Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
0Activity
0 of .
Results for:
No results containing your search query
P. 1
Interview Questions for Windows Domain

Interview Questions for Windows Domain

Ratings: (0)|Views: 1,164 |Likes:
Published by abhinaviacm

More info:

Published by: abhinaviacm on Nov 26, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

07/22/2013

pdf

text

original

 
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
Q:
What is Active Directory?
A:
An active directory is a directory structure used on Microsoft Windows based computers andservers to store information and data about networks and domains. It is primarily used foronline information and was originally created in 1996 and first used with Windows 2000.An active directory (sometimes referred to as an AD) does a variety of functions includingthe ability to provide information on objects, helps organize these objects for easy retrievaland access, allows access by end users and administrators and allows the administrator toset security up for the directory.
Q:
What is LDAP?
A:
LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and otherprograms use to look up information from a server
.
Q:
I have setup a time server in my internal network. However, I still get an error messagethat The Windows Time Service was not able to find a Domain Controller.
A:
Set the PDC emulator for the domain to synch with the new time source, the other DCs willsynch with the PDC FSMO and all the clients will synch with the authenticating DC.
Q:
I have gp in AD that assigns large application to authenticated users, now this app isinstalled on more than 150 computers, we have slow link to many sites and we don't haveservers there. So the question is how I can change from authenticated users to a specialgroup without installing the software again. I have not tried this because I'm afraid that Iwill take many days to recover if it fails? How are you deploying and assigning to users?
A:
Using GP software distribution (GPSD) there are a number of ways to deploy applications. Itmight be best to create another group called "applicationx". Then start adding your users tothis group. Once the entire members belong to this group you can remove theauthenticated users. If you have lots of users and slow links it might be best to publishrather than assign. This provides a more phased approach to users installing apps.Providing you users are happy to go to control panel to install this might be better.
Q:
Can I create a script for GPO report?
A:
There are pre-prepared scripts you don't need to create them. There is directory calledscripts created in the installation, take a look in there
Q:
I am currently had a mixed mode topology & running exchange 5.5. I am planning theexch. 2000 upgrade is it best to upgrade directly or install a separate 2000 server andmigrate the mailboxes (swing method) and what are the pro's and cons.
A:
Well, upgrading directly is the easiest way to go, but often also considered the riskier of thetwo options. This method does not allow for extensive testing ahead of time, therebyleading to potentially unknown pitfalls. We recommend in most cases in a productionenvironment to use the swing method by installing the ADC. This will allow you to build aperfect world and migrate slowly and with less risk.
Q:
Is it possible to change the name of root domain after installation of ADS?
A:
Not in Windows 2000 AD
Q:
What is the best process for change the pass for admin? This is for the account managesthe exchange, cluster and other services and do I have to change the pass option in eachserver and services?
A:
If you mean you have a lot of services that are running under an account with a specificpassword you will need to change the password and then go into each service in Servicesapplet to change the password.
Q:
How many Domain Controller do I need appr. for 600 User?
A:
You could actually use just 1 DC in your scenario. I would recommend 2 DCs forredundancy in case 1 DC goes down
Q:
What is the SYSVOL folder?
A:
The sysVOL folder stores the server's copy of the domain's public files. The contents suchas group policy, users etc of the sysvol folder are replicated to all domain controllers in thedomain. The sysvol folder must be located on an NTFS volume.
 
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
Q:
What is the Global Catalog?
A:
The global catalog is a distributed data repository that contains a searchable, partialrepresentation of every object in every domain in a multidomain Active Directory forest.The global catalog is stored on domain controllers that have been designated as globalcatalog servers and is distributed through multimaster replication. Searches that aredirected to the global catalog are faster because they do not involve referrals to differentdomain controllers.
Q:
What is REPLMON? What is REPADMIN?
A:
Replmon displays information about Active Directory Replication. Repadmin.exe is acommand-line utility that is designed to help administrators monitor, diagnose, andtroubleshoot replication problems in Active Directory
.
Q:
What is NETDOM?
A:
NETDOM utility in Microsoft Windows NT Server 4.0 Resource Kit. NETDOM lets you buildnew trust relationships and reset existing trusts from the command line.
Q:
What are sites? What are they used for?
 
A:
A site is a grouping of machines based on a subnet of TCP/IP addresses. Generally thisrefers to a physical site such as a portion of the organization in particular city or part of acity which is linked by leased lines or other media to other parts of the organization
 
Q:
What is KCC (Knowledge Consistency Checker)
A:
A connection object is a connection that AD uses for replication. Connection objects arefault tolerant. When a communication fails, AD will automatically reconfigure itself to useanother route to continue replication. The process that creates connection objects is calledKnowledge Consistency Checker (KCC)
Q:
What are the requirements for installing AD on a new server?
A:
The following software and hardware requirements apply to a full installation or a ServerCore installation of the Windows Server 2003 operating system:
Install Windows Server 2003
Configure appropriate TCP/IP and Domain Name System (DNS) server addresses.
The drives that store the database, log files, and SYSVOL folder for Active DirectoryDomain Services (AD DS) must be placed on a local fixed volume. SYSVOL must beplaced on a volume that is formatted with the NTFS file system. For securitypurposes, the Active Directory database and log files should be placed on a volumethat is formatted with NTFSTraditionally, the Active Directory database and log files are placed on disk drives that arephysically local to the domain controller computer. As an option, you can place theActive Directory database and log files on a nonlocal storage device if the device appears tobe “local” to the GetDriveType function that Dcpromo.exe uses and it does not haveadvanced rollback, undo, or snapshot features enabled. For more information about theGetDriveType function, see GetDriveType FunctionYou must perform all backups and restores of AD DS, including rolling the contents of AD DS “back in time,” by using system state backups that are created by supported backupapplication programming interfaces (APIs) and methods.You must perform all backups and restores of AD DS, including rolling the contents of AD DS “back in time,” by using system state backups that are created by supported backupapplication programming interfaces (APIs) and methods.When you use an answer file to perform an unattended installation of AD DS, specify a[DCINSTALL] section in the answer file with appropriate parameters. For a list of entries forthe [DCINSTALL] section of the answer file.Verify that Adprep.exe operations are complete. Before you can add AD DS to a server thatis running Windows Server 2008 in an existing Active Directory environment, you mustprepare the environment by running Adprep.exe. For more information about runningAdprep.exeVerify that a DNS infrastructure is in place. Before you add AD DS to create a domain orforest, be sure that a DNS infrastructure is in place on your network. When you installAD DS, you can include DNS server installation, if it is needed. When you create a newdomain, a DNS delegation is created automatically during the installation process
.
Q:
How can you forcibly remove AD from a server?
A:
Demote the DC by running DCPromo with the /forceremoval switch
 
INTERVIEW QUESTIONS FOR WINDOWS DOMAIN
Q:
What are the FSMO roles?
A:
In a forest, there are five FSMO roles that are assigned to one or more domain controllers.The five FSMO roles are:
Schema Master:
The schema master domain controller controls all updates andmodifications to the schema.
Domain naming master:
The domain naming master domain controller controls theaddition or removal of domains in the forest.
Infrastructure Master:
When an object in one domain is referenced by another object inanother domain, it represents the reference by the GUID, the SID (for references tosecurity principals), and the DN of the object being referenced.
Relative ID (RID) Master:
The RID master is responsible for processing RID poolrequests from all domain controllers in a particular domain.
PDC Emulator:
The PDC emulator is necessary to synchronize time in an enterprise.Windows 2000/2003 includes the W32Time (Windows Time) time service that is required bythe Kerberos authentication protocol
Q:
How to backup Active Directory? –
A:
Take the system state data backup. This will backup the active directory database. Microsoftrecommend only Full backup of system state database
Q:
What hidden shares exist on Windows Server 2003 installation?
A:
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
Q:
What’s the difference between standalone and fault-tolerant DFS (Distributed File System)installations?
A:
The standalone server stores the Dfs directory tree structure or topology locally. Thus, if ashared folder is inaccessible or if the Dfs root server is down, users are left with no link tothe shared resources. A fault-tolerant root node stores the Dfs topology in the ActiveDirectory, which is replicated to other domain controllers. Thus, redundant root nodes mayinclude multiple connections to the same data residing in different shared folders.We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Usethe UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerantshares.
Q:
Where exactly do fault-tolerant DFS shares store information in Active Directory?
A:
In Partition Knowledge Table, this is then replicated to other domain controllers.
Q:
Is Kerberos encryption symmetric or asymmetric?
A:
Symmetric.
Q:
How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
A:
Time stamp is attached to the initial client request, encrypted with the shared key.
Q:
What hashing algorithms are used in Windows 2003 Server?
A:
RSA Data Security’s Message Digest 5 (MD5), produces a 128-bit hash, and the SecureHash Algorithm 1 (SHA-1), produces a 160-bit hash.
Q:
What third-party certificate exchange protocols are used by Windows 2003 Server?
A:
Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7certificate response to exchange CA certificates with third-party certificate authorities.
Q:
What’s the number of permitted unsuccessful logons on Administrator account?
A:
Unlimited. Remember, though, that it’s the Administrator account, not any account that’spart of the Administrators group.
Q:
If hashing is one-way function and Windows Server uses hashing for storing passwords,how is it possible to attack the password lists, specifically the ones using NTLMv1?
A:
A cracker would launch a dictionary attack by hashing every imaginable term used forpassword and then compare the hashes.
Q:
What’s the difference between guest accounts in Server 2003 and other editions?
A:
More restrictive in Windows Server 2003.
Q:
How many passwords by default are remembered when you check "Enforce PasswordHistory Remembered"?

Activity (0)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
arorasagar1982 liked this
arorasagar1982 liked this
santoshmcse liked this
yogeshdhuri22 liked this
yogeshdhuri22 liked this
Santhosh Kumar liked this
@ubaiyadulla liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->