Interview Questions-2003

Windows Server 2003 Active Directory and Security questions
1. What’s the difference between local, global and universal groups? Domain local groups assign access permissions
to global domain groups for local domain resources. Global groups provide access to resources in other trusted
domains. Universal groups grant access to resources in all trusted domains.
2. I am trying to create a new universal user group. Why can’t I? Universal groups are allowed only in native-mode
Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server
2003 Active Directory.
3. What is LSDOU? It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains
and Organizational Units.
4. Why doesn’t LSDOU work under Windows NT? If the NTConfig.pol file exist, it has the highest priority among the
numerous policies.
5. Where are group policies stored? %SystemRoot%System32\GroupPolicy
6. What is GPT and GPC? Group policy template and group policy container.
7. Where is GPT stored? %SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
8. You change the group policies, and now the computer and user settings are in conflict. Which one has the
highest priority? The computer settings take priority.
9. You want to set up remote installation procedure, but do not want the user to gain access over it. What do you
do? gponame–> User Configuration–> Windows Settings–> Remote Installation Services–> Choice Options is your
friend.
10. What’s contained in administrative template conf.adm? Microsoft NetMeeting policies
11. How can you restrict running certain applications on a machine? Via group policy, security settings for the group,
then Software Restriction Policies.
12. You need to automatically install an app, but MSI file is not available. What do you do? A .zap text file can be
used to add applications using the Software Installer, rather than the Windows Installer.
13. What’s the difference between Software Installer and Windows Installer? The former has fewer privileges and will
probably require user intervention. Plus, it uses .zap files.
14. What can be restricted on Windows Server 2003 that wasn’t there in previous products? Group Policy in Windows
Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively
restricted from modifying their IP address and other network configuration parameters.
15. How frequently is the client policy refreshed? 90 minutes give or take.
16. Where is secedit? It’s now gpupdate.
17. You want to create a new group policy but do not wish to inherit. Make sure you check Block inheritance among
the options when creating the policy.
18. What is "tattooing" the Registry? The user can view and modify user preferences that are not stored in maintained
portions of the Registry. If the group policy is removed or changed, the user preference will persist in the Registry.
19. How do you fight tattooing in NT/2000 installations? You can’t.
20. How do you fight tattooing in 2003 installations? User Configuration - Administrative Templates - System - Group
Policy - enable - Enforce Show Policies Only.
21. What does IntelliMirror do? It helps to reconcile desktop settings, applications, and stored files for users, particularly
those who move between workstations or those who must periodically work offline.
22. What’s the major difference between FAT and NTFS on a local machine? FAT and FAT32 provide no security over
locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files.
23. How do FAT and NTFS differ in approach to user shares? They don’t, both have support for sharing.
24. Explan the List Folder Contents permission on the folder in NTFS. Same as Read & Execute, but not inherited by
files within a folder. However, newly created subfolders will inherit this permission.
25. I have a file to which the user has access, but he has no folder permission to read it. Can he access it? It is
possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the
path of the file object. Even if the user can’t drill down the file/folder tree using My Computer, he can still gain access to
the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into
Run… window.
26. For a user in several groups, are Allow permissions restrictive or permissive? Permissive, if at least one group
has Allow permission for the file/folder, user will have the same permission.
27. For a user in several groups, are Deny permissions restrictive or permissive? Restrictive, if at least one group has
Deny permission for the file/folder, user will be denied access, regardless of other group permissions.
28. What hidden shares exist on Windows Server 2003 installation? Admin$, Drive$, IPC$, NETLOGON, print$ and
SYSVOL.
29. What’s the difference between standalone and fault-tolerant DFS (Distributed File System) installations? The
standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if
the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs
topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include
multiple connections to the same data residing in different shared folders.
30. We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box. Use the UNC path, not
client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares.
31. Where exactly do fault-tolerant DFS shares store information in Active Directory? In Partition Knowledge Table,
which is then replicated to other domain controllers.
32. Can you use Start->Search with DFS shares? Yes.
33. What problems can you have with DFS installed? Two users opening the redundant copies of the file at the same
time, with no file-locking involved in DFS, changing the contents and then saving. Only one file will be propagated
through DFS.
34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS. Yeah, you can’t. Install a standalone one.
35. Is Kerberos encryption symmetric or asymmetric? Symmetric.
36. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line? Time stamp is attached to
the initial client request, encrypted with the shared key.
37. What hashing algorithms are used in Windows 2003 Server? RSA Data Security’s Message Digest 5 (MD5),
produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash.
38. What third-party certificate exchange protocols are used by Windows 2003 Server? Windows Server 2003 uses
the industry standard PKCS-10 certificate request and PKCS-7 certificate response to exchange CA certificates with
third-party certificate authorities.
39. What’s the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though,
that it’s the Administrator account, not any account that’s part of the Administrators group.
40. If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it possible to
attack the password lists, specifically the ones using NTLMv1? A cracker would launch a dictionary attack by
hashing every imaginable term used for password and then compare the hashes.
41. What’s the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows
Server 2003.
42. How many passwords by default are remembered when you check "Enforce Password History Remembered"?
User’s last 6 passwords.
What are the ways to configure DNS & Zones?
Domain Name System

is the full form of the abbreviation DNS. It can be configured by clicking the Start button, pointing to the Programs, pointing to
Administrative Tools and clicking DNS Manager (which has two zones, namely the Forward Lookup Zone and the Reverse
Lookup Zone). When the DNS Server Configuration Wizard starts, click Next. If it does not auto-start, it can be started by right-
clicking the user's server name object in the DNS Manager console and choosing the Configure Your Server option.
The next step is to choose to add a forward lookup zone, click Next and ensure whether the new forward lookup zone is a
primary zone or not. It can only accept dynamic updates if it is a primary zone. Click Primary, and then click Next. It must be
ensured that the zone name must either be the same as the user's Active Directory Domain name or the same as the suffix for
all the computers on the network which are to be registered with the DNS server (in case of a stand-alone or workgroup
environment). Type the name of the zone and then click Next. The default name is accepted for the new zone file. Then click
Next. Choose to add a reverse lookup zone now and click Next.
Click Primary and then click Next. Type the name of the zone and then click Next. The zone name should be the same as the
Network ID of your local subnet. Accept the default name for the new zone file and click Next. Then click Finish to complete the
Server Configuration Wizard.
There are three types of backup. They are full backup, incremental backup and differential backup. Full backup is defined as a
complete set of all the files which the user wishes to back up. It is considered to be the reference set for the user. A full backup
is performed only occasionally. An incremental backup is a backup of all those files which have changed since the last time
any time of backup was performed. A differential backup is a backup of those files which have changed since the last time a
full backup was performed. It should be performed at regular intervals.
FSMO is the acronym for the term flexible single master operation, which is also called floating single master operation .There
are two main types of FSMO roles, namely forest-wide FSMO roles and domain-wide FSMO roles. Forest-wide FSMO roles
include Schema Master and Domain Naming Master. Domain-wide FSMO roles include Relative ID Master, Infrastructure
Master and PDC Emulator.
What are the types of backup? Explain each?
Backup Type Description Pros Cons

full backup A complete set of all files you Provides a complete copy of all Takes a long time and the most
wish to back up. Think of this as your data; makes it easy to locate space on backup media;
your 'reference set'. You only files which need restoring. redundant backups created, as
need perform a full backup most files remain static.
occasionally.
incremental backup A backup of those files which Uses the lease time and space as Makes the job of restoring files
have changed since the last only those files changed since the fiddly, as you have to reinstall the
backup of any type. last backup are copied; lets you last full backup first, then all
back up multiple versions of the subsequent incremental backups
same file. in the correct order; also makes it
hard to locate a particular file in
the backup set.
differential backup A backup of those files which Takes up less time and space Redundant information stored,
have changes since the last full than a full backup; provides for because each backup stores
backup. Should be performed at more efficient restoration than much of the same information
regular intervals. incremental backups. plus the latest information added
or created since the last full
backup. Subsequent differential
backups take longer and longer
as more files are changed.
What are Levels of RAID 0, 1, 5? Which one is better & why?
RAID
RAID is a technology that is used to increase the performance and/or reliability of data storage. The abbreviation stands for
Redundant Array of Inexpensive Disks. A RAID system consists of two or more disks working in parallel. These disks can be hard
discs but there is a trend to also use the technology for solid state drives.
The software to perform the RAID-functionality and control the hard disks can either be located on a separate controller card (a
hardware RAID controller) or it can simply be a driver. Some versions of Windows, such as Windows Server 2003, as well as Mac
OS X include software RAID functionality. Hardware RAID controllers cost more than pure software but they also offer better
performance.
RAID-systems can be based with an number of interfaces, including SCSI, IDE, SATA or FC (fibre channel.) There are systems
that use SATA disks internally but that have a FireWire or SCSI-interface for the host system.
There are different RAID levels, each suiting specific situations. RAID levels are not standardized by an industry group. This
explains why companies are sometimes creative and come up with their own unique implementations.
Sometimes disks in a RAID system are defined as JBOD, which stands for ‘Just a Bunch Of Disks’. This means that those disks do
not use a specific RAID level and are used as if they were stand-alone disks. This is often done for disks that contain swap files or
spooling data.
Below is an overview of the most popular levels:
RAID 0: striping
In a RAID 0 system, data are split up in blocks that get written across all the drives in the array. By using multiple disks (at least 2)
at the same time, RAID 0 offers superior I/O performance. This performance can be enhanced further by using multiple controllers,
ideally one controller per disk.
Advantages
 RAID 0 offers great performance, both in read and write operations. There is no overhead caused by parity controls.
 All storage capacity can be used, there is no disk overhead.
 The technology is easy to implement.
Disadvantages
RAID 0 is not fault-tolerant. If one disk fails, all data in the RAID 0 array are lost. It should not be used on mission-critical systems.
Ideal use
RAID 0 is ideal for non-critical storage of data that have to be read/written at a high speed, e.g. on a Photoshop image retouching
station.
RAID 1: mirroring
Data are stored twice by writing them to both the data disk (or set of data disks) and a mirror disk (or set of disks) . If a disk fails,
the controller uses either the data drive or the mirror drive for data recovery and continues operation. You need at least 2 disks for
a RAID 1 array.
RAID 1 systems are often combined with RAID 0 to improve performance. Such a system is sometimes referred to by the
combined number: a RAID 10 system.
Advantages
 RAID 1 offers excellent read speed and a write-speed that is comparable to that of a single disk.
 In case a disk fails, data do not have to be rebuild, they just have to be copied to the replacement disk.
 RAID 1 is a very simple technology.
Disadvantages
 The main disadvantage is that the effective storage capacity is only half of the total disk capacity because all data get
written twice.
 Software RAID 1 solutions do not always allow a hot swap of a failed disk (meaning it cannot be replaced while the server
keeps running). Ideally a hardware controller is used.
Ideal use
RAID-1 is ideal for mission critical storage, for instance for accounting systems. It is also suitable for small servers in which only
two disks will be used.
RAID 3
On RAID 3 systems, datablocks are subdivided (striped) and written in parallel on two or more drives. An additional drive stores
parity information. You need at least 3 disks for a RAID 3 array.
Since parity is used, a RAID 3 stripe set can withstand a single disk failure without losing data or access to data.
Advantages
 RAID-3 provides high throughput (both read and write) for large data transfers.
 Disk failures do not significantly slow down throughput.
Disadvantages
 This technology is fairly complex and too resource intensive to be done in software.
 Performance is slower for random, small I/O operations.
Ideal use
RAID 3 is not that common in prepress.

RAID 5
RAID 5 is the most common secure RAID level. It is similar to RAID-3 except that data are transferred to disks by independent read
and write operations (not in parallel). The data chunks that are written are also larger. Instead of a dedicated parity disk, parity
information is spread across all the drives. You need at least 3 disks for a RAID 5 array.
A RAID 5 array can withstand a single disk failure without losing data or access to data. Although RAID 5 can be achieved in
software, a hardware controller is recommended. Often extra cache memory is used on these controllers to improve the write
performance.
Advantages
Read data transactions are very fast while write data transaction are somewhat slower (due to the parity that has to be calculated).
Disadvantages
 Disk failures have an effect on throughput, although this is still acceptable.

 Like RAID 3, this is complex technology.
Ideal use
RAID 5 is a good all-round system that combines efficient storage with excellent security and decent performance. It is ideal for file
and application servers.
RAID 10: a mix of RAID 0 & RAID 1
RAID 10 combines the advantages (and disadvantages) of RAID 0 and RAID 1 in a single system. It provides security by mirroring
all data on a secondary set of disks (disk 3 and 4 in the drawing below) while using striping across each set of disks to speed up
datatransfers.
What about RAID 2, 4, 6 or 7?
These levels do exist but are not that common, at least not in prepress environments. This is just a simple introduction to RAID-
system. You can find more in-depth information on the pages of ACNC or storage.com.
4. What are FMSO Roles? List them.
FSMO (Flexible Single Master Operation Role)are used to avoide conflicts in our active directory as
AD provides lot of flexibility for users to do some kind of changes, thus increases chances of conflicts.
Purpose of FSMO is to avoide conflicts, below are exact roles it perform:
1. Schma Master Role

2. Domain Naming Master Role
3. RID - Relative Identifier.
4. PDC Emulator.
5. Infrastructure.
Schema and Domain naming roles are forest wide and PDC,INFRA & RID roles are domain wide
Schma Master :- Operations that involve expanding user properties e.g. Exchange 2003 / forestprep which adds
mailbox properties to users. Rather like the Domain naming master, changing the schema is a rare event. However if you have a
team of Schema Administrators all experimenting with object properties, you would not want there to be a mistake which crippled
your forest. So its a case of Microsoft know best, the Schema Master should be a Single Master Operation and thus a FSMO role.
Domain Naming Master - Ensures that each child domain has a unique name. How often do child domains get added to the forest?
Not very often I suggest, so the fact that this is a FSMO does not impact on normal domain activity. My point is it's worth the price
to confine joining and leaving the domain operations to one machine, and save the tiny risk of getting duplicate names or orphaned
domains.
# PDC Emulator - Most famous for backwards compatibility with NT 4.0 BDC's. However, there are two other FSMO roles which
operate even in Windows 2003 Native Domains, synchronizing the W32Time service and creating group
policies. I admit that it is confusing that these two jobs have little to do with PDCs and BDCs.
RID Master - Each object must have a globally unique number (GUID). The RID master makes sure each domain controller issues
unique numbers when you create objects such as users or computers. For example DC one is given RIDs 1-4999 and DC two is
given RIDs 5000 - 9999. Infrastructure Master -
Responsible for checking objects in other other domains. Universal group membership is the most important example. To me, it
seems as though the operating system is paranoid that, a) You are a member of a Universal Group in another domain and b) that
group has been assigned
Deny permissions. So if the Infrastructure master could not check your Universal Groups there could be a security breach.
5. Describe the lease process of the DHCP server.
DHCP Server leases the IP addresses to the clients as follows:
DORA
D (Discover) : DHCP Client sends a broadcast packets to identify the dhcp server, this packet will contain the source MAC.
O (Offer) : Once the packet is received by the DHCP server, the server will send the packet containing Source IP and Source MAC.
R (Request) : Client will now contact the DHCP server directly and request for the IP address.
A (Acknowledge) : DHCP server will send an ack packet which contains the IP address.
7. What is scope & super scope?
A DHCP scope is a valid range of IP addresses which are available for assignments or lease to client computers on a
particular subnet. In a DHCP server, you configure a scope to determine the address pool of IPs which the server can
provide to DHCP clients.
Scopes determine which IP addresses are provided to the clients. Scopes should be defined and activated before DHCP
clients use the DHCP server for its dynamic IP configuration. You can configure as many scopes on a DHCP server as is
required in your network environment
Using superscopes
A superscope is an administrative feature of DHCP servers running Windows Server 2003 that you can create and manage through
the DHCP console. Using a superscope, you can group multiple scopes as a single administrative entity. With this feature, a DHCP
server can:
 Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple
logical IP networks are used. When more than one logical IP network is used on each physical subnet or network, such
configurations are often called multinets.
 Support remote DHCP clients located on the far side of DHCP and BOOTP relay agents (where the network on the far
side of the relay agent uses multinets).
In multinet configurations, you can use DHCP superscopes to group and activate individual scope ranges of IP addresses used on
your network. In this way, the DHCP server computer can activate and provide leases from more than one scope to clients on a
single physical network.
Superscopes can resolve certain types of DHCP deployment issues for multinets, including situations in which:
 The available address pool for a currently active scope is nearly depleted, and more computers need to be added to the
network. The original scope includes the full addressable range for a single IP network of a specified address class. You
need to use another IP network range of addresses to extend the address space for the same physical network segment.
 Clients must be migrated over time to a new scope (such as to renumber the current IP network from an address range
used in an existing active scope to a new scope that contains another IP network range of addresses).
 You want to use two DHCP servers on the same physical network segment to manage separate logical IP networks.
Superscope configurations for multinets
The following section shows how a simple DHCP network consisting originally of one physical network segment and one DHCP
server, can be extended to use superscopes for support of multinet configurations.
Example 1: Non-routed DHCP server (before superscope)
In this preliminary instance, a small local area network (LAN) with one DHCP server supports a single physical subnet, Subnet A.
The DHCP server in this configuration is limited to leasing addresses to clients on this same physical subnet.
The following illustration shows this example network in its original state. At this point, no superscopes have been added and a
single scope, Scope 1, is used to service all DHCP clients on Subnet A.
Example 2: Superscope for non-routed DHCP server supporting local multinets
To include multinets implemented for client computers on Subnet A, the same network segment where the DHCP server is located,
you can configure a superscope which includes as members: the original scope (Scope 1) and additional scopes for the logical
multinets for which you need to add support (Scope 2, Scope 3).
This illustration shows the scope and superscope configuration to support the multinets on the same physical network (Subnet A)
as the DHCP server.
Example 3: Superscope for routed DHCP server with relay agent supporting remote multinets
To include multinets implemented for client computers on Subnet B, the remote network segment located across a router from the
DHCP server on Subnet A, you can configure a superscope which includes as members: the additional scopes for the logical
multinets for which you need to add remote support (Scope 2, Scope 3).
Note that since the multinets are for the remote network (Subnet B), the original scope (Scope 1) does not need to be part of the
added superscope.
This illustration shows the scope and superscope configuration to support the multinets on the remote physical network (Subnet B)
away from the DHCP server.
8. Differences between Win 2000 Server & Advanced Server?
The major Difference is win 2000 server is not supported for clustring where as 2000 Advanced server can,and even RAM and
Process support is more for Advanced server comparing to win 2000 server Windows 2000 Advanced Server adds advanced
symmetric multiprocessing (SMP) support, clustering, and
load-balancing
9. Logical Diagram of Active Directory? What is the difference between child domain & additional domain server?
Logical diagram contain -

Forest
Tree
Domain
Organizational unit
difference between Child domain controlloer and Additional

domain controller is that.
Child domain always share the contignious name space of the
parent domain.
child domain is always created under the parent domain only
we create child domain only when there is something
limitations of creating objects in the parent domain.
or when you want to create separate policy for the entire
domain in that case we go with child domain.
Additional domain controller is the exact copy of the root

domain controller we generally create ADC for fault
tolerance purpose.
10. FTP, NNTP, SMTP, KERBEROS, DNS, DHCP, POP3 port numbers?
ftp = port 21
nntp = 443
smtp = 25
KERBEROS v4 = 88
KERBEROS v5 = 750
dns = 53
dhcp = 67
pop3 = 110
11. What is Kerberos? Which version is currently used by Windows? How does Kerberos work?
kerberos is an authentication protocol as posted earlier the version of kerberos is 5.0 in windows and in prewindows
authentication protocol is NTLM. ntlm is new technology lan manager as authentication protocol. After giving logon credentials an
encryption key will be generated which is used to encrypt the time stamp of the client machine. User name and encrypted
timestamp information will be provided to domain controller for authentication. Then Domain controller based on the password
information stored in AD for that user it decrypts the encrypted time stamp information. If produces time stamp matches to its time
stamp. It will provide logon session key and Ticket granting ticket to client in an encryption format. Again client decrypts and if
produced time stamp information is matching then it will use logon session key to logon to the domain. Ticket granting ticket will be
used to generate service granting ticket when accessing network resources
MICROSOFT EXCHANGE SERVER INTERVIEW QUESTIONS
1. List the services of Exchange Server 2000?
The Exchange Server is a messaging software which is developed by Microsoft. It is widely used by enterprises which
are also using Microsoft infrastructure solutions. Exchange 2000 has following features:
- electronic mail
- calendaring
- contacts
- support for mobile and web-based access
- task management
- data storage.
2. How would you recover Exchange server when the log file is corrupted?
The best way is to bypass the Exchange file system as much as possible, and look at email vaulting, such as
provided by Symantec and CA. Here, Exchange pst, edb and stm files and log files are stored in a more
comprehensive enterprise manner which can be controlled better, and downtime minimised. However, if you are
already struggling because the log file has become corrupted, this advice is a case of locking the door after the horse
has bolted. One thing that may well be worth trying is to copy the log files to .old, and then delete the log files and
reboot. The log files should be recreated, and the problems with mounting any files that aren't corrupt should go away
OR
Installing Exchange Using the Disaster Recovery Switch
Now that Windows 2003 Server has been configured and prepared, we can move on and start installing Exchange
Server 2003 using the /DisasterRecovery switch.
Note: The reason why we install Exchange 2003 Server using the /DisasterRecovery switch is because the
configuration information for the Exchange Server still lives in Active Directory. Installing Exchange 2003 Server
using the /DisasterRecovery switch will add all necessary Exchange binaries to the server, as well as restore the
default Exchange registry settings and re-register the necessary DLL files etc. without touching the configuration
information still held in Active Directory.
To get going insert the Exchange Server 2003 media then click Start > Run and type:
\Setup\I386\Setup.exe /DisasterRecovery
\E2K3SP1\Setup\Update.exe /DisasterRecovery (service Pack)
Restoring the Exchange Databases
3. How can Active Directory be installed?
Ans. Active Directory can be installed in one of two ways:
1. By using the dcpromo.exe command.

2. By using the Configure the Server administrative tool.
4. How can Active Directory Installation be verified?
Ans. Active Directory installation can be Verify by checking for SRV and A records on the DNS server for the new domain
controller.
5. In Which mode the Active Directory is installed initially?
Ans. Active Directory is initially installed in mixed mode; if you want to change it to native mode, you will have to do it manually.
6. Does the native mode support NT4 Domain Controller?
Ans. Once converted to native mode, a domain cannot revert to mixed mode to support NT 4 domain controllers.
7. How can Authoritative Restore be performed?

8. Ans. Authoritative restore can be Perform by booting the computer in Directory Services Repair Mode and running
ntdsutil.exe.
9. How can new sites be configured in Active Directory?
Ans. New sites are configured through Active Directory Sites and Services. After creating a new site, the following tasks must
be completed:
1. Add appropriate IP subnets to the site.

2. Install or move a domain controller or controllers into the site. Although a domain controller is not required for a site, it is
strongly recommended.
3. Connect the site to other sites with the appropriate site link.
4. Select a server to control and monitor licensing within the site.
5. All site links are bridged by default.
6. Site link bridges can be explicitly defined if a network is not fully routed.
10. How can Inbound Replication be configured?
Ans. Inbound replication can be configured through connection objects.
11. What is KCC and what is its function?
Ans. The KCC (Knowledge Consistency Checker) maintains schedules and settings for default site links and bridges.
Administrator-configured connection objects require manual configuration and maintenance.
12. When Cost is used?
Ans. Cost is used to determine which path to take between sites when multiple links exist.
13. What Information is kept in GC Servers?
Ans. Global Catalog (GC) servers maintain a read- only subset of information in the complete Active Directory database.
14. What is the Procedure of Configuring GC Server?
Ans. To configure a server as a GC server, use Active Directory Sites and Services. Select the desired domain controller, then
right-click on NTDS settings and choose properties. Check the box for Global Catalog.
15. How can Backup of AD System state data be taken?
Ans. The AD system state data backup can be taken by using windows 2000 backup utility.
16. When Authoritative restore is used?
Ans. Authoritative restore is used when you want your restored settings to overwrite existing AD settings on other domain
controllers, such as if an object (OU, user account, and so on) are accidentally deleted from the database.
17. When Non-Authoritative restore is used?
Ans. Non-Authoritative restore is use when you are restoring out-of-date information and want the restored data to be
overwritten by newer data stored in Active Directory on other domain controllers. For example, you would do this if you were
recovering a DC from a failed hard drive and restored the server.
18. What is Kerberos Trust?

Ans. All domains in a tree automatically establish two way trust relationships called Kerberos trusts. Trust relationships
between Windows 2000 domains and NT 4 domains must be configured manually, just as you would configure a trust
relationship between two NT 4 domains.
19. Does the Caching Server store editable copy of database?
Ans. Caching servers do not store an editable copy of the zone database. Active directory integrated zones can reside only on
domain controllers, not member servers or non-Windows 2000 servers of any kind (NT 4, Unix, and so on).
20. What should be checked if a user gets an error message Domain controller cannot be found while logging in?
Ans. If a user who is trying to log on gets an error that a Domain controller cannot be found, check for the presence of SRV
records in the DNS database for domain controllers.
21. What is the function of secure dynamic updates?
Ans. Secure dynamic updates allow only computers and users who have been given permission to update their records into
the DNS database. Secure dynamic update is supported only for Active Directory integrated zones.
22. How DNS Replication is accomplished?
Ans. DNS replication is accomplished through Active Directory replication for AD integrated zones and zone transfer for
standard zones.
23. Why should a reverse lookup zone be configured?
Ans. A reverse lookup zone must be configured in order to perform reverse lookup queries. Installing AD through Configure
Your Server does not create a reverse lookup zone in DNS.
What must be done to an AD forest before Exchange can be deployed?
Setup.exe /forestprep
What are the required components of Windows Server 2003 for installing Exchange 2003?
ASP.NET, SMTP, NNTP, W3SVC
What Exchange process is responsible for communication with AD?
DSACCESS
What 3 types of domain controller does Exchange access?
Normal Domain Controller, Global Catalog, Configuration Domain Controller
What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that
connector?
SMTP Connector: Forward to smart host or use DNS to route to each address
How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of
memory?
Add /3Gb switch to boot.ini
Name the process names for the following: System Attendant?

MAD.EXE, Information Store � STORE.EXE, SMTP/POP/IMAP/OWA � INETINFO.EXE
What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise?
20 databases. 4 SGs x 5 DBs.
What is the use of NNTP with exchange?
This protocol is used the news group in exchange.
What is DHCP? How we configure DHCP?
DHCP is the Dynamic Host Configuration Protocol. (Port 67 and 68). It means asiging Dynamic IP address to the devices on a
network. (Next Doc)
What are the ways to configure DNS & Zones?
DNS = Domain Name System. It can be configured by clicking the Start button, pointing to the Programs, pointing to Administrative
Toolsand clicking DNS Manager (which has two zones, namely the Forward Lookup Zone and the Reverse Lookup Zone). When
the DNS Server Configuration Wizard starts, click Next. If it does not auto-start, it can be started by right-clicking the user's server
name object in the DNS Manager console and choosing the Configure Your Server option.
Zones = The next step is to choose to add a forward lookup zone, click Next and ensure whether the new forward lookup zone is a
primary zone or not. It can only accept dynamic updates if it is a primary zone. Click Primary, and then click Next. It must be
ensured that the zone name must either be the same as the user's Active Directory Domain name or the same as the suffix for all
the computers on the network which are to be registered with the DNS server (in case of a stand-alone or workgroup environment).
Type the name of the zone and then click Next. The default name is accepted for the new zone file. Then click Next. Choose to add
a reverse lookup zone now and click Next. Click Primary and then click Next. Type the name of the zone and then click Next. The
zone name should be the same as the Network ID of your local subnet. Accept the default name for the new zone file and click
Next. Then click Finish to complete the Server Configuration Wizard.
What are the types of backup? Explain each?
FULL, Incremental and Differential.
Full backup is as it says, it�s a full backup of available data.
Incremental backup stores all files changed since the last FULL, DIFFERENTIAL OR INCREMENTAL backup. The advantage of
an incremental backup is that it takes the least time to complete.
Differential backup contains all files that have changed since the last FULL backup . The advantage of a differential backup is that
it shortens restore time compared to a full backup or an incremental backup.
What are Levels of RAID 0, 1, 5? Which one is better & why?
Redundant Array of Independent Disks (RAID) is the combining of several hard drives into a single unit. Level 0 is used for
applications, which do not require redundancy or striping. Which, means the contents of the files are spread out over the multiple
disks. One of the common uses for level 0 is in editing digital video.
Level 0 there is not falut redundancy, and if one drive happens to fail all the data is lost.
Level 1 is used for applications, which include critical data and referred to as mirroring. RAID 1 is fault tolerant in situations when a
drive fails the system will continue to work. Level 1 provides twice the transaction rate of single disks.
Level 5 is used when fault tolerance is needed and uses block level striping and distributed parity. When one disk drive in RAID 5
goes down the data is recovered using the remaining drives. RAID 5 is considered, to be the most popular RAID level in use today,
because of it's performance, redundancy and storage efficiency.
What are FMSO Roles? List them.
FSMO (Flexible Single Master Operation Role) are used to avoid conflicts in our active directory as AD provides lot of flexibility for
users to do some kind of changes, thus increases chances of conflicts.
Schma Master Role
Domain Naming Master Role
RID - Relative Identifier.
PDC Emulator.
Infrastructure.
Describe the lease process of the DHCP server.
DORA
D (Discover) : DHCP Client sends a broadcast packets to identify the dhcp server, this packet will contain the source MAC.
O (Offer) : Once the packet is received by the DHCP server, the server will send the packet containing Source IP and Source MAC.
R (Request) : Client will now contact the DHCP server directly and request for the IP address.
A (Acknowledge) : DHCP server will send an ack packet which contains the IP address.
Disaster Recovery Plan?
A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan
(BPCP) - describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the
continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a
disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions. Typically,
disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus
on disaster prevention.
What is scope & super scope?
scope is a valid range of IP addresses which are available for assignments or lease to client computers on a particular subnet. A
superscope is an administrative grouping of scopes that can be used to support multiple logical IP subnets on the same physical
subnet. Superscopes only contain a list of member scopes or child scopes that can be activated together.
Logical Diagram of Active Directory? What is the difference between child domain & additional domain server?
Active directory contains forest, tree, domain and its child domain. Child domian is comes under parent domain and it shares the
name space, its names space append the parent domain name. Addtional domain controller is the copy of main domain controller
and its for load balancing and fault tolarance.
FTP, NNTP, SMTP, KERBEROS, DNS, DHCP, POP3 port numbers?
ftp = port 21 nntp = 443 smtp = 25 KERBEROS v4 = 88 KERBEROS v5 = 750 dns = 53 dhcp = 67 pop3 = 110
What is Kerberos? Which version is currently used by Windows? How does Kerberos work?
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using
secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology.
Kerberos is available in many commercial products as well. Current Version 5.0
How would you recover Exchange server when the log file is corrupted?
Tell me a bit about the capabilities of Exchange Server. 1) Outlook Anywhere (OWA)
2) Mailbox Can sync with Blackberry Device.
3) Calendar Sharing.
4) MAPI & POP3 Client support
5) RPC Over HTTP.
What are the different Exchange 2003 versions?
1. exchange 5.5
2. exchange server 2000
What are the major network infrastructure for installing Exchange 2003?
1.Geographical considerations
2.Bandwidth and latency
3.Current usage
4.Current messaging system
What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.
SP2 is a cumulative update that enhances your Exchange
Server 2003 messaging environment with:
Mobile e-mail improvements
Better protection against spam
Mailbox advancements
What are the disk considerations when installing Exchange (RAID types, locations and so on).
Server hardware:
� Four 1 gigahertz (GHz), 1 megabyte (MB) or 2 MB L2 cache processors
� 4 gigabytes (GB) of Error Correction Code (ECC) RAM
� Two 100 megabits per second (Mbps) or 1000 Mbps network interface cards
� RAID-1 array with two internal disks for the Windows Server 2003 and Exchange Server 2003 program files
� Two redundant 64-bit fiber Host Bus Adapters (HBAs) to connect to the Storage Area Network
You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install
Exchange 2003? (you have AD in place)

Why not install Exchange on the same machine as a DC?
1. Redundancy and Stability - if the exchange server fails then Domain Controller also fails and it concludes a big Failuire
2. Overload : It may overload your existing server and that can cause a significant performance problem.
How would you prepare the AD Schema in advance before installing Exchange?
1. Make sure all the following are installd and working on the server SMTP, NNTP, ASP.NET, IIS, WWW. This can be installed
windos component on Add-Remove program
2. Run Forest Preain Prep
3. Run Domain Prep and you are good to go.
What type or permissions do you need in order to install the first Exchange server in a forest? In a domain?
you need Schema Admin, Domain Admin and Enterprise Admin Permission. What type of memory optimization changes could you
do for Exchange 2003? Add /3GB switch to boot.ini file and you can use upto 3GB memory instead of 1GB by default.
How would you check your Exchange configuration settings to see if they're right?
Once your exchange server configuration is done run the tool EXBPA.exc .This will give you the correct ficture of your exchange
organization.
What are the Exchange management tools? How and where can you install them?
To install the Exchange System Management Tools
1. On the dedicated management workstation, insert the Exchange 2003 Setup CD into the workstation's CD drive, and then
locate : \setup\i386\setup.exe.
2. On the Component Selection page, do the following: --Under Component Name, locate Microsoft Exchange. In the
corresponding Action column, select Custom.
--Under Component Name, locate Microsoft Exchange System Management Tools. In the corresponding Action column, select
Install Microsoft Exchange System Management Tools installation option
3. Click Next, and continue with the wizard.
What types of permissions are configurable for Exchange?
1)Exchange full admin � full control over the exchange organization including permission
2)Exchange Admin � Manage everything within the organization except org permission.
3)Exchange view only administrator � read only administrative access to Exchange organization
How can you grant access for an administrator to access all mailboxes on a specific server?
1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Right-click it and choose Properties.
3. In the Properties window go to the Security tab.
4. Click Add, click the user or group who you want to have access to the mailboxes, and then click OK.
5. Be sure that the user or group is selected in the Name box.
6. In the Permissions list, click Allow next to Full Control, and then click OK.
Note: Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.
7. Click Ok all the way out.

What is the Send As permission?
Send As Permission means user A will be able to access the mail box of user B and reply back to those mail. Even though user A
has replied to the mail, the send address will display user b email.
What other management tools are used to manage and control Exchange 2003? Name the tools you'd use.
Active Directory Account Cleanup Wizard (adclean.exe)
You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?
Genrally, when you create a mailbox for a user. The user's e-mail address will be updated in the GAL. During the regular update
interval. But in order for you to be able to view the mail box. The user has to access the Exchange server (either through MS
outlook or OWA). Then you will be able to view the user's mail box.
What are Query Based Distribution groups?
A query-based distribution group is a new additional type of distribution group in Exchange 2003. This new type of distribution
group provides the same functionality as a standard distribution group; however, instead of specifying static user memberships, a
query-based distribution group allows you to use an LDAP query to dynamically build membership in the distribution group (for
example All employees with a special group membership). Using query-based distribution groups we can reduce the administration
costs dramatically. However a Query-based Distribution Group needs more Server resources like CPU power and RAM.
What type of groups would you use when configuring distribution groups in a multiple domain forest?
create a Universal Distribution Group.
What are System Public Folders? Where would you find them?
In Exchange Server 2003, public folders can be used to share information between a group of users. In smaller organizations
where only one Exchange server is typically installed, one public folder instance can exist.
Click Start, All Programs, Microsoft Exchange, and then select Exchange System Manager. Exchange System Manager opens. In
the left pane, expand the Public Folders container. All existing folders in the public folder tree are displayed.
How can you immediately stop PF replication?
right-clicking the Organization name in Exchange System Management and clicking Stop Public Folder Content Replication
What types of PF management tools might you use?
PFDAVADMIN Tool
What are the differences between administrative permissions and client permissions in PF?
How can you configure PF replication from the command prompt in Exchange 2003?
PFMIGRATE allows you to move a bunch of Public Folders from an Exchange Server to an Exchange 2003 Server from the
command line.PFMIGRATE.WSF is a Script, which is located on the Exchange 2003 CD and the Exchange 2003 SP1 under
SUPPORT\EXDEPLOY.
PFMIGRATE requires ONE Exchange 2003 Server in your Enterprise because PFMIGRATE uses specific WMI functions from
Exchange 2003.
The syntax is simple:
To move System Folders
PFMIGRATE.WSF /S:SourceServer /T:DestinationServer /SF /A /N
:100 /F:C:\LOGFILE.LOG
To move Public Folders
PFMIGRATE.WSF /S:SourceServer /T:DestinationServer /A /N:100
/F:C:\LOGFILE.LOG
To remove Public Folders after succesful Replication
PFMIGRATE.WSF /S:SourceServer /T:DestinationServer /D
What are the configuration options in IMF?
First of all, IMF needs to be enabled because it's not by default. To enable, from ESM go to Global Settings and right click on
Message Delivery. Click on the "Intelligence Nessage Filter" tab, and change from "No Action" to "Archive". Also, enable the IMF on
the Virtual SMTP server by right clicking on the default SMTP server and clicking on properties, then Advanced tab, then click on
edit. Now you can check on the "Apply IMF" tab.
There are two options in configuring Intelligence Message Filter (IMF):Gateway Blocking Configuration - this is where the
messages will be blocked at the server, and the users will not even see them. Store Junk E-mail Configuration - this is where the
messages will be delivered to the user's Outlook and stored in their Junk Email folder (Outlook 2003 in cached mode only, or
OWA).
What are virtual servers? When would you use more than one?
Exchange Virtual Server is a clustered Exchange installation. When Exchange is installed on a Windows Server 2003 cluster, it is
configured as an Exchange Virtual Server that can be passed between cluster nodes transparently to Exchange clients.
1. SMTP Virtual Server,
2. HTTP Virtual Server,
3.POP3 Virtual Server,
4. IMAP4 Virtual Server and so on
Name some of the SMTP Virtual Server configuration options.
The following table lists important configuration information that Exchange Server 2003 stores for SMTP virtual servers in Active
Directory.
Important Active Directory attributes for SMTP virtual servers
msExchServerBindings -Specifies the Internet Protocol (IP) port binding for Secure Sockets Layer (SSL) connections.
msExchAuthenticationFlags -Indicates which type of authentication this SMTP virtual server accepts.
msExchMaxIncomingConnections -Specifies the maximum number of inbound connections allowed for this SMTP virtual server.
msExchLogType -Specifies the log formats that this SMTP virtual server uses for protocol logging.
msExchAccessSSLFlags -Identifies the type of encrypted channel that this SMTP virtual server supports.
What is a Mail Relay? Name a few known mail relay software or hardware options.
Often referred to as an e-mail server, a device and/or program that routes an e-mail to the correct destination. Mail relays are
typically used within local networks to transmit e-mails among local users. (For example, all of the student and faculty e-mail of a
college campus.) Mail relays are particularly useful in e- mail aliasing where multiple e-mail addresses are used but the mail relay
forwards all messages to the specified e-mail addresses to one single address.
A mail relay is different than an open relay, where an e-mail server processes a mail message that that neither originates or ends
with a user that is within the server�s local domain (i.e., local IP range).
Mail relay Softwares:
1.NoticeWare Email Server 4.3
2. Flash Mailer 20.
1. How can Active Directory be installed?
Ans. Active Directory can be installed in one of two ways:
1. By using the dcpromo.exe command.

2. By using the Configure the Server administrative tool.
2. How can Active Directory Installation be verified?
Ans. Active Directory installation can be Verify by checking for SRV and A records on the DNS server for the new domain
controller.
3. In Which mode the Active Directory is installed initially?
Ans. Active Directory is initially installed in mixed mode; if you want to change it to native mode, you will have to do it
manually.
4. Does the native mode support NT4 Domain Controller?
Ans. Once converted to native mode, a domain cannot revert to mixed mode to support NT 4 domain controllers.
5. How can Authoritative Restore be performed?
Ans. Authoritative restore can be Perform by booting the computer in Directory Services Repair Mode and running ntdsutil.exe.
. How can new sites be configured in Active Directory?
Ans. New sites are configured through Active Directory Sites and Services. After creating a new site, the following tasks must be
completed:
1. Add appropriate IP subnets to the site.

2. Install or move a domain controller or controllers into the site. Although a domain controller is not required for a site, it is
strongly recommended.
3. Connect the site to other sites with the appropriate site link.
4. Select a server to control and monitor licensing within the site.
5. All site links are bridged by default.
6. Site link bridges can be explicitly defined if a network is not fully routed.
7. How can Inbound Replication be configured?
Ans. Inbound replication can be configured through connection objects.
8. What is KCC and what is its function?

Ans. The KCC (Knowledge Consistency Checker) maintains schedules and settings for default site links and bridges.
Administrator-configured connection objects require manual configuration and maintenance.
9. When Cost is used?
Ans. Cost is used to determine which path to take between sites when multiple links exist.
10. What Information is kept in GC Servers?
Ans. Global Catalog (GC) servers maintain a read- only subset of information in the complete Active Directory database.
11. What is the Procedure of Configuring GC Server?
Ans. To configure a server as a GC server, use Active Directory Sites and Services. Select the desired domain controller, then
right-click on NTDS settings and choose properties. Check the box for Global Catalog.
12. How can Backup of AD System state data be taken?
Ans. The AD system state data backup can be taken by using windows 2000 backup utility.
13. When Authoritative restore is used?
Ans. Authoritative restore is used when you want your restored settings to overwrite existing AD settings on other domain
controllers, such as if an object (OU, user account, and so on) are accidentally deleted from the database.
14. When Non-Authoritative restore is used?
Ans. Non-Authoritative restore is use when you are restoring out-of-date information and want the restored data to be overwritten
by newer data stored in Active Directory on other domain controllers. For example, you would do this if you were recovering a
DC from a failed hard drive and restored the server.
15. What is Kerberos Trust?
Ans. All domains in a tree automatically establish two way trust relationships called Kerberos trusts. Trust relationships between
Windows 2000 domains and NT 4 domains must be configured manually, just as you would configure a trust relationship between
two NT 4 domains.
16. Does the Caching Server store editable copy of database?
Ans. Caching servers do not store an editable copy of the zone database. Active directory integrated zones can reside only on
domain controllers, not member servers or non-Windows 2000 servers of any kind (NT 4, Unix, and so on).
17. What should be checked if a user gets an error message Domain controller cannot be found while logging in?
Ans. If a user who is trying to log on gets an error that a Domain controller cannot be found, check for the presence of SRV
records in the DNS database for domain controllers.
18. What is the function of secure dynamic updates?
Ans. Secure dynamic updates allow only computers and users who have been given permission to update their records into the
DNS database. Secure dynamic update is supported only for Active Directory integrated zones.
19. How DNS Replication is accomplished?
Ans. DNS replication is accomplished through Active Directory replication for AD integrated zones and zone transfer for standard
zones.
20. Why should a reverse lookup zone be configured?

Ans. A reverse lookup zone must be configured in order to perform reverse lookup queries. Installing AD through Configure Your
Server does not create a reverse lookup zone in DNS.
What are the required components of Windows Server 2003 for installing Exchange 2003? - ASP.NET, SMTP,
NNTP, W3SVC
1. What must be done to an AD forest before Exchange can be deployed? - Setup /forestprep
2. What Exchange process is responsible for communication with AD? - DSACCESS
3. What 3 types of domain controller does Exchange access? - Normal Domain Controller, Global Catalog,
Configuration Domain Controller
4. What connector type would you use to connect to the Internet, and what are the two methods of sending
mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route to each address
5. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than
1Gb of memory? - Add /3Gb switch to boot.ini
6. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other
servers. This can be explained by outages or performance issues with the network or remote servers.
7. What would a rise in the Local Delivery queue generally mean? - This indicates a performance issue or
outage on the local server. Reasons could be slowness in consulting AD, slowness in handing messages off to
local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space.
8. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? - SMTP – 25,
POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268
9. Name the process names for the following: System Attendant? – MAD.EXE, Information Store – STORE.EXE,
SMTP/POP/IMAP/OWA – INETINFO.EXE
10. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20
databases. 4 SGs x 5 DBs.
11. What are the disadvantages of circular logging? - In the event of a corrupt database, data can only be
restored to the last backup.
1. Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request, (b) IP offer, ©
IP selection and (d) acknowledgement.
2. I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my
address is 169.254.*.*. What happened? The 169.254.*.* netmask is assigned to Windows machines
running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic
Private Internet Protocol Addressing).
3. We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP
leases off of it. The server must be authorized first with the Active Directory.
4. How can you force the client to give up the dhcp lease if you have access to the client PC? ipconfig /release
5. What authentication options do Windows 2000 Servers have for remote clients? PAP, SPAP, CHAP, MS-
CHAP and EAP.
6. What are the networking protocol options for the Windows clients if for some reason you do not want to
use TCP/IP? NWLink (Novell), NetBEUI, AppleTalk (Apple).
7. What is data link layer in the OSI reference model responsible for? Data link layer is located above the
physical layer, but below the network layer. Taking raw data bits and packaging them into frames. The
network layer will be responsible for addressing the frames, while the physical layer is reponsible for
retrieving and sending raw data bits.
8. What is binding order? The order by which the network protocols are used for client-server
communications. The most frequently used protocols should be at the top.
9. How do cryptography-based keys ensure the validity of data transferred across the network? Each IP
packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends,
the data was modified or corrupted.
10. Should we deploy IPSEC-based security or certificate-based security? They are really two different
technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-
based security ensures the validity of authenticated clients and servers.
11. What is LMHOSTS file? It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP
addresses.
12. What’s the difference between forward lookup and reverse lookup in DNS? Forward lookup is name-to-
address, the reverse lookup is address-to-name.
13. How can you recover a file encrypted using EFS? Use the domain recovery agent.
1. What are types of kernel objects?
Several types of kernel objects, such as access token objects, event objects, file objects, file-mapping
objects, I/O completion port objects, job objects, mailslot objects, mutex objects, pipe objects, process
objects, semaphore objects, thread objects, and waitable timer objects.
2. What is a kernel object?
Each kernel object is simply a memory block allocated by the kernel and is accessible only by the kernel.
This memory block is a data structure whose members maintain information about the object. Some
members (security descriptor, usage count, and so on) are the same across all object types, but most are
specific to a particular object type. For example, a process object has a process ID, a base priority, and an
exit code, whereas a file object has a byte offset, a sharing mode, and an open mode.
3. User can access these kernel objects structures?
Kernel object data structures are accessible only by the kernel
1. What is Active Directory schema?

2. What are the domain functional level in Windows Server 2003?
3. What are the forest functional level in Windows Server 2003?
4. What is global catalog server?
5. How we can raise domain functional & forest functional level in Windows Server 2003?
6. Which is the deafult protocol used in directory services?
7. What is IPv6?
8. What is the default domain functional level in Windows Server 2003?
9. What are the physical & logical components of ADS
10. In which domain functional level, we can rename domain name?
11. What is multimaster replication?
12. What is a site?
13. Which is the command used to remove active directory from a domain controler?
14. How we can create console, which contain schema?
15. What is trust?
16. What is the file that’s responsible for keep all Active Directory database?
17. What is a default gateway? - The exit-point from one network and entry-way into another network, often
the router of the network.
18. How do you set a default route on an IOS Cisco router? - ip route 0.0.0.0 0.0.0.0 x.x.x.x [where x.x.x.x
represents the destination address]
19. What is the difference between a domain local group and a global group? - Domain local groups grant
permissions to objects within the domain in which the reside. Global groups contain grant permissions tree
or forest wide for any objects within the Active Directory.
20. What is LDAP used for? - LDAP is a set of protocol used for providing access to information directories.
21. What tool have you used to create and analyze packet captures? - Network Monitor in Win2K / Win2K3,
Ethereal in Linux, OptiView Series II (by Fluke Networks).
22. How does HSRP work?
23. What is the significance of the IP address 255.255.255.255? - The limited broadcast address is utilized when
an IP node must perform a one-to-everyone delivery on the local network but the network ID is unknown.
24. What is DHCP? How we configure DHCP?
25. What are the ways to configure DNS & Zones?
26. What are the types of backup? Explain each?
27. What are Levels of RAID 0, 1, 5? Which one is better & why?
30. Disaster Recovery Plan?
33. Logical Diagram of Active Directory? What is the difference between child domain & additional domain
server?
36. Distribution List?
37. GAL, Routing Group, Stm files, Eseutil & ininteg - what are they used for?
38. What is MIME & MAPI?
41. What is Active Directory schema?
42. What are the domain functional level in Windows Server 2003?
43. What are the forest functional level in Windows Server 2003?
44. What is global catalog server?
45. How we can raise domain functional & forest functional level in Windows Server 2003?
46. Which is the deafult protocol used in directory services?
47. What is IPv6?
48. What is the default domain functional level in Windows Server 2003?
49. What are the physical & logical components of ADS
50. In which domain functional level, we can rename domain name?
51. What is multimaster replication?
52. What is a site?
53. Which is the command used to remove active directory from a domain controler?
54. How we can create console, which contain schema?
55. What is trust?
56. What is the file that’s responsible for keep all Active Directory database?
57. Distribution List?
A distribution list, also known as a mailing list, is a collection of email addresses that allows you to email multiple people at
one time. A distribution list can contain a few addresses, or many.
GAL = Global Address Book (Address book used by users for Email addresses)
Routing Group = A group setup within Exchange to connect to another mailserver
ESEUTIL = is the utilities used to managed the information store.
What is MIME & MAPI?
MIME = Multipurpose Internet Mail Extensions
It defines non-ASCII message formats.
MAPI = Messaging Application Programming Interface
It's the programming interface for email.
List the services of Exchange Server 2000?
60. What is a level 0 backup?
61. What is an incremental backup?
62. What steps are required to perform a bare-metal recovery?
63. Name key files or directories on a UNIX system that should always be backed up.
64. Name key files or directories on a Windows system that should always be backed up.
65. What is RAID 0?
66. What is RAID 0+1? Why is it better than 0?
67. What is RAID-5?
68. Why would you NOT want to encapsulate a root directory with Veritas?
69. What is concatenation?
70. What is striping?
71. What is a spindle?
72. What are the ways to configure DNS & Zones?

73. What are the types of backup? Explain each?
74. What are Levels of RAID 0, 1, 5? Which one is better & why?
77. Disaster Recovery Plan?
80. Logical Diagram of Active Directory? What is the difference between child domain & additional domain server?
84. What is MIME & MAPI?
86. How would you recover Exchange server when the log file is corrupted
87. Group Policies - how to apply and order in which they apply.
88. Global catalog servers - how many is a specific two plus site implementation
89. Describe different zones and a scenario in which you would use them
90. What is the system state?
91. What is a Global Catalog server?
92. What is an OU?
93. What Ms tools (standard) are used to troubleshoot AD issues?
94. What tools from the Support kit and resource kit can aid troubleshooting?
95. What the standard mistakes made when setting up Ms products?
96. What do you have to do to secure a Exchange server from being a relay?
97. When a full backup runs what does it do to the log files?
98. What the basic steps to recovering a Lost Exchange/DC server?
99. How do you build redudancy in to DNS?
100.How can you secure AD DNS?
101.What are the different Exchange 2003 versions?
102.What's the main differences between Exchange 5.5 and Exchange 2000/2003?
103.What are the major network infrastructure for installing Exchange 2003?
104.What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.
105.What are the disk considerations when installing Exchange (RAID types, locations and so on).
106.You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install
107.Why not install Exchange on the same machine as a DC?
108.Are there any other installation considerations?
109.How would you prepare the AD Schema in advance before installing Exchange?
110.What type or permissions do you need in order to install the first Exchange server in a forest? In a domain?
111.How would you verify that the schema was in fact updated?
112.What type of memory optimization changes could you do for Exchange 2003?
113.How would you check your Exchange configuration settings to see if they're right?
114. What are the Exchange management tools? How and where can you install them?
115. What types of permissions are configurable for Exchange?
116.How can you grant access for an administrator to access all mailboxes on a specific server?
117.What is the Send As permission?
118.What other management tools are used to manage and control Exchange 2003? Name the tools you'd use.
119.What are Exchange Recipient types? Name 5.
120.You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?
121.You wanted to change mailbox access permissions for a mailbox, yet you see the SELF permission alone on the
permissions list. Why?
122.What are Query Based Distribution groups?
123.What type of groups would you use when configuring distribution groups in a multiple domain forest?
124.Name a few configuration options for Exchange recipients.
125.What's the difference between Exchange 2003 Std. and Ent. editions when related to storage options and size?
126.Name a few configuration options related to mailbox stores.
127.What are System Public Folders? Where would you find them?
128.How would you plan and configure Public Folder redundancy?
129.How can you immediately stop PF replication?
130.How can you prevent PF referral across slow WAN links?
131.What types of PF management tools might you use?
132.What are the differences between administrative permissions and client permissions in PF?
133.How can you configure PF replication from the command prompt in Exchange 2003?
134.What are the message hygiene options you can use natively in Exchange 2003?
135.What are the configuration options in IMF?
136.What are virtual servers? When would you use more than one?
137.Name some of the SMTP Virtual Server configuration options.
138.What is a Mail Relay? Name a few known mail relay software or hardware options.
139.What is a Smart Host? Where would you configure it?
140.What are Routing Groups? When would you use them?
141.What are the types of Connectors you can use in Exchange?
142.What is the cost option in Exchange connectors?
143.What is the Link State Table? How would you view it?
144.How would you configure mail transfer security between 2 routing groups?
145.What is the Routing Group Master? Who holds that role?
146.Explain the configuration steps required to allow Exchange 2003 to send and receive email from the Internet (consider a
one-site multiple server scenario).
147.What is DS2MB?
148.What is Forms Based Authentication?
149.How would you configure OWA's settings on an Exchange server?
150.What is DSACCESS?
151.What are Recipient Policies?
152.How would you work with multiple recipient policies?
153.What is the "issue" with trying to remove email addresses added by recipient policies? How would you fix that?
154.What is the RUS?
155.When would you need to manually create additional RUS?
156.What are Address Lists?
157.How would you modify the filter properties of one of the default address lists?
158.How can you create multiple GALs and allow the users to only see the one related to them?
159.What is a Front End server? In what scenarios would you use one?
160.What type of authentication is used on the front end servers?
161.When would you use NLB?
162.How would you achieve incoming mail redundancy?
163.What are the 4 types of Exchange backups?
164.What is the Dial-Tone server scenario?
165.When would you use offline backup?
166.How do you re-install Exchange on a server that has crashed but with AD intact?
167.What is the dumpster?
168.What are the e00xxxxx.log files?
169.What is the e00.chk file?
170.What is circular logging? When would you use it?
171.What's the difference between online and offline defrag?
172.How would you know if it is time to perform an offline defrag of your Exchange stores?
173.How would you plan for, and perform the offline defrag?
174.What is the eseutil command?
175.What is the isinteg command?
176.How would you monitor Exchange's services and performance? Name 2 or 3 options.
177.Name all the client connection options in Exchange 2003.
178.What is Direct Push? What are the requirements to run it?
179.How would you remote wipe a PPC?
180.What are the issues with connecting Outlook from a remote computer to your mailbox?
181.How would you solve those issues? Name 2 or 3 methods
182.What is RPC over HTTP? What are the requirements to run it?
183.What is Cached Mode in OL2003/2007?
184.What are the benefits and "issues" when using cached mode? How would you tackle those issues?
185.What is S/MIME? What are the usage scenarios for S/MIME?
186.What are the IPSec usage scenarios for Exchange 2003?
187.How do you enable SSL on OWA?
188.What are the considerations for obtaining a digital certificate for SSL on Exchange?
189.Name a few 3rd-party CAs.
190.What do you need to consider when using a client-type AV software on an Exchange server?
191.What are the different clustering options in Exchange 2003? Which one would you choose and why.
192. Global catalog servers - how many is a specific two plus site implementation
193.Describe different zones and a scenario in which you would use them
194.What is the system state?
195.What is a Global Catalog server?
196.What is an OU?
197.What Ms tools (standard) are used to troubleshoot AD issues?
198.What tools from the Support kit and resource kit can aid troubleshooting?
199.What the standard mistakes made when setting up Ms products?
200.What do you have to do to secure a Exchange server from being a relay?
201.When a full backup runs what does it do to the log files?
202.What the basic steps to recovering a Lost Exchange/DC server?
203.How do you build redudancy in to DNS?
204.How can you secure AD DNS?
205.Disaster Recovery Plan?
206.What is DHCP? How we configure DHCP?
207.What are the ways to configure DNS & Zones?
208.What are the types of backup? Explain each?
209.What are Levels of RAID 0, 1, 5? Which one is better & why?
210.What are FMSO Roles? List them.
211.Describe the lease process of the DHCP server.
212.Disaster Recovery Plan?
213.What is scope & super scope?
214.Differences between Win 2000 Server & Advanced Server?
215.Logical Diagram of Active Directory? What is the difference between child domain & additional domain server?
216.FTP, NNTP, SMTP, KERBEROS, DNS, DHCP, POP3 port numbers?
217.What is Kerberos? Which version is currently used by Windows? How does Kerberos work?
218.Tell me a bit about the capabilities of Exchange Server.
219.What are the different Exchange 2003 versions?
220.What’s the main differences between Exchange 5.5 and Exchange 2000/2003? Group Policies - how to apply and order in
which they apply.Tell me a bit about the capabilities of Exchange Server.
one-site multiple server scenario).
229.What is DS2MB?
231.How would you configure OWA's settings on an Exchange server?
235.What is the "issue" with trying to remove email addresses added by recipient policies? How would you fix that?

253.What's the difference between online and offline defrag?
258.How would you monitor Exchange's services and performance? Name 2 or 3 options.
266.What are the benefits and "issues" when using cached mode? How would you tackle those issues?
274.What is latest service pack for exchange 2003?
275.Can exchange 2003 be installed on a Domain Controller, is it recommended explain why you would or would not do this.
276.Why exchange needs transaction logs?
277.how many SG (storage Group) up to Exchange support (I am expecting to be asked what version here)
278.How Many MS (Mail Stores) in each SG?
279.What is the size of Transaction logs?
280.Is it possible to rename an Exchange server?
281.What is a Query base distribution Group?
282.What utility you would use the repair Exchange database (If a database is in a "Dirty Shutdown" state)
283.Name of the Default Exchange databases
284.If client is telling you they are receiving, Outlook is retrieving data from exchange server" how can you trouble shoot the
issue
285.What port SMTP protocol use
286.What is RFC for SMTP ( this is just for shake up)

287.What are the major network infrastructure for installing Exchange 2003?
288.What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.
289.What are the disk considerations when installing Exchange (RAID types, locations and so on).
290.You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install
291.Why not install Exchange on the same machine as a DC?Are there any other installation considerations?
292.How would you prepare the AD Schema in advance before installing Exchange?
293.What type or permissions do you need in order to install the first Exchange server in a forest? In a domain?
294.How would you verify that the schema was in fact updated?
295.What type of memory optimization changes could you do for Exchange 2003?
296.How would you check your Exchange configuration settings to see if they’re right?
297.What are the Exchange management tools? How and where can you install them?
298.What types of permissions are configurable for Exchange?
299.How can you grant access for an administrator to access all mailboxes on a specific server?
300.What is the Send As permission?
301.What other management tools are used to manage and control Exchange 2003? Name the tools you’d use.
302.What are Exchange Recipient types? Name 5.
303.You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?
304.You wanted to change mailbox access permissions for a mailbox, yet you see the SELF permission alone on the
permissions list. Why?
305.What are Query Based Distribution groups?
306.What type of groups would you use when configuring distribution groups in a multiple domain forest?
307.Name a few configuration options for Exchange recipients.
308.What’s the difference between Exchange 2003 Std. and Ent. editions when related to storage options and size?
309.Name a few configuration options related to mailbox stores.
310.What are System Public Folders? Where would you find them?
311.How would you plan and configure Public Folder redundancy?
312.How can you immediately stop PF replication?
313.How can you prevent PF referral across slow WAN links?
314.What types of PF management tools might you use?
315.What are the differences between administrative permissions and client permissions in PF?
316.How can you configure PF replication from the command prompt in Exchange 2003?
317.What are the message hygiene options you can use natively in Exchange 2003?
318.What are the configuration options in IMF?
319.What are virtual servers? When would you use more than one?
320.Name some of the SMTP Virtual Server configuration options.
321.What is a Mail Relay? Name a few known mail relay software or hardware options.
330.one-site multiple server scenario).
331.What is DS2MB?
333.How would you configure OWA’s settings on an Exchange server?
337.What is the “issue” with trying to remove email addresses added by recipient policies? How would you fix that?
355.What’s the difference between online and offline defrag?
360.How would you monitor Exchange’s services and performance? Name 2 or 3 options.
368.What are the benefits and “issues” when using cached mode? How would you tackle those issues?

376.List the services of Exchange Server 2000?
377.How would you recover Exchange server when the log file is corrupted?
378.What is latest service pack Exchange 2003?
379.What is latest service pack Exchange 2000?
380.What is the name of Exchange Databases?
381.How many databases in Standard Exchange version
382.How many databases in Enterprise Exchange version
383.What is Storage Group?
384.What is mail store?
385.Explain Exchange transaction logs
386.What is default size for Transaction logs?
387.Why exchange is using transaction logs? Why not to write to data directly to the Exchange database?
388.How exchange database gets defragmented?
389.What is white space, and how can it be reclaimed?
390.What time online maintenance runs by default in Exchange?
391.What event log exchange logs after online defragmentation

Interview Questions-2003

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Interview Questions-2003

Uploaded by

Copyright:

Available Formats

Windows Server 2003 Active Directory and Security questions

What are the ways to configure DNS & Zones?

Domain Name System

What are the types of backup? Explain each?

Backup Type Description Pros Cons

What are Levels of RAID 0, 1, 5? Which one is better & why?

Below is an overview of the most popular levels:

RAID 3 is not that common in prepress.

 Disk failures have an effect on throughput, although this is still acceptable.

RAID 10: a mix of RAID 0 & RAID 1

4. What are FMSO Roles? List them.

Purpose of FSMO is to avoide conflicts, below are exact roles it perform:

1. Schma Master Role

5. Describe the lease process of the DHCP server.

DHCP Server leases the IP addresses to the clients as follows:

7. What is scope & super scope?

Superscope configurations for multinets

Example 1: Non-routed DHCP server (before superscope)

Example 2: Superscope for non-routed DHCP server supporting local multinets

8. Differences between Win 2000 Server & Advanced Server?

Logical diagram contain -

difference between Child domain controlloer and Additional

Additional domain controller is the exact copy of the root

MICROSOFT EXCHANGE SERVER INTERVIEW QUESTIONS

1. List the services of Exchange Server 2000?

Installing Exchange Using the Disaster Recovery Switch

3. How can Active Directory be installed?

Ans. Active Directory can be installed in one of two ways:

1. By using the dcpromo.exe command.

4. How can Active Directory Installation be verified?

6. Does the native mode support NT4 Domain Controller?

7. How can Authoritative Restore be performed?

1. Add appropriate IP subnets to the site.

10. How can Inbound Replication be configured?

Ans. Inbound replication can be configured through connection objects.

11. What is KCC and what is its function?

12. When Cost is used?

13. What Information is kept in GC Servers?

14. What is the Procedure of Configuring GC Server?

15. How can Backup of AD System state data be taken?

16. When Authoritative restore is used?

17. When Non-Authoritative restore is used?

18. What is Kerberos Trust?

19. Does the Caching Server store editable copy of database?

21. What is the function of secure dynamic updates?

22. How DNS Replication is accomplished?

23. Why should a reverse lookup zone be configured?

What must be done to an AD forest before Exchange can be deployed?

ASP.NET, SMTP, NNTP, W3SVC

What Exchange process is responsible for communication with AD?

What 3 types of domain controller does Exchange access?

Normal Domain Controller, Global Catalog, Configuration Domain Controller

Add /3Gb switch to boot.ini

Name the process names for the following: System Attendant?

20 databases. 4 SGs x 5 DBs.

What is the use of NNTP with exchange?

This protocol is used the news group in exchange.

What is DHCP? How we configure DHCP?

network. (Next Doc)

What are the ways to configure DNS & Zones?

Next. Then click Finish to complete the Server Configuration Wizard.

What are the types of backup? Explain each?

FULL, Incremental and Differential.

Full backup is as it says, it�s a full backup of available data.