Professional Documents
Culture Documents
What is the main purpose of a DNS server?DNS servers are used to resolve FQDN
hostnames into IP addresses and vice versa.
What is the port no of dns ?
53.
What is a Forward Lookup?
Resolving Host Names to IP Addresses
What is Reverse Lookup?
Resolving IP Addresses to Host Names
What is a Resource Record?
It is a record provides the information about the resources available in the N/W
infrastructure.
What are the diff. DNS Roles?
Standard Primary, Standard Secondary, & AD Integrated.
What is a Zone?
Zone is a sub tree of DNS database.
Secure services in your network require reverse name resolution to make it more
difficult to launch successful attacks against the services. To set this up, you
configure a reverse lookup zone and proceed to add records. Which record types
do you need to create?
PTR Records
SOA records must be included in every zone. What are they used for?SOA records
contain a TTL value, used by default in all resource records in the zone. SOA records contain
the e-mail address of the person who is responsible for maintaining the zone. SOA records
contain the current serial number of the zone, which is used in zone transfers.
By default, if the name is not found in the cache or local hosts file, what is the first
step the client takes to resolve the FQDN name into an IP address?
Performs a recursive search through the primary DNS server based on the network interface
configuration
What is primary, Secondary, stub & AD Integrated Zone?
Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder.
Maintains a read, write copy of zone database.
Secondary Zone: - maintains a read only copy of zone database on another DNS server.
Provides fault tolerance and load balancing by acting as backup server to primary server.
Stub zone: - contains a copy of name server and SOA records used for reducing the DNS
search orders. Provides fault tolerance and load balancing.
servers without needing to query the Internet or internal root server for the DNS
namespace.
The list of master servers from which the DNS server loads and updates a stub zone. A
master server may be a primary or secondary DNS server for the zone. In both cases, it will
have a complete list of the DNS servers for the zone.
The list of the authoritative DNS servers for a zone. This list is contained in the stub zone
using name server (NS) resource records. When a DNS server loads a stub zone, such as
widgets.example.com, it queries the master servers, which can be in different locations, for
the necessary resource records of the authoritative servers for the zone
widgets.example.com. The list of master servers may contain a single server or multiple
servers and can be changed anytime.
What is the "in-addr.arpa" zone used for?
In a Domain Name System (DNS) environment, it is common for a user or an application to
request a Reverse Lookup of a host name, given the IP address. This article explains this
process. The following is quoted from RFC 1035: "The Internet uses a special domain to
support gateway location and Internet address to host mapping. Other classes may employ
a similar strategy in other domains. The intent of this domain is to provide a guaranteed
method to perform host address to host name mapping, and to facilitate queries to locate all
gateways on a particular network on the Internet.
"The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet
addressing structure. "Domain names in the IN-ADDR.ARPA domain are defined to have up
to four labels in addition to the IN-ADDR.ARPA suffix. Each label represents one octet of an
Internet address, and is expressed as a character string for a decimal value in the range 0255 (with leading zeros omitted except in the case of a zero octet which is represented by a
single zero).
"Host addresses are represented by domain names that have all four labels specified."
Reverse Lookup files use the structure specified in RFC 1035.
For example, if you have a network which is 150.10.0.0, then the Reverse Lookup file for
this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the
150.10.0.0 network will have a PTR (or 'Pointer') entry in 10.150.IN- ADDR.ARPA
referencing the host name for that IP address. A single IN- ADDR.ARPA file may contain
entries for hosts in many domains. Consider the following scenario. There is a Reverse
Lookup file 10.150.IN-ADDR.ARPA with the following contents: Exp : 1.20 IN PTR
WS1.ACME.COM.
What does a zone consist of & why do we require a zone?
Zone consists of resource records and we require zone for representing sites.
computer's preferred DNS setting should point to the Windows 2000 or Windows Server
2003 domain controller running DNS.
If you are using DHCP, make sure that you view scope option #15 for the correct DNS
server settings for your LAN.
Do I need to point computers that are running Windows NT 4.0 or Microsoft
Windows 95, Microsoft Windows 98, or Microsoft Windows 98 Second Edition to
the Windows 2000 or Windows Server 2003 DNS server?
Legacy operating systems continue to use NetBIOS for name resolution to find a domain
controller; however it is recommended that you point all computers to the Windows 2000 or
Windows Server 2003 DNS server for name resolution.
What if my Windows 2000 or Windows Server 2003 DNS server is behind a proxy
server or firewall?
If you are able to query the ISP's DNS servers from behind the proxy server or firewall,
Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers.
UDP and TCP Port 53 should be open on the proxy server or firewall.
What should I do if the domain controller points to itself for DNS, but the SRV
records still do not appear in the zone?
Check for a disjointed namespace, and then run Netdiag.exe /fix.
You must install Support Tools from the Windows 2000 Server or Windows Server 2003 CDROM to run Netdiag.exe.
How do I set up DNS for a child domain?
To set up DNS for a child domain, create a delegation record on the parent DNS server for
the child DNS server. Create a secondary zone on the child DNS server that transfers the
parent zone from the parent DNS server.
Note Windows Server 2003 has additional types of zones, such as Stub Zones and forestlevel integrated Active Directory zones, that may be a better fit for your environment. Set
the child domain controller to point to itself first. As soon as an additional domain controller
is available, set the child domain controller to point to this domain controller in the child
domain as its secondary.
Are you looking for a job as a system administrator? Or are you thinking about leaving your
current position for a new job as a system administrator with a new company in a Microsoft
multi-user computing environment?
If you answered yes to either of those questions, then this article is for you! Any of the
described technologies and questions below may be asked of you during an interview.
A system administrator is responsible for managing a multi-user computing environment,
such as a local area network (LAN). The responsibilities of the system administrator typically
include installing and configuring system hardware and software, establishing and managing
user accounts, upgrading software and performing backup and recovery tasks.
The main responsibilities performed by a system administrator are:
* Active Directory management (adding and configuring new workstations and setting up
user accounts to provide authorizations)
* Installing and updating system software
* OS patching/upgrades
* Preventing the spread of viruses and malicious programs
* Allocating mass storage space
* Reviewing system logs
* System security management
* Creating a backup and recovery policy
* Performance monitoring and optimization
Before facing any interview for a system administrator position, make sure that you have
enough knowledge on these technologies:
Basic Network Concepts:
* Data communication and transmission techniques
* Fundamentals of OSI and TCP/IP model
* IP address classes
* IP subnetting
* IPv6 fundamentals
* Basics of switching
Microsoft Server Functionalities:
* Active Directory Domain Controller (Read only DC , Child DC)
* Active Directory Domain Services
* DHCP Server
* DNS
* File and print server
* Database storage server
* Windows Deployment Services (WDS)
* Group Policy management
* Registry management
* Hyper V
* Schedule tasks (Backup, AD DS Backup)
* High Availability Features (Failover Clustering, Network Load Balancing)
resolve each others names without having to query DNS servers on the Internet, such
as in the case of a company merger, you should configure the DNS servers in each
network to forward queries for names in the other network. DNS servers in one network
will forward names for clients in the other network to a specific DNS server that will
build up a large cache of information about the other network. When forwarding in this
way, you create a direct point of contact between two networks DNS servers, reducing
the need for recursion.
Stub Zone- Stub-Zones are dynamic -A stub zone is like a secondary zone in that it
obtains its resource records from other name servers (one or more master name
servers). A stub zone is also read-only like a secondary zone, so administrators cant
manually add, remove, or modify resource records on it. But the differences end here,
as stub zones are quite different from secondary zones in a couple of significant
ways.First, while secondary zones contain copies of all the resource records in the
corresponding zone on the master name server, stub zones contain only three kinds of
resource records:
Copies of NS records for all name servers authoritative for the zone.
Copies of A records for all name servers authoritative for the zone.
Ans:- Once DC gets its replication Partner Hostname then it queries DNS for IP Address.
Also, _MSDCS zone is required for Domain Controller Locator that enables the client to
locate the DC.
For complete details
http://technet.microsoft.com/en-us/library/cc759550(WS.10).aspx
4) Ports Required for Domain Controllers to communicate.
Ans:- http://yourcomputer.in/list-port-numbers-windows/
If the configuration of the cluster changes, that change is replicated across the different
disks
8) What is NLB?
Ans:- NLB (Network Load Balance) is a Microsoft implementation of clustering and load
balancing that is intended to provide high availability and high reliability, as well as high
scalability.
http://technet.microsoft.com/en-us/library/cc779570(v=ws.10).aspx
9) Difference Between Unicast and Multicast
Ans:-
Unicast
Unicast is a one-to one connection between the client and the server. Unicast uses IP
delivery methods such as Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP), which are session-based protocols. When a Windows Media Player client
connects using unicast to a Windows Media server, that client has a direct relationship
to the server. Each unicast client that connects to the server takes up additional
bandwidth. For example, if you have 10 clients all playing 100-kilobits per second
(Kbps) streams, those clients as a group are taking up 1,000 Kbps. If you have only
one client playing the 100 Kbps stream, only 100 Kbps is being used.
Multicast
Multicast is a true broadcast. The multicast source relies on multicast-enabled routers
to forward the packets to all client subnets that have clients listening. There is no direct
relationship between the clients and Windows Media server. The Windows Media server
generates an .nsc (NetShow channel) file when the multicast station is first created.
Typically, the .nsc file is delivered to the client from a Web server. This file contains
information that the Windows Media Player needs to listen for the multicast. This is
similar to tuning into a station on a radio. Each client that listens to the multicast adds
no additional overhead on the server. In fact, the server sends out only one stream per
multicast station. The same load is experienced on the server whether only one client
or 1,000 clients are listening
http://support.microsoft.com/kb/291786
10) What is new in Windows 2008 AD?
Ans:Read-Only Domain Controllers
Fine-Grained Password Policies
Restartable Active Directory Service
Backup and Recovery
SYSVOL Replication with DFS-R
Auditing Improvements
UI Improvements
11) How to configure RODC to replicate password of users?
Ans:- You can add users in the PASSWORD REPLICATION POLICY tab of RODC
computer properties
12) What is the issue we face while recovering AD from VMware snapshot?
13) Difference between Authoritative and Non-authoritative restore in AD?
Ans:- http://yourcomputer.in/authoritative-vs-non-authoritative-restoration-of-activedirectory
14) What is new in Authoritative restoration in windows 2008?
15) What is new in Windows Cluster 2008?
Ans:- http://yourcomputer.in/whats-new-windows-server-2008-cluster/
16) What is Strict Replication?
Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Param
eters
Type: REG_DWORD
Support remote DHCP clients located on the far side of DHCP and BOOTP relay
agents (where the network on the far side of the relay agent uses multinets).
In multinet configurations, you can use DHCP superscopes to group and activate
individual scope ranges of IP addresses used on your network. In this way, the DHCP
server can activate and provide leases from more than one scope to clients on a single
physical network.
Superscopes can resolve specific types of DHCP deployment issues for multinets,
including situations in which:
The available address pool for a currently active scope is nearly depleted, and
more computers need to be added to the network. The original scope includes the
full addressable range for a single IP network of a specified address class. You
need to use another range of IP addresses to extend the address space for the
same physical network segment.
Clients must be migrated over time to a new scope (such as to renumber the
Click Start > right-click Computer and select Properties in the menu.
2.
Click Advanced > Settings > Startup and Recovery > Settings > Write
debugging information > Complete memory dump.
3.
Click OK twice.
System is powered on
2.
3.
4.
Through the MBR the boot sector is located and the BOOTMGR is loaded
5.
6.
BOOTMGR reads the BCD file from the \boot directory on the active partition
7.
8.
9.
Winloader loads drivers that are set to start at boot and then transfers the
control to the windows kernel.
Ans:- Firstly, schmmgmt.dll has to be register. Then ADSIEdit tool can be used to edit
schema.
26) Difference between Windows 2003 & Windows 2008 boot process
Ans:Windows 2003 Boot Process:
1.POST
2.The MBR reads the boot sector which is the first sector of the active partition.
3.Ntldr looks path of os from boot.ini
4.Ntldr to run ntdedetect.com to get information about installed hardware.
5.Ntldr reads the registry files then select a hardware profile, control set and loads
device
drivers.
6.After that Ntoskrnl.exe takes over and starts winlogon.exe which starts lsass.exe
Windows Server 2008 Boot process.
1.
System is powered on
2.
3.
4.
Through the MBR the boot sector is located and the BOOTMGR is loaded
5.
6.
BOOTMGR reads the BCD file from the \boot directory on the active partition
7.
8.
9.
Winloader loads drivers that are set to start at boot and then transfers the
control to the windows kernel.
Ans:- Group Policy applies to the user or computer in a manner that depends on where
both the user and the computer objects are located in Active Directory. However, in
some cases, users may need policy applied to them based on the location of the
computer object alone. You can use the Group Policy loopback feature to apply Group
Policy Objects (GPOs) that depend only on which computer the user logs on to.
* SMTP port 25
* HTTP port 80
* Secure SMTP (SSMTP) port 465
* Secure IMAP (IMAP4-SSL) port 585
* IMAP4 over SSL (IMAPS) port 993
* Secure POP3 (SSL-POP) port 995
Q: What do Forests, Trees, and Domains mean?
A: Forests, trees, and domains are the logical divisions in an Active Directory network.
A domain is defined as a logical group of network objects (computers, users, devices) that
share the same active directory database.
A tree is a collection of one or more domains and domain trees in a contiguous namespace
linked in a transitive trust hierarchy.
At the top of the structure is the forest. A forest is a collection of trees that share a common
global catalog, directory schema, logical structure, and directory configuration. The forest
represents the security boundary within which users, computers, groups, and other objects
are accessible.
Q: Why do we use DHCP?
A: Dynamic Host Configuration Protocol assigns dynamic IP addresses to network devices
allowing them to have a different IP address each time they are connected to the network.
Q: What are Lingering Objects?
A: A lingering object is a deleted AD object that still remains on the restored domain
controller in its local copy of Active Directory. They can occur when changes are made to
directories after system backups are created.
When restoring a backup file, Active Directory generally requires that the backup file be no
more than 180 days old. This can happen if, after the backup was made, the object was
deleted on another DC more than 180 days ago.
Q: How can we remove Lingering Objects?
A: Windows Server 2003 and 2008 have the ability to manually remove lingering objects
using the console utility command REPADMIN.EXE.
Q: Why should you not restore a DC that was backed up 6 months ago?
A: When restoring a backup file, Active Directory generally requires that the backup file be
no more than 180 days old. If you attempt to restore a backup that is expired, you may
face problems due to lingering objects.
Q: How do you backup AD?
A: Backing up Active Directory is essential to maintain the proper health of the AD
database.
How to check AD configured properly?Ans: Check NTDS and SYSVOL shared folder at
%systemroot%windows\.
2. How to transfer global catalog to another domain?Ans: We can not transfer the
global catalog; we can only remove the global catalog from one server and enable other
server as a global catalog.
3. How to configure global catalog server?Ans: Go to Active directory site and services
and expand till your desire servers NTDS settings and then right click; property and check
mark the Global catalog check box.
4. What are the fsmo roles and it gets down what will impact?
Ans: Flexible Single Master Operation, There are five roles.
Domain Naming Master (Forest wide role)
Schema Master (Forest wide role)
PDC Emulator (Domain wide role)
RID Master (Domain wide role)
Infrastructure Master (Domain wide role)
5. What is the RID pool?Ans: RID Master provides the RID (Relative Identifier) pool to
Domain controller of the Domain. When an object is create in a domain, a Unique SID
(Security ID) is assigned to it which consisting of a RID (Unique ID) and a SID (Common ID
for all Object), A RID pool contain 500 RIDs.
6. How to check FSMO roles running on which server?
Ans: By using DCdiag /test:Knowsofroleholders /v command.
ii) Type Netdom query fsmo
7. How to transfer FSMO role one domain controller to another domain controller
command prompt and GUI?Ans: Go to Start->Run->dsa.msc go the property of users
and computers and transfer the RID, PDC, and Infrastructure roles.
Go to Start Run->go to the property of the active directory domain and trust and transfer
the Domain naming master role
For transferring schema master role, first we have to register the schema master by using
regsvr32 schmgmt.dll command in run. Than Go start Run MMCAdd Active directory
schema and transfer the schema master role.
8. What is AD data base file and log file where it stored is and what is the use of
log file?
Ans: AD Data base is NTDS.DIT and its location is %system root%\windows\NTDS\ntds.dit.
AD Log files are EDB.log ,EDB.chk and REG.log and the location of there files are %system
root%\windows\NTDS\ntds.dit.
9. How to recover corrupted AD data base file?
Ans: Its described very well in the article available here.
10. Is it possible to rename domain name in windows 2003?Ans: Yes, We can
rename the domain name in windows 2003.
19. What is the Start of Authority (SOA) record and is its use?
Ans: It contains information like the server name where the file was created (Primary DNS
Server name), it Maintains the serial number and increments it after every change in the
DNS Zone, stores Refresh interval and Retry interval time, maintains TTL of the records as
well. Read this article for more details.
@
IN SOA
nameserver.place.dom. postmaster.place.dom. (
1
; serial number
3600
; refresh
600
; retry
[1h]
[10m]
86400
; expire
3600 )
; min TTL
[1d]
[1h]
41. What are the Different between and disk mirroring and disk duplexing?
Ans:
Disk Mirroring: Disk mirroring (also known as RAID-1) is the practice of duplicating data in
separate volumes on two hard disks to make storage more fault-tolerant. Mirroring provides
data protection in the case of disk failure, because data is constantly updated to both disks.
However, since the separate disks rely upon a common controller, access to both copies of
data is threatened if the controller fails.
Disk Duplexing: Disk duplexing is a variation of disk mirroring in which each of multiple
storage disks has its own SCSI controller. Disk duplexing overcomes this problem; the use
of redundant controllers enables continued data access as long as one of the controllers
continues to function.
Since the controllers for each disk are different, one of the disks keeps working even if the
other disk fails or one of the disk controller fails. So it gives us the luxury to plan for the
downtime based on our convinience. Another benefit of disk duplexing is increased
throughput. Using a technique known as a split seek, whichever disk can deliver the
requested data more quickly responds. Multiple requests may also be split between the
disks for simultaneous processing.
42. What is the dynamic disk?Dynamic disks provide the ability to create volumes that
span multiple disks (spanned and striped volumes) and the ability to create fault-tolerant
volumes (mirrored and RAID-5 volumes).Dynamic disks offer greater flexibility for volume
management because they use a database to track information about dynamic volumes on
the disk and about other dynamic disks in the computer. Because each dynamic disk in a
computer stores a replica of the dynamic disk database, for example, a corrupted dynamic
disk database can repair one dynamic disk by using the database on another dynamic disk.
Dynamic disks are a separate form of volume management that allows volumes to have
noncontiguous extents on one or more physical disks. Dynamic disks and volumes rely on
the Logical Disk Manager (LDM) and Virtual Disk Service (VDS) and their associated
features. These features enable you to perform tasks such as converting basic disks into
dynamic disks, and creating fault-tolerant volumes. To encourage the use of dynamic disks,
multi-partition volume support was removed from basic disks, and is now exclusively
supported on dynamic disks.
The following operations can be performed only on dynamic disks:
1) Create and delete simple, spanned, striped, mirrored, and RAID-5 volumes.
2) Extend a simple or spanned volume.
3) Remove a mirror from a mirrored volume or break the mirrored volume into two
volumes.
4) Repair mirrored or RAID-5 volumes.
5) Reactivate a missing or offline disk.
Ans. logged-on user should be a member of the Enterprise Administrators group to transfer
Schema master or Domain naming master roles, or a member of the Domain Administrators
group of the domain where the PDC emulator, RID master and the Infrastructure master
roles are being transferred.
55. Write down the command line to transfer all the FSMO roles to other server?
Ans: Click Start, click Run, type ntdsutil in the Open box, and then click OK
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name
of the domain controller that you want to assign the FSMO role to.
At the server connections prompt, type q, and then press ENTER.
Type transfer role, where role is the role that you want to transfer. For example,
To transfer the RID master role, type transfer schema master
To transfer the RID master role, type transfer domain naming master
To transfer the RID master role, type transfer rid master
To transfer the RID master role, type transfer pdc
To transfer the RID master role, type transfer infrastructure master
7. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt.
56. Write down the command line to seize all the FSMO roles to a server?Ans:
Click Start, click Run, type ntdsutil in the Open box, and then click OK
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server servername, and then press ENTER, where servername is the name
of the domain controller that you want to assign the FSMO role to.
At the server connections prompt, type q, and then press ENTER.
Type seize role, where role is the role that you want to seize. For example,
To seize the RID master role, type seize schema master
To seize the RID master role, type seize domain naming master
To seize the RID master role, type seize rid master
To seize the RID master role, type seize pdc
To seize the RID master role, type seize infrastructure master.
7. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt.
57. Command for removing active directory?
Ans: dcpromo /forceremoval
58. How to test whether a domain controller is also a global catalog server:
Click Start, point to Programs, point to Administrative Tools, and then click Active Directory
Sites and Services.
Double-click Sites in the left pane, and then locate the appropriate site or click Default-firstsite-name if no other sites are available.
Open the Servers folder, and then click the domain controller.
I cant seem to access the Internet, dont have any access to the corporate
network and on ipconfig my address is 169.254.*.*. What happened?
The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the
DHCP server is not available. The name for the technology is APIPA (Automatic Private
Internet Protocol Addressing).
Weve installed a new Windows-based DHCP server, however, the users do not
seem to be getting DHCP leases off of it.
The server must be authorized first with the Active Directory.
How can you force the client to give up the dhcp lease if you have access to the
client PC?
ipconfig /release
What authentication options do Windows 2000 Servers have for remote clients?
PAP, SPAP, CHAP, MS-CHAP and EAP.
What are the networking protocol options for the Windows clients if for some
reason you do not want to use TCP/IP?
NWLink (Novell), NetBEUI, AppleTalk (Apple).
How do cryptography-based keys ensure the validity of data transferred across the
network?
Whats the difference between forward lookup and reverse lookup in DNS?
Forward lookup is name-to-address, the reverse lookup is address-to-name.
How to change the windows xp product key if wrongly installed with other product
key but you have original product key? What you will do to Make your os as
Genuine?
Some third party software are available for this function or reinstall this system
If 512mb Ram is there what will be the minimum and maximum Virtual memory
for the system?
To workout the total virtual memory (page file) required for windows XP you should take the
amount of ram in the system and + 25% (512MB + 25% (128MB) = 640MB total virtual
memory. by setting both the min and max to 640MB you can increase the performances of
the operating system.
What is LDAP?
LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and
other programs use to look up information from a server.
What domain services are necessary for you to deploy the Windows Deployment
Services on your network?
Windows Deployment Services requires that a DHCP server and a DNS server be installed in
the domain
computers until they make a request for information. Usually the most common information
sent is IP address and DHCP is used to make a large network administration easier.
5.Q: What main file is used for Active Directory backup and how it is made?
A: Active Directory backup is made using NTbackup utility. The backup is made once with
the system state and they are restored also together because they depend on each other.
The system state has different components like:
a)
The registry
b)
Boot files or startup files (files required by the operating system to start).
c)
d) The system volume or the SYSVOL folder this is a folder that contains files that are
shared on a domain.
e)
7.Q: In what way is forward lookup zone different from the reverse lookup zone in
NDS?
A: There is one difference between these two: the forward lookup means name to IP and
reverse lookup means IP to name.
8.Q: As a system administrator can you make backup and recovery of data?
A: This is a responsibility that any system administrator must have assume as a basic skill.
Of course there are many types of backup that can be made but all must be known for a
successful career.
9.Q: What is the meaning of DHCP and what is the port used by it to work?
A: DHCP or Dynamic Host Configuration Protocol has the ability to assign an IP
automatically, this is done in fact by the server and has a number range. When the system
starts an IP is assigned automatically. The DHCP server has port number 68, while the client
has 67.
10.Q: Can you ensure an updated system all the time and perform market
research?
A: Staying up-to-date is another strong point of a professional administrator, technology
evolves and we must keep up with the flow, otherwise we cant do our job in a professional
way. Market research is the key to an up-to date work.
15.Q: In how much time are the security changes applied on the domain
controllers?
A: Including policies for personal and public lockout, the changes apply immediately. The
changes also include passwords and LSA or Local Security Authority.
17.Q: Where is the storage place of the environmental settings and documents
from the roaming profile?
A: These documents and settings are deposited locally until the users log off, when they are
moved into the shared folder from the server so the log on at a fresh system may take a
while because of this.
18.Q: What are the classes that we can find in the Active Directory of Windows
Server 2003?
A: We can find:
a) the abstract class which can be made to look like a template and create other
templates, no matter if they are abstract, auxiliary or structural.
b) the structural class is the important type of class that is made from multiple abstract
classes or an existing structural class. They are the only ones that can make Active
Directory objects.
c) the auxiliary class is used as a replace for many attributes of a structural class, it is a
list of attributes.
d) The 88 class is used for objects classes that were defined before 1993 and it is not a
common class, it doesnt use abstract, structural or auxiliary classes.
20.Q: Can you explain to us about you experience in the past regarding windows
administration?
A: I have ten years of experience in this field, I was passionate about computers since
childhood and I installed many operating systems at home and inside organizations
including these versions of windows: 95, 98, 98 SE, NT, Millenium, 2000, 2003 Server, XP,
Seven, Vista. I also managed these systems and performed maintenance, I worked with
different applications from the windows environment.
21.Q: How can you handle a situation in which for instance if you have an
application that is not running on Windows 2003 because its older?
A: In this situation the application has to be started in the compatibility mode with a
previously windows operating system. This is made by right clicking the application icon and
choosing another Windows from the compatibility menu.
topology from the perspective of every domain controller. The active Directory forest can
also be supervised by Repadmin.exe and replication problems can be tracked.
23.Q: What difference can we find in the usage of CSVDE versus LDIFDE?
A: CSVDE and LDIFDE are both commands and are used for importing and exporting objects
but they are different in the way that CSVDE uses the format CSV (Comma Separated
Value) which is an Excel file for files and LDIFDE uses LDIF (LDAP Data Interchange Format)
file type which can be viewed with a simple text editor. LDIFDE can be also used for editing
or deleting objects unlike CSVDE.
24.Q: What big differences exist between these two operating systems: Windows
2000 and Windows XP?
A: Windows 2000 has more capabilities than Windows XP especially regarding features like
DHCP, Terminal Services or DNS. It has all the advantages for server usage. Windows 2000
is a little more professional than XP, but they are both coming with different versions for
every user taste. While XP has Home version, Professional or Enterprise, Windows 2000 has
Professional and Server editions. The Home version of XP comes with minimal features
because the target clients are beginners.
25.Q: What are the things that make Unix different from Windows?
A: The code loading runtime of Unix is different from the one that Windows has. We must
become aware of how the system exactly works before we make a dynamically loading
module. Unix has the shared objects with the .so extension that encapsulate lines of code
that the programs will use and the functions names. These function names become the
references of those functions in the memory of the program when the file is combined with
the program. In Windows the .dll file (dynamic-link library file) doesnt have references and
the code of the files does not link to the memory of the program but they get through a
lookup table which points to data or functions. Unix has just one type of library file, with the
.a extension and the code of many object file is contained within with the .o extension.
When the link is created for a shared object file the definition of the identifier may not be
found, so the object code from the library will be included.
7. We have 3 Hard disks with capacity of 2GB, 5GB and 4GB. If I implemented
RAID 5, How much space available for User ?
RAID5 takes the minimum disk space as basic so it takes 2GB from every disk so 6GB is
total disk available. In that 2GB is for Parity. So totally 4GB is available for User.
8. What is the Booting process of Windows 2000?
1. NTLDR runs and then calls NTDETECT.COM, it checks the computers hardware attributes
(Type of vedio, hard disk, ports, memory and so on)
2.Based on the results of the search, NTDETECT compiles a list of hardware. This
information is placed in the Registry under the appropriate hardware keys.
3.NTLDR reads an ASCII text file BOOT.INI to determine which other OS are on the hard
disk. (This file created during setup, is located in the root directory of the boot partition.
4.After the countdown period ends, the default OS in loaded
5.NT starts the booting process by loading the low level drivers and services
6. The GUI and higher drivers load, and NT logon security screen appears.
9. What is the Role of NTDETECT file?
NTDETECT.COM checks the computers hardware attributes (Type of vedio, hard disk,
Lock Computer,
Logoff,
Shutdown,
Change Password,
Task Manager,
Cancel
13. User locked the system and forget password. If we reset the password can the
user able to logon immediately?
It is not possible in NT 4. Even if u change the password, user should restart the system.
It is possible in 2003 server. There is no need to restart the PC
14. Basic difference between between PDC and BDC?
Primary Domain Controller (PDC):
1. A single member computer of an NT Domain that is running Windows NT server.
2. This maintains the SAM database for the Domains (R/W SAM Database)
3. It Authenticates the logon users.
4. It updates the SAM database in BDC
Backup Domain Controller (BDC):
1. A member computer of an NT Domain that shares the load of user security
2. This machine has to run windows NT server and maintains a copy of SAM database.
3. The SAM database in BDC is Read only. It gets updated from PDC.
3. Whenever PDC is down, We can promote the BDC as a PDC.
SAM: A protected sub system that operates and maintains the security accounts manager
database
Security Accounts Manager (SAM) Database: the database that contains the user accounts,
Passwords, and other settings for each user
15. Can we create users in BDC?
Yes. We can create the users in BDC, Whenever users are created in BDC immediately the
changes are updated in PDC
16. What is EIGRP and IGRP?
Interior Gateway Routing Protocol (IGRP):
Cisco Proprietary protocol.
Distance Vector protocol
Metric is Bandwidth of Delay
Administrative distance 100
Classful Routing protocol
Periodic Routing protocol (sends entire routing table to the neighbour router for every 90
secs)
Does not supporting Subnetting
Minimum HOP count 100 ( can go upto 255)
Slow convergence
Used for medium sized networks
Uses AS numbers (1-65535)
Enhanced Interior Gateway Routing Protocol (EIGRP):
Ciscos proprietary protocol
Advance distance vector protocol
Hybrid protocols (distance vector + link state)
Metric is 5 Factors (Bandwidth, Delay, Reliability, Load Maximum, Transmission Unit)
Works on basis of AS numbers
AD Value 90 internal, 170 external
It supports triggered update (whenever change in topology that particular information will
sent)
Supports subnetting
Classless routing protocol
It supports multiple network layer protocol
It uses DUAL (Diffusion Update Algorithm) to select the best path
Route is represented by D symbol
It keeps 3 routing tables (Topology table, Neighbour table, Routing table)
Auto summarization by default, but manual summarization is also possible.
17. What is RIP explain?
Routing Information Protocol (RIP):
It is a standard protocol
Distance Vector protocol
Metric is HOP count
Administrative distance 120
RIP Ver 1.0 does not supports subnetting, It is a Classfull routing protocol
Periodic routing updates (sends entire routing table for every 30 secs)
Does not supports subnetting
Uses broadcast address 255.255.255.255 to send the updates
Maximum HOP count is 15
Slow convergence
Used for small inter networks
RIP V 2.0 suports subnetting, It is a classless routing protocol, It sends updates through
multicast address 224.0.0.9
18. What is difference between Router and Switch?
Router:
It is a Layer 3 (L3) device
It breaks broadcast + collision domains
It forwards the packets to other networks
Switch:
It is a Layer 2 (L2) device
By default all the ports are in one broadcast domain
It breaks the Collision domain (Every port have its own collision domain)
It does not have WAN ports
Only used in LAN environment
All identical objects comes under one class ex. All users comes under User class
Attributes are the properties of the Object ex. For user full name, logon name etc
Simplifies Management:
Eliminates redundant management tasks. Provides a single-point of management for
Windows user accounts, clients, servers, and applications as well as the ability to
synchronize with existing directories.
Reduces trips to the desktop. Automatically distributes software to users based on their
role in the company, reducing or eliminating multiple trips that system administrators need
to make for software installation and configuration.
Better maximizes IT resources. Securely delegates administrative functions to all levels of
an organization.
Lowers total cost of ownership (TCO). Simplifies the management and use of file and print
services by making network resources easier to find, configure, and use.
Strengthens Security:
It improves password security and management. By providing single sign-on to network
resources with integrated, high-powered security services that are transparent to end
users.
It ensures desktop functionality. By locking-down desktop configurations and preventing
access to specific client machine operations, such as software installation or registry editing,
based on the role of the end user.
It speeds e-business deployment. By providing built-in support for secure Internetstandard protocols and authentication mechanisms such as Kerberos, public key
infrastructure (PKI) and lightweight directory access protocol (LDAP) over secure sockets
layer (SSL).
It tightly controls security. By setting access control privileges on directory objects and
the individual data elements that make them up.
Extends Interoperability:
Takes advantage of existing investments and ensures flexibility. Standards-based
interfaces to all features make use of investments and ensure flexibility for future
applications and infrastructure.
Consolidates management of multiple application directories. Using open interfaces,
connectors, and synchronization mechanisms, organizations can consolidate directories
including Novell's NDS, LDAP, ERP, e-mail, and other mission-critical applications.
Allows organizations to deploy directory-enabled networking. Network devices from
leading vendors such as Cisco and 3COM can use the directory to let administrators assign
quality of service and allocate network bandwidth to users based on their role in the
company.
Allows organizations to develop and deploy directory-enabled applications. Using the fully
extensible directory architecture, developers can build applications that deliver functionality
tailored to the needs of the end user.
23. What are the 4 Partitions of the ADS, explain?
Naming Contexts and Directory Partitions:
Each domain controller in an Active Directory forest includes directory partitions. Directory
partitions are also known as naming contexts. A directory partition is a contiguous portion of
the overall directory that has independent replication scope and scheduling data. By default,
the Active Directory for an enterprise contains the following partitions:
Schema Partition: Schema holds information on the definition of objects within the
network. The schema partition contains the classSchema and attributeSchema objects that
define the types of objects that can exist in the Active Directory forest. Every domain
controller in the forest has a replica of the same schema partition.
Defines rules for object creation and modification for all objects in the forest. Replicated to
all domain controllers in the forest. Replicated to all domain controllers in the forest, it is
known as an enterprise partition.
Configuration Partition: Configuration partition holds information relating to the forest
structure. The configuration partition contains replication topology and other configuration
data that must be replicated throughout the forest. Every domain controller in the forest has
a replica of the same configuration partition.
Information about the forest directory structure is defined including trees, domains, domain
trust relationships, and sites (TCP/IP subnet group). Replicated to all domain controllers in
the forest, it is known as an enterprise partition.
Domain Partition: The domain partition contains the directory objects, such as users and
computers, associated with the local domain. A domain can have multiple domain controllers
and a forest can have multiple domains. Each domain controller stores a full replica of the
domain partition for its local domain, but does not store replicas of the domain partitions for
other domains.
Has complete information about all domain objects (Objects that are part of the domain
including OUs, groups, users and others). Replicated only to domain controllers in the same
domain.
Application Directory Partitions: The application directory partition provides the capability
of hosting dynamic data in Active Directory, thus allowing ADSI/LDAP access to it, without
significantly impacting network performance. Dynamic data typically changes more
frequently than the replication latency involved in propagating the change to all replicas of
the data. In Windows 2000, the support for dynamic data is limited. Storing dynamic data in
a domain partition can be complicated. The data is replicated to all domain controllers in the
domain, which is often unnecessary and can result in inconsistent data due to replication
latency. This can adversely impact network performance.
27. If the Laptop is not displaying when u boot it, what is solution?
Check for the Power Loose connections
Remove Laptop battery and put it again and connect the power cable
Wait for 2 minutes and Start the Laptop.
DHCP client configures its TCP/IP stack by using address it accepted from the server.
34. If 2 DHCP servers are available, from which server the client takes IP?
The client machine typically repeats the discover message several times to make sure it
hears from all the servers, then eventually chooses the "best" server, where what is "best"
is up to the client. It may mean that the addresses the DHCP server has available offer the
longest lease time. Or the client might prefer a server that provides WINS servers over one
that doesn't
35. What are the FSMO Roles (Master Operations) and explain?
Prevents Object duplication if objects move from one Domain Controller to other.
Object SID = Domain SID + RID
It is UNIQUE for each object in AD.
We cant create the objects if the RID Master Fails.
Infrastructure Master:
It is responsible to updating group membership data for groups that have members that
move between two or more domains
Updates references to Objects and Group membership from other domains.
The infrastructure master is responsible for managing group and user references.
or
System Management Server (SMS) 2003 (for Medium/Big Organizations)
40. How can the client OS updates automatically with latest security updates?
If we have the internet. Select Windows Update option
It will updates SP, Security Patches and IE and others
41. Tell about the GHOST?
It is a Symantec Disk Cloning Utility
We can Clone Disk to Disk or Partition to Partition
42. How can you see the performance of CPU and Memory?
Go to Task Manager and see the Performance tab
43. What is RAID and explain all Levels?
RAID
RAID
RAID
RAID
RAID