windows 98, Windows NT Workstation 4.0, or Windows 2000. Destination computer name Specifies the user name, organization name, and computer name to apply to the destination computer. Product ID Specifies the product identification number obtained from the product documentation. Workgroup or domain Specifies the name of the workgroup or domain to which the computer belongs. Time zone Specifies the time zone for the computer. Network configuration Specifies the network adapter type and configuration with network information protocols. Answer File Format To create the answer file manually, use a text editor such as Notepad. In general, an answer file consists of section headers, parameters, and values for those parameters. Although most section headers are predefined, you can also define additional section headers. Note that you do not have to
specify all possible parameters in the answer file if the installation does not require them. Invalid parameter values generate errors or result in incorrect behavior after Setup. The answer file format is as follows: [section1] ; ; Section contains keys and the corresponding ; values for those keys/parameters. ; keys and values are separated by ' = ' signs ; Values that have spaces in them usually require double quotes ; around them ; key = value [section2] key = value
How do you perform an unattended installation on Windows XP?

The three methods of performing an unattended installation of Windows XP are:
Network based (with an answer file) RIS based (with either an answer file or from an image) CD ROM based (with an answer file)
The answer file contains the settings you are prompted for during an attended installation. The default name for the answer file is unattend.txt but this can be changed as required. This means that several different answer files can be created, allowing for tailored installations for different user types or groups. On a network installation the answer file will be stored in the i386 folder. The command line input is: winnt.exe /u:unattend.txt For an unattended CD ROM installation the answer file should be renamed to winnt.sif (being careful to ensure the file extension is changed, rather than just renaming a .txt file) and placed on a floppy disk inserted into the computer. Answer files can be created using the setupmgr utility. RIS stands for Remote Installation Services. This is used to deploy a clean installation onto a target computer. The target computer needs to establish a network connection to a Windows 2000 or a Windows Server 2003 RIS server. This requires that the target computer has a PXE (Pre Execution Environment) compliant network adapter. If the network adapter is not PXE compliant, most major manufacturers devices can still be used is the target computer boots from a RIS Boot Floppy Disk. The target computer should be configured to use the network as its first boot device. If this cannot be done (i.e. BIOS not allowing this as an option) admin can create a RIS boot floppy disk using the rbfg.exe command located on the RIS server. There are two types of custom RIS installation:
A clean installation with answer files that were automatically created during the installation of RIS. An image-based installation in conjunction with the RIS server. The image contains the operating an also any necessary applications. This saves time installing applications on individual computers. Custom images can be created for different user types and groups. PXE will located the RIS server and prompt the user of the target computer to press F12 to connect. The user then enters his domain username and password.
What is Sysprep?
(SYStem PREParation) A Windows utility that is used to deploy Windows on new computers. It enables system administrators to create a custom image of the OS that can be reused throughout the organization. Sysprep was introduced with Windows NT 4.0
How do you use Sysprep?

(SysPrep) tool that Microsoft provides in order to make replication of their operating system easier. It is an invaluable tool that can be used in combination with other tools like Symantec Ghost, Acronis True Image and the now defunct PowerQuest Drive Image (since it was acquired by Symantec in 2005). The guide focuses on the Windows XP SP2 version of SysPrep, but the guide can easily be applied to other versions of SysPrep on Windows XP, Windows 2000, Windows Server 2003 and even to Windows NT4
What is the major difference between Newsid and Sysprep?

The System Preparation tool (Sysprep) is a technology that you can use with other deployment tools to install Microsoft Windows operating systems with minimal intervention by an administrator or technician. NEWSID.EXE is an executable from the software NewSID by Sysinternals. NEWSID.EXE is most commonly found under the directory "newsid" with a date of creation.
What is the function of the pagefile.sys file?

Virtual Memory for Windows: Windows uses this page file to run it as virtual memory Definition: A paging file is a file on the hard disk that Windows uses as if it were RAM PAGEFILE.SYS is the virtual memory file Windows uses. Typically, on install, Windows sets the size of the file at around 1.5 times your physical memory size however this size will vary depending on the amount of free space on the disk when the file is established and other factors. Most will find the default size works fine but it can be changed. Windows uses this file for its normal operation however
if you really need the space you can delete it after turning the virtual memory option off but be aware that this can cause extreme instability in Windows to the point where it might stop
What is the function of the hiberfil.sys file?

HIBERFIL.SYS is a file the system creates when the computer goes into hibernation mode. Windows uses the file when it is turned back on. If you don't need hibernation mode and want to delete the file you need to turn the hibernation option off before Windows will allow you to delete the file. The procedure for turning hibernation off differs markedly between Windows XP and Vista. The file size depends largely on the size of active RAM in the computer as the contents of the file are basically a RAM image
What is the Registry? The registry contains references to settings and values for the operating system, the programs, user profiles, document types, property sheet settings, system hardware and ports. Basically, much of what goes into or comes out of your computer is noted in the registry.
How can you edit the Registry? Name at least 3 ways of doing that.
Via regedit command
What should you do if you receive a message stating: "The following file is missing or corrupt: 'WINDOWS'SYSTEM32'CONFIG'SYSTEM"?
You need to repair or reinstall the operating system. Also it depends on file which is missing. Some are files are not important as others. Missing system files might indicate that you have a virus/trojan/malware on your computer.
How would you repair an unsuccessful driver update?

1. Open the device manager to diagnose the problem. You've obviously figured out that there's a driver error from the error messages every time you keep trying to complete a specific task, but the Device Manager can give you a better idea of what you're really looking at. Right click on the "My Computer" Icon on your desktop and select "Properties." On the Hardware tab, select "Device Manager."
2.
Look for the yellow triangle. The Device Manager window will give you a list of all of the devices connected to your computer. Problematic devices will have a yellow triangle next to their name in the left column. 3. Right-click on the problematic device and then select "Properties." The Properties window should have tabs at the top. Under the "Resources" tab, check "Resource Allocation" and "Modify Resource Settings" to stop driver conflict errors. Select the "Update Driver" button and then install updates if the driver is outdated. 4. Uninstall the driver if the driver is completely corrupted. Reinstall after the driver has been removed. If you end up with a faulty driver, restore the original by selecting the "Roll Back Driver" button. 5. Use the Recovery Console if the Device Manager method does not work by Inserting the Windows installation disk and restarting your PC. Select R on the Welcome screen and login (you must be an administrator). Type in "CD Windows\system32\drivers" and select "Enter." 6. Continue in the Recovery Console mode and type in "Ren Driver_Name.sys Driver_Name.old," hit "Enter" then type "copy CD-Drive:\i386 Driver_Name.sys" and press "Enter" again. This will copy the original driver to the drivers folder. Once finished, exit Recovery Console, take the CD out, and restart your computer. 7. Consult a professional if this method of repairing the drivers does not work. If the device itself is corrupted, you may have a larger problem on your hands
When should you use each of the fallowing tools: System Restore, LKGC and Recovery Console?
System restore: To fix system errors. To take system to previous state
LKGC: The Last Known Good Configuration feature is a recovery option that you can use to start your computer by using the most recent settings that worked. The Last Known Good Configuration feature restores registry information and driver settings that were in effect the last time the computer started successfully. Use the Last Known Good Configuration feature when you cannot start Windows XP after you make a change to your computer, or when you suspect that a change that you just made may cause a problem. For example, you can use this feature if you cannot start Windows XP after you install a new driver for your video adapter, or if you installed an incorrect driver and have not yet restarted your computer. When you start your computer by using the Last Known Good Configuration feature, Windows XP restores information in the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet Recovery Console: When your computer won't even start up in "safe mode", use Recovery Console. If you have put a password on your administrator account, you'll need it to boot up in Recovery mode.
In Recovery Console mode, you can move, copy, and delete files. For the average PC user, that's what you'll be interested in. The Recovery Console is for best used for repairing your computer. Repairing your computer basically means, replacing bad files with good ones. For example, replacing a registry file that is corrupted with a good back up copy. There are two ways to start the Recovery Console: 1. Put your Windows Setup CD in the drive and restart the computer. Different computers have different prompts as your computer is starting up. Some computers prompt you to hit F1 to change the boot sequence. Some computers don't have any prompt for the startup sequence, so you may have to go into the BIOS and set the boot sequence to boot from the CD drive. In any case, if you do get prompts, hit whatever keys are required to boot from the Windows Setup CD. Starting up in Recover mode isn't anything like regular mode or safe mode. You can't use the mouse. All you will see is basic text on a black screen. After a screen with a text menu comes up, there will be a message at the bottom of the screen to type an "R" for the repair or recover option. If you have a dual-boot or multiple-boot system, choose the installation that you need to access from the Recovery Console. You will be asked for the Administrator password. Just hit "Enter" without typing anything if you didn't password protect the Administrator account. You will get a command prompt just like in MS-Dos. Type help for a list of commands, or help commandname for help on a specific command. To get out of the Recovery Console and restart the computer, type exit.
2.
The only way you can start in Recover mode the second way, is if you installed the Recovery Console on your computer before hand. If you have installed the Recovery Console, then just choose the Recovery Console mode from a list of operating systems during startup. When the Recovery Console first starts, a prompt will ask you to choose which "installation" (Hard Drive) you want to look at if you have more than one hard drive in the computer. If you know MS-Dos commands, then you'll have no problem. But you may still need to type "help" and look at the available commands to get an idea of what you want to do.
How do you set different print priority for different users?

To set different print priority to different groups 1. 2. 3. Open Printers and Faxes. Right-click the printer you want to set, click Properties, and then click the Advanced tab. In Priority, click the up or down arrows, and then click OK. Or, type a priority level, where 1 is the lowest level and 99 is the highest, and then click OK. 4. Click Add Printer to add a second logical printer for the same physical printer. For instructions. 5. Click the Advanced tab. 6. In Priority, set a priority higher than that of the first logical printer. 7. Instruct the regular group of users to use the first logical printer name and the group with higher priority to use the second logical printer name. Set the appropriate permissions for the different groups.
Notes : To open Printers and Faxes, click Start, and then click Printers and Faxes. You gain no benefits just from setting a priority to a printer. You need to set at least two different logical printers for the same physical printer to take advantage of this option.
How can you reset user's passwords if you don't know his current password?
Got to CMD and type the command called... net user username it will ask for new password...and retype the same password..it will get updated... logoff user and check the new login.......
What's the difference between changing a user's password and resetting it?
When you change passwords nothing else changes. If you reset, it means that everything is to be set to its default. For instance, if you have created particular set of rules/permissions for users and you change their passwords, rules will not be changed. But you reset all those users, you will have create all rules/permission from a scratch.
You want to grant a user the right to perform backups should you add him to the administrators group?
In order to take backup ex:System State or any other...User should be belong to backup operator Group
What is MMC?
A Windows NT/2000 feature that provides a common environment for running management software from Microsoft and third parties. Any type of administration service such as network management, antivirus management, disk management and authentication can be created as a Microsoft Management Console (MMC) component called a "snap-in" module. A snap-in, which uses the .MSC file extension, provides one management function, and multiple snap-ins are used to create a management application. The snap-ins themselves may host other snap-ins called "extension snap-ins
What is gpedit.msc?
All policy settings created by the Group Policy Object Editor are stored in a GPO. The policy settings you provide with the Group Policy Object Editor do not take effect until the system applies policy. Which Administrators manage policy settings due to using the Group Policy Object Editor. The Group Policy Object Editor extends other administrative tools such as the Active Directory Users and Computers snap-in and the Active Directory Site and Services Manager snap-in.
How would you use the MMC to manage other servers on your network?
Windows Server 2003 supports a wide variety of in-band remote management tools that you can use to manage servers. Use in-band tools when your Windows Server 2003based server is functioning and accessible through your standard network connection. Tools for remotely managing servers are available from many sources. Some of the tools are specific to a task, while others support a range of tasks. Some provide a command-line environment, while others provide a graphical user interface (GUI) environment. Some tools work best for managing a single computer at a time, while others support sessions with multiple computers.
You set a local policy for your Stand-alone XP Professional would the local policy effects the administrators group?
If you set it for the administrator group as well, yes it would effect. There is one problem, the administrators group is allowed to change permission and access rights. The only known way to do what you want is to have a domain and include the computer in the domain. And policies distribute across the network on the domain level.
What new in the Windows Vista Local Policy?

Windows Vista delivers a substantial update to the Group Policy infrastructure. Yet as organizations around the world deploy Windows Vista, many administrators probably won't notice much of a difference in how they work because the numerous changes in Group Policy functions all take place under the hood. What administrators will find, however, is that Windows Vista Group Policy is much more powerful than it was in previous versions. Prior to Windows Vista, Group Policy processing occurred within a process called winlogon. Winlogon had a lot of responsibility, which included getting people logged on to their desktops, as well as servicing the various Group Policy chores. Group Policy is now its own Windows service. What's more, it's hardened, which means that it cannot be stopped nor can an administrator take ownership of the permissions upon Group Policy in order to then turn it off. These changes enhance the overall reliability of the Group Policy engine.
What is the difference between User Privileges and User Permissions?

As the question was posed in the Windows section, I'll answer this from Microsoft's perspective. User rights generally refer to logon capabilities: who can logon interactively, as a batch job, as a service, over the network, over Terminal Services, etc. These all require a certain "right" and these rights can also be denied to groups or individual users. Permissions relate to the capability of accessing an object, such as a file, a registry entry, a service, a printer, a share, etc. Again these can be granted or denied but there is more granularity here as there are several permission types: read, write, delete, etc. Permissions are collected into Access Control Lists (ACLs) with each entry being termed an Access Control Entry (ACE). To complete the trio in common parlance, there are privileges. These relate to overriding capabilties within Windows such as backup, restore, take ownership, debug, etc. If you hold the backup privilege, for example, you are allowed to read all files, regardless of permissions on those files. Privileges trump permissions. Confusingly, privileges are sometimes referred to as rights, even in official MS documentation. in the days of NT4, some were also called "abilties" so you'll note the careful use of the generic term, "capability" above. And finally, in the Novell world, permissions are called user rights
What is Safe Mode?

Safe mode is an alternate boot method for Windows operating systems that makes it easier to diagnose problems. The only startup programs loaded are the operating system and drivers for the mouse, keyboard, and display modes display. It is often possible to get a system to start in safe mode when it won't start normally. To start in safe mode, press the F8 key while the system is booting and select "safe mode" (or the safe mode option you want) from the menu that appears.
Which logs can be found in Event Viewer?

Application: applications running under Windows are supposed to log their events here. Security: when enabled Windows can log a host of security-related events which are logged here. System: the operating system logs its events here.
What is msconfig? On which OS can it be found?

msconfig.exe is a file which helps to edit and administer text configuration files such as win.ini and autoexec.bat.
Msconfig is used to control what programs and services start with your computer. Its very helpful in troubleshooting startup problems as well as poor performance and getting rid of spyware and viruses.
Can you upgrade XP Home Edition to Server 2003?

It is not possible.
Which permission will you grant a user for a folder he need to be able to create and delete files in, if you do not want him to be able to change permissions for the folder?
Write, Access control lists are used to specify the permissions that users will have to resources on the network. The Write permission allows a user to modify folders and files that already exist in the environment as well as create new files and folders as required.
Networking

Technical Interview Questions For System Admin Network Admin

Transféré par

Informations du document

Description originale:

Copyright

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Technical Interview Questions For System Admin Network Admin

Transféré par

Droits d'auteur :

TECHNICAL INTERVIEW QUESTIONS FOR SYSTEM ADMIN

1 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is a subnet mask?

2 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is ARP Cache Poisoning?

What is the ANDing process?

3 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is a default gateway? What happens if I don't have one?

4 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is RFC 1918?

5 | Technical Interview Questions for System/Network Administrator By-VIJayK

Why Do We Need CIDR?

6 | Technical Interview Questions for System/Network Administrator By-VIJayK

7 | Technical Interview Questions for System/Network Administrator By-VIJayK

How do I know the path that a packet takes to the destination?

What does the ping 192.168.0.1 -l 1000 -n 100 command do?

8 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is the DHCPNACK and when do I get one? Name 2 scenarios.

9 | Technical Interview Questions for System/Network Administrator By-VIJayK

What ports are used by DHCP and the DHCP clients?

Describe the process of installing a DHCP server in an AD infrastructure.

10 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is a dhcp server?

Describe the DHCP leasing process?

11 | Technical Interview Questions for System/Network Administrator By-VIJayK

12 | Technical Interview Questions for System/Network Administrator By-VIJayK

13 | Technical Interview Questions for System/Network Administrator By-VIJayK

Describe the integration between DHCP and DNS.

What options in DHCP do you regularly use for an MS network?

14 | Technical Interview Questions for System/Network Administrator By-VIJayK

DNS server Domain name Default getaway or router

What are User Classes and Vendor Classes in DHCP?

How do I configure a client machine to use a specific User Class?

15 | Technical Interview Questions for System/Network Administrator By-VIJayK

16 | Technical Interview Questions for System/Network Administrator By-VIJayK

DNS zones describe the differences between the 4 types.

DNS record types describe the most important ones

17 | Technical Interview Questions for System/Network Administrator By-VIJayK

Describe the process of working with an external domain name

The records will appear in the list.

18 | Technical Interview Questions for System/Network Administrator By-VIJayK

The results will be interpreted and displayed on the screen.

Describe the importance of DNS to AD.

What does "Disable Recursion" in DNS mean?

19 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is the "in-addr.arpa" zone used for?

20 | Technical Interview Questions for System/Network Administrator By-VIJayK

21 | Technical Interview Questions for System/Network Administrator By-VIJayK

What are the requirements from DNS to support AD?

How do you manually create SRV records in DNS?

22 | Technical Interview Questions for System/Network Administrator By-VIJayK

Name 3 benefits of using AD-integrated zones.

What are the benefits and scenarios of using Stub zones?

23 | Technical Interview Questions for System/Network Administrator By-VIJayK

What are the benefits and scenarios of using Conditional Forwarding?

24 | Technical Interview Questions for System/Network Administrator By-VIJayK

How do I work with the Host name cache on a client computer?

How do I clear the DNS cache on the DNS server?

What is the 224.0.1.24 address used for?

25 | Technical Interview Questions for System/Network Administrator By-VIJayK

What is WINS and when do we use it?

Describe the differences between WINS push and pull replications.

26 | Technical Interview Questions for System/Network Administrator By-VIJayK

Describe the role of the routing table on a host and on a router.

What are routing protocols? Why do we need them? Name a few.

27 | Technical Interview Questions for System/Network Administrator By-VIJayK