This action might not be possible to undo. Are you sure you want to continue?
Secure services in your network require reverse name resolution to make it more difficult to launch successful attacks against the services. To set this up, you configure a reverse lookup zone and proceed to add records. Which record types do you need to create? 2. What is the main purpose of a DNS server? 3. SOA records must be included in every zone. What are they used for? 4. By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address? 5. What is the main purpose of SRV records? 6. Before installing your first domain controller in the network, you installed a DNS server and created a zone, naming it as you would name your AD domain. However, after the installation of the domain controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the most likely cause of this failure? 7. Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy clients? 8. At some point during the name resolution process, the requesting party received authoritative reply. Which further actions are likely to be taken after this reply? 9. Your company uses ten domain controllers, three of which are also used as DNS servers. You have one companywide AD-integrated zone, which contains several thousand resource records. This zone also allows dynamic updates, and it is critical to keep this zone up-to-date. Replication between domain controllers takes up a significant amount of bandwidth. You are looking to cut bandwidth usage for the purpose of replication. What should you do? 10. You are administering a network connected to the Internet. Your users complain that everything is slow. Preliminary research of the problem indicates that it takes a considerable amount of time to resolve names of resources on the Internet. What is the most likely reason for this? Answers…………………. 1. PTR Records 2. DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa 3. SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers. 4. Performs a recursive search through the primary DNS server based on the network interface configuration 5. SRV records are used in locating hosts that provide certain network services. 6. The zone you created was not configured to allow dynamic updates. The local interface on the DNS server was not configured to allow dynamic updates.
7. The zone to be used for dynamic updates must be configured to allow dynamic updates. The DHCP server must support, and be configured to allow, dynamic updates for legacy clients. 8. After receiving the authoritative reply, the resolution process is effectively over. 9. Change the replication scope to all DNS servers in the domain. 10. DNS servers are not caching replies.. Local client computers are not caching replies… The cache.dns file may have been corrupted on the server.
Technical Interview Questions – Active Directory
• • • • • • • • • • • • • • • • • • • • • • • • • • • •
What is Active Directory? What is LDAP? Can you connect Active Directory to other 3rd-party Directory Services? Name a few options. Where is the AD database held? What other folders are related to AD? What is the SYSVOL folder? Name the AD NCs and replication issues for each NC What are application partitions? When do I use them How do you create a new application partition How do you view replication properties for AD partitions and DCs? What is the Global Catalog? How do you view all the GCs in the forest? Why not make all DCs in a large forest as GCs? Trying to look at the Schema, how can I do that? What are the Support Tools? Why do I need them? What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN? What are sites? What are they used for? What's the difference between a site link's schedule and interval? What is the KCC? What is the ISTG? Who has that role by default? What are the requirements for installing AD on a new server? What can you do to promote a server to DC if you're in a remote location with slow WAN link? How can you forcibly remove AD from a server, and what do you do later? • Can I get user passwords from the AD database? What tool would I use to try to grab security related packets from the wire? Name some OU design considerations. What is tombstone lifetime attribute? What do you do to install a new Windows 2003 DC in a Windows 2000 AD? What do you do to install a new Windows 2003 R2 DC in a Windows 2003 AD? How would you find all users that have not logged on since last month?
yet his user and computer accounts are in the right OU. A user claims he did not receive a GPO.Windows Server 2008/R2 Active Directory • • • • • • What is Active Directory? What is LDAP? Where is the AD database held? What other folders are related to AD? Talk about all the AD-related roles in Windows Server 2008/R2. What are the GPC and the GPT? Where can I find them? What are GPO links? What special things can I do to them? What can I do to prevent inheritance from above? How can I override blocking of inheritance? How can you determine what GPO was and was not applied for a user? Name a few ways to do that. What are administrative templates? What's the difference between software publishing and assigning? Can I deploy non-MSI software with GPO? You want to standardize the desktop environments (wallpaper. My Documents. What are the new Domain and Forest Functional Levels in Windows Server 2008/R2? What is the SYSVOL folder? . Technical Interview Questions . Start menu. What will you look for? Name a few differences in Vista GPOs Name some GPO settings in the computer and user parts. and everyone else there gets the GPO.• • • • • • • • • • • • • • • • • • • • • • • • • • What are the DS* commands? What's the difference between LDIFDE and CSVDE? Usage considerations? What are the FSMO roles? Who has them by default? What happens when each one fails? What FSMO placement considerations do you know of? I want to look at the RID allocation table for a DC.) on the computers in one department. What do I do? What's the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why? How do you configure a "stand-by operation master" for any of the roles? How do you backup AD? How do you restore AD? How do you change the DS Restore admin password? Why can't you restore a DC that was backed up 4 months ago? What are GPOs? What is the order in which GPOs are applied? Name a few benefits of using GPMC. printers etc. How would you do that?.
) on the computers in one department.. My Documents. Describe the time synchronization mechanism in AD. yet his user and computer accounts are in the right OU. What is GPO? Describe the way GPO is applied throughout the domain. printers etc. What are the major changes in AD in Windows Server 2008? .• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • What are the AD naming contexts (partitions)s and replication issues for each NC? What are application partitions? What applications or services use AD application partitions? Name a couple. and everyone else there gets the GPO. Start menu.. What will you look for? You want to standardize the desktop environments (wallpaper. . How would you do that? . What are ADM files? What replaced them in Windows Server 2008? What's the GPO repository? How do you use it? What are GPO Preferences? Which client OSs can use GPO Preferences? What are GPO Templates? What are WMI Filters? What is the concept behind GPO Filtering? How can you determine what GPO was and was not applied for a user? Name a few ways to do that.. A user claims he did not receive a GPO.. What are sites? What are they used for? What's the difference between a site link's schedule and interval? What is the KCC? What is the ISTG? Who has that role by default? Talk about sites and GCs. What can you do to prevent inheritance from above? How can you override blocking of inheritance? Name some of the major changes in GPO in Windows Server 2008. How do you create a new application partition? What are the requirements for installing AD on a new server? What can you do to promote a server to DC if you're in a remote location with slow WAN link? ... What is ADSIEDIT? What is NETDOM? What is REPADMIN? What is DCDIAG? When would you use it? . Talk about sites and Exchange Server 2007/2010. How do you view replication properties for AD partitions and DCs? What is the Global Catalog? How do you view all the GCs in the forest? Why not make all DCs in a large forest as GCs? Talk about GCs and Universal Groups...
What are RODCs? What are the major benefits of using RODCs? How do you install an RODC? Talk about RODCs and passwords. Talk about Server Core and AD.. What FSMO placement considerations do you know of? You want to look at the RID allocation table for a DC... What do you need to do? What's the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why? .. How do you promote a Server Core to DC? .• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • What are the major changes in AD in Windows Server 2008 R2? What is the AD Recycle Bin? How do you use it? What is tombstone lifetime attribute? What are AD Snapshots? How do you use them? What is Offline Domain Join? How do you use it? What are Fine-Grained Passwords? How do you use them? Talk about Restartable Active Directory Domain Services in Windows Server 2008/R2. How do you change the DS Restore admin password? Why can't you restore a DC that was backed up 7 months ago? What's NTDSUTIL? When do you use it? . . How can you forcibly remove AD from a server.... What is this feature good for? What are the changes in auditing in Windows Server 2008/R2? .. and what do you do later? Can I get user passwords from the AD database? What tool would I use to try to grab security related packets from the wire? Talk about PowerShell and AD... What are the FSMO roles? Who has them by default? What happens when each one fails? How can you tell who holds each FSMO role? Name a 2-3 of methods. How do you backup AD? How do you restore AD? Talk about Windows Backup and AD backups. What is Read Only DNS? What happens when a remote site with an RODC loses connectivity to the main site? .
Can DHCP work with AppleTalk or IPX? No. it is too tied to IP. servers that have no exact information about the individual computers until they request the information.DHCP Server Interview Questions and Answers 1. What is DHCP? DHCP stands for "Dynamic Host Configuration Protocol". DHCP is an Internet Draft Standard Protocol and is Elective. The most significant piece of information distributed in this manner is the IP address. Furthermore. a volunteer organization which defines protocols for use on the Internet). they don't need it since they have always had automated mechanisms for assigning their own network addresses. BOOTP is an Internet Draft Standard .What is DHCP's purpose? DHCP's purpose is to enable individual computers on an IP network to extract their configurations from a server (the 'DHCP server') or servers. Who Created It? How Was It Created? DHCP was created by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force (IETF. The overall purpose of this is to reduce the work necessary to administer a large IP network. in particular. 2. As such. As of this writing (June 1998). 4. it's definition is recorded in an Internet RFC and the Internet Activities Board (IAB) is asserting its status as to Internet Standardization. 3.
A DHCP server and forwarding agents can allow you to set things up so that you can unplug a client computer from one network or . How is it different than BOOTP or RARP? DHCP is based on BOOTP and maintains some backward compatibility. RARP doesn't support other parameters and using it. while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. RARP is a protocol used by Sun and other vendors that allows a computer to find out its own IP number. For more information on Internet standardization. VLANs represent a more revolutionary change to a LAN than DHCP.Protocol and is recommended. which are very different in concept. which is one of the protocol parameters typically passed to the client system by DHCP or BOOTP. see RFC2300 (May 1998) 5. DHCP allows for recovery and reallocation of network addresses through a leasing mechanism.How is it different than VLANs? DHCP and VLANs. DHCP and BOOTP are designed so they can be routed. a server can only serve a single LAN. While they have a goal in common (easing moves of networked computers). The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database. 6. are sometimes cited as different solutions to the same problem. Additionally.
it having been reconfigured automatically. VLAN-capable LAN equipment with dynamic VLAN assignment allows you to configure things so a client computer can be plugged into any port and have the same IP number (as well as name) and be on the same subnet. The analogous capability in VLANs requires that all hubs throughout the network be VLAN-capable. forwarding agent in each router. supporting the same VLAN scheme. • DHCP can configure a new client computer for you while a VLANcapable network can't. • DHCP dynamic reconfiguration requires a DHCP server. Some differences in the two approaches: • DHCP handles changes by reconfiguring the client while a VLANcapable network handles it by reconfiguring the network port the client is moved to. To this point VLAN support is proprietary with no vendor interoperability. but standards are being developed. or it makes the determination from the source IP address of the IP packets that the client computer sends. and DHCP capability in each client's TCP/IP support. In conjunction to Dynamic DNS. or on separate . it could automatically be given its same name in its new place.subnet and plug it into another and have it come alive immediately. The VLAN-capable network either has its own configuration that lists which MAC addresses are to belong to each VLAN. • DHCP is generally aimed at giving "easy moves" capability to networks that are divided into subnets on a geographical basis.
The IP address is used by the Internet to direct data to your computer.111) which uniquely identifies a computer that is making use of the Internet. e. instead of putting everyone in one office on the same subnet. i. 8. putting each person on a subnet that has access to the servers that that person requires. like BOOTP runs over UDP. VLANs are generally aimed at allowing you to set up subnets on some basis other than geographical. Doing so assumes the client computer is already configured. with the scheme by which the VLAN-capable network determines the client's VLAN based upon the client computer's source IP address. utilizing ports 67 and 68.networks.1. What is an IP address? An IP address (also called an IP number) is a number (typically written as four numbers separated by periods.4. 7.g. the data your web browser retrieves and displays when you surf the net. which precludes the use of network to get the configuration information from a DHCP or BOOTP server. in particular. What protocol and port does DHCP use? DHCP. 107. e.e.3 or 84.2.g.1. One task of DHCP is to assist in the problem of getting a . There is an issue with trying to use DHCP (or BOOTP) and VLANs at the same time. It is analogous to your telephone number in that the telephone number is used by the telephone network to direct calls to you.
What is a Client ID? What is termed the Client ID for the purposes of the DHCP protocol is whatever is used by the protocol to identify the client computer. i. A typical server allows its administrator to set the lease time. 0:80:0:2:20:ef) which uniquely identifes a computer that has an Ethernet interface. What is a DHCP lease? A DHCP lease is the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address. 11. Some DHCP implementations have a . or as six hexadecimal numbers separated by periods or colons. Unlike the IP number. 0080002012ef. By default. but the DHCP protocol allows other options. In DHCP's typical use. What is a MAC address? A MAC address (also called an Ethernet address or an IEEE MAC address) is a number (typically written as twelve hexadecimal digits. the server uses a requesting computer's MAC address to uniquely identify it.e. DHCP implementations typically employ the client's MAC address for this purpose. 9. it includes no indication of where your computer is located.functional and unique IP number into the hands of the computers that make use of the Internet. 10. 0 through 9 and A through F.
In any case. . in order for DHCP to function. each with its own subnet number. and you must be sure the DHCP server will accept it. The RFC refers to this as manual allocation. 12. there are two ways.setup option to specify the client ID you want. Secondly. you must be certain that no other client is using the client ID you choose. the address is known as the "UDP Helper Address". First of all. On a Cisco router. 13. Typically you have to enable it on the interface to the subnet to be served and have to configure it with the IP address of the DHCP or BOOTP server. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. you can set up a seperate server on each subnet. One alternative to the MAC address is simply a character string of your choice. Can a BOOTP client boot from a DHCP server? Only if the DHCP server is specifically written to also handle BOOTP queries. How does DHCP and BOOTP handle multiple subnets? For the situations where there is more than one LAN. The part of such a router (or server acting as a router) that does this is called a "BOOTP forwarding agent".Can DHCP support statically defined addresses? Yes. This is really a server matter and the client should work either way. a feature of some routers known as "BOOTP forwarding" to forward DHCP or BOOTP requests to a server on another subnet and to forward the replies back to the client. 14.
" (section 3). 17..e.5 of RFC 1541: "DHCP must provide service to existing BOOTP clients. the TCP/IP stack included with Windows 95 does not have this capability." (section 2). a DHCP server: . Is a DHCP server "supposed to" be able to support a BOOTP client? The RFC on such interoperability (1534) is clear: "In summary. what the designers of the DHCP protocol set as their own goals." However. The word "MAY" indicates such . however useful. A source of confusion on this point is the following statement in section 1. is left as an option. It is not in a list of requirements for DHCP servers. Can a DHCP client boot from a BOOTP server? Only if the DHCP client were specifically written to make use of the answer from a BOOTP server.. The word "MAY" indicates such support.15. Is a DHCP client "supposed to" be able to use a BOOTP server? The RFC on such interoperability (1534) is clear: "A DHCP client MAY use a reply from a BOOTP server if the configuration returned from the BOOTP server is acceptable to the DHCP client. It would presumably treat a BOOTP reply as an unending lease on the IP address. i. 16. MAY support BOOTP clients. this statement is one in a list of "general design goals for DHCP". In particular.
Can a DHCP server back up another DHCP server? You can have two or more servers handing out leases for different addresses. 20. there are DNS and DHCP servers that accomplish this through proprietary means. one of those clients can lease an address from the other server. The RFCs are very recent (as of 5/97) and implementations are few. If each has a dynamic pool accessible to the same clients. Using this requires a DNS server that supports this feature and a DHCP server that makes use of it. any client with a lease from it will not be able to renew their lease with the other server.support. Such communication is the purpose of the "server to server protocol" (see next question). However. Can a DHCP client or server make a DNS server update the client's DNS entry to match the client's dynamically assigned address? RFCs 2136 and 2137 indicate a way in which DNS entries can be updated dynamically. When will the server to server protocol be defined? The DHC WG of the IETF is actively investigating the issues in inter-server . is left as an option. In the mean time. It is possible that some server vendors have addressed this issue with their own proprietary server-to-server communication. when one server is down. without communication between the two servers to share their information on current leases. however useful. then even if one server is down. 19. 18.
Thus.communication. then get the rest of its parameters using this feature of DHCP. 21. This is sometimes called doing DHCP by proxy for the client. like communications servers supporting PPP. Such a communications server may support the use of DHCP to acquire the IP addresses it gives out. but many communications servers support non-standard ways of doing this that can be utilized by scripts. a PPP client could get its IP number using IPCP. Can DHCP support remote access? PPP has its own non-DHCP way in which communications servers can hand clients an IP address called IPCP (IP Control Protocol) but doesn't have the same flexibility as DHCP or BOOTP in handing out other parameters. .Where is DHCP defined? In Internet RFCs. With this. I know that Windows NT's remote access support does this. A feature of DHCP under development (DHCPinform) is a method by which a DHCP server can supply parameters to a client that already has an IP number. 22. SLIP has no standard way in which a server can hand a client an IP address. etc. The protocol should be defined "soon".
One way such a communications server can get around this problem is through the use of a set of unique pseudo-MAC addresses for the purposes of its communications with the DHCP server.such communications servers could also support the use of DHCP to acquire the IP addressees to give out. Client ID type 1 means you're using MAC addresses.How can I relay DHCP if my router does not support it? A server on a net(subnet) can relay DHCP or BOOTP for that net. client ID type 0 means an ASCII string. The DHCP protocol is capable of allocating an IP address to a device without an IEEE-style MAC address. However. Another way (used by Shiva) is to use a different "client ID type" for your hardware address. it makes use of a feature which may or may not be supported by the DHCP server: the ability of the server to use something other than the MAC address to identify the client. such as a computer attached through SLIP or PPP. 23. Microsoft has software to make Windows NT do this.What is DHCP Spoofing? . but need to acquire more than one IP address. 24. but to do so. Communications servers that acquire IP numbers for their clients via DHCP run into the same roadblock in that they have just one MAC address.
Ascend Pipeline ISDN routers (which attach Ethernets to ISDN lines) incorporate a feature that Ascend calls "DHCP spoofing" which is essentially a tiny server implementation that hands an IP address to a connecting Windows 95 computer. Perhaps you can find DHCP server software that allows you to list which MAC addresses the server will accept. How long should a lease be? A very relevant factor is that the client starts trying to renew the lease when it is halfway through: thus. new users cannot get new leases. Another factor is that the longer the lease the longer time it takes for client configuration changes controlled by DHCP to propogate. with a 4 day lease. the client which has lost access to its DHCP server has 2 days from when it first tries to renew the lease until the lease expires and the client must stop using the network. for example. with the intention of giving it an IP number during its connection process. During a 2day outage. How can I control which clients get leases from my server? There is no ideal answer: you have to give something up or do some extra work. • • You can use manual allocation. 25. 25. DHCP servers that support roaming . • You can put all your clients on a subnet of your own along with your own DHCP server. but no lease will expire for any computer turned on at the time that the outage commences.
but does not provide that kind of support.machines may be adapted to such use. DHCP does not prevent other clients from using the addresses it is set to hand out nor can it distinguish between a computer's permanent MAC address and one set by the computer's user. there is nothing to stop someone from implementing a server that uses the DHCP protocol. You still depend upon the other clients to respect your wishes. • You can use the user class option assuming your clients and server support it: it will require you to configure each of your clients with a user class name. 26. The following terminology has become common to describe three kinds of IP address allocation/management. In particular. What features or restrictions can a DHCP server have? While the DHCP server protocol is designed to support dynamic management of IP addresses. How can I prevent unauthorized laptops from using a network that uses DHCP for dynamic addressing? This would have to be done using a mechanism other than DHCP. DHCP can impose no restrictions on what IP address can use a particular port nor control the IP address used by any client. 27. the maintainer of a BOOTP server-implementation might find it helpful to enhance their BOOTP server to allow DHCP clients that cannot speak "BOOTP" to retrieve statically defined addresses via DHCP. .
Interaction with a DNS server. Administrator-settable lease times on manually allocated addresses. NIS. once associated with a MAC address. An IP address. Ability to limit what MAC addresses will be served with dynamic addresses. • Dynamic allocation: like automatic allocation except that the server will track leases and give IP addresses whose lease has expired to other DHCP clients. Note that there are a number of interactions that one might support and that a standard set & method is in the works. is permanently associated with it until the server's administrator intervenes. • Automatic allocation: the server's administrator creates a configuration for the server that includes only IP addresses. which it gives out to clients. Allows manual allocation of two or more alternative IP numbers to a . Other features which a DHCP server may or may not have: • • • • • Support for BOOTP clients.These are independent "features": a particular server can offer or not offer any of them: • Manual allocation: the server's administrator creates a configuration for the server that includes the MAC address and IP address of each DHCP client that will be able to get an address: functionally equivalent to BOOTP though the protocol is incompatible.g. Administrator-settable lease times. e. • • Allows administrator to configure additional DHCP option-types. Support for the broadcast bit. • • Interaction with some other type of name server.
whose use depends upon the gateway address through which the request is relayed.g. • Ability to associate two or more dynamic address pools on separate IP networks (or subnets) with a single gateway address. • Ability to configure groups of clients based upon client-supplied user and/or vendor class. Note that there are a number of interactions that one might support and that a standard set & method is in the works. • • Administrator-settable T1/T2 lengths. DHCP Discovery: . Note: this is a feature that might be used to assign different client-groups on the same physical LAN to different logical subnets.single MAC address. e. though someone might have a server that forces the pool to be a whole subnet or network. • • Server grace period on lease times. the server does not force such a pool to consist of contiguous IP addresses. Ideally. a router that is acting as a BOOTP relay for an interface which has addresses for more than one IP network or subnet. Ability to force client(s) to get a new address rather than renew. This is pretty obvious. • Ability to define the pool/pools of addresses that can be allocated dynamically. This is the basic support for "secondary nets". Interaction with another DHCP server. • Use of PING (ICMP Echo Request) to check an address prior to dynamically allocating it.
1.255.255 as ..0 as its own IP address and 255. The server determines the configuration..100) although the server may ignore this optional parameter.168. This is done by reserving an IP address for the client and broadcasting a DHCPOFFER message across the network.255. If it does not. 192. it requests a lease from a DHCP server.255 or subnet broadcast address and also requests its last-known IP address (in the example below. Here the server. it checks to see if it currently has an IP address leased.The client broadcasts on the local physical subnet to find available servers. 192. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet. based on the client's hardware address as specified in the CHADDR field. DHCP Requests: Whenever a computer comes on line. the lease duration.168. followed by the IP address that the server is offering.255. it extends an IP lease offer.1.255. This message contains the client's MAC address.1. specifies the IP address in the YIADDR field.. the subnet mask.0.0. it uses 0. and the IP address of the DHCP server making the offer. Because the client computer does not know the address of a DHCP server. This client-implementation creates a UDP packet with the broadcast destination of 255. DHCP Offers: When a DHCP server receives an IP lease request from a client.
The system as a whole expects the client to configure its network interface with the supplied options. This acknowledgement phase involves sending a DHCPACK packet to the client. The server acknowledges the request and sends the acknowledgement to the client. the TCP/IP configuration process is complete.168.1. At this point.100 address that the server specified.the destination address. Such a message consists of the client computer's Media Access Control (MAC) address (the hardware address built into the network card) and its NetBIOS name. In case the client has received multiple offers it specifies the server from which it has accepted the offer. The client selects a configuration out of the DHCP "Offer" packets it has received and broadcasts it on the local subnet. DHCP Acknowledgement: When the DHCP server receives the DHCPREQUEST message from the client. This packet includes the lease duration and any other configuration information that the client might have requested. it initiates the final phase of the configuration process. this client requests the 192. Doing so allows the client to broadcast a DHCPDISCOVER message across the network. Again. .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.