server
1)What is Active
Directory?
·
Active
Directory is a centralized
database that keeps track of all the user accounts and passwords in your
organization.
·
Active
Directory is subdivided into one or more domains.
Such as PDC,ADC,Child Domain, Tree root Domain and RODC.
2) What is DNS? Why it is used? What is
"forward lookup" and "reverse lookup" in DNS?
DNS is
domain naming service and is used for resolving names to IP address and IP
addresses to names. The computer understands only numbers while we can easily
remember names. So to make it easier for us what we do is we assign names to
computers and websites. When we use these names (Like yahoo.com) the computer
uses DNS to convert to IP address (number) and it executes our request.
Types
of Zones in DNS :
Forward lookup: Converting
names to IP address is called forward lookup.
Reverse lookup: Resolving IP address to names is called reverse lookup.
Reverse lookup: Resolving IP address to names is called reverse lookup.
3) What id DHCP? Why it is used? What are scopes and super scopes?
DHCP:
Dynamic
host configuration protocol. Its used to allocate IP addresses to large number
of PCs in a network environment. This makes the IP management very easy.
DHCP operations fall into four basic phases. These phases
are IP lease request, IP lease offer, IP lease selection, and IP lease
acknowledgement
DHCP- discovery
DHCP -offers
DHCP - Requests
DHCP - Acknowledgment
4) What is a DOMAIN? What is the difference between a
domain and a workgroup?
Domain is created when we install Active Directory. It's a
security boundary which is used to manage computers inside the boundary. Domain
can be used to centrally administor computers and we can govern them using
common policies called group policies.
We can't do the same with workgroup.
We can't do the same with workgroup.
5)What is the function of a domain controller?
The function of a
domain controller is to authenticate users , computers and other network
resources in a domain.
6)Differentiate between forward lookup and reverse lookup in DNS?
Forward
lookup convert: Host name to IP address.
Reverse
lookup convert: IP address to Host name
7) What is the difference between tree and
forest?
Forest: Collection of Trees
Tree: Collection of Domains
Domain : Collection of clients
controlled by server
Multiple
domain models create logical structures called trees, when they share contiguous
DNS names. For example, contoso.com, us.contoso.com, andeurope.contoso.com
share contiguous DNS namespaces and would together be considered a tree.
An
Active Directory that consists of multiple trees is naturally called a
forest.
8) Write Hierarchy of ADS?
·
Forest
·
Tree
·
Domain |
·
Organizational
Unit [OU]
·
Group
·
User
9. What is global catalog?
When you installing a new
domain in the forest it is called as global catalog. It will have all the
information object of entire forest
9) If Account lockout or password reset has been done, what is
the replication time between domain
controllers?
Ans: Immediately
10) What is difference between Server 2003 vs.
2008?
2008 is
combination of vista and windows 2003r2. Some new services are introduced in it.
- Hyper-Virtualization(Hyper-V)
- RODC
(Read Only Domain Controller)
- WDS
(windows deployment services) instead of RIS in 2003 server
- Power
Shell (Ver2.0)
- Bit
locker
- IIS
updated version(IIS Ver7.5,2003 –ver.6.0, 2008 ver.7.0)
- Role
based Installation
- New
power-saving features been introduced in windows server 2008. Advanced Configuration and Power
Interface (ACPI) ,processor power management (PPM) features
- shadow
copy for each and every folders
- Windows server 2008 Installation is
faster because it’s 32 bit where as 2003 it is 16 bit
System
Administrator Question & Answers
1. What
is IP address?
IP address is an identifier
for a Computer or Device.
Class A
IP Address 1 – 126, Class B IP Address 128 – 191, Class C IP Address 192 –223.
And 127.0.0.1 is Loop back IP address. It will check the System Connectivity.
Each machine connected to the Internet has an address known as an Internet
Protocol address (IP address). The IP address takes the form of four numbers
separated by dots, for example: 192.168.0.1
You want to see System IP
address goes to
Start- Run- Type cmd – type ipconfig /all
You want
to confirm any system connected in the system network type ping 192.168.0.1
(192.168.0.1 this system IP address)
2. What
is subnet mask?
Subnet mask is used for
identify the Network.
Example:
For a class A address, a
standard subnet mask is 255.0.0.0,
For a class B address, a
standard subnet mask is 255.255.0.0,
For a class C address, a
standard subnet mask is 255.255.255.0,
3. What
is DNS?
Domain Naming Service. It‘ll Resolve IP Address to Hostname (FQDN)
and Hostname to IP address. In DNS there are two Zones.
1. Forward Lookup Zone
2. Reverse Lookup Zone.
FQDN – Fully Qualified Domain Name
4. What
is WINS?
Windows Internet Naming
Service. It is used to resolve
NetBIOS name to IP address & Vice versa. Short for Windows Internet Naming Service, a system
that determines the IP address
associated with a particular network computer. This is called name resolution. WINS supports
network client and server computers running Windows and can
provide name resolution for other computers with special arrangements.
Determining the IP address for a computer is a complex process when DHCP servers assign IP addresses dynamically. For example, it is possible for
DHCP to assign a different IP address to a client each time the machine logs on
to the network.
WINS
uses a distributed database that is automatically updated with the names of
computers currently available and the IP address assigned to each one.
DNS is an alternative system for name
resolution suitable for network computers with fixed IP addresses.
5. What
is DHCP?
Dynamic Host Configuration
Protocol. It is used to Assign IP
address automatically to the Client Machine.
DHCP is a protocol used by
networked computers (clients) to obtain IP addresses and other
parameters such as the default gateway, subnet mask, and IP addresses of DNS servers from a DHCP server. It facilitates access to a
network because these settings would otherwise have to be made manually for the
client to participate in the network.
DHCP operations fall into four basic phases.
These phases are IP lease request, IP lease offer, IP lease selection, and IP
lease acknowledgement
DHCP discovery
DHCP offers
DHCP requests
DHCP acknowledgement
What
protocol and port does DHCP use?
DHCP,
like BOOTP runs over UDP, utilizing ports 67 and 68.
DNS Root
Hints in Windows 2003
Root Hints are a
vital cog in configuring your DNS Server. If your server receives a query
for an unknown domain, then the root hints give a clue as to where to search
for the answer. Maybe you were lucky and the root hints magically
configured themselves correctly. Perhaps it was a triumph for planning
that you examined the root hints as soon as you ran DCPROMO. However, in
my opinion you cannot be a successful DNS troubleshooter without understanding
root hints.
DHCP in
Windows Server 2003
D ynamic -
Means that clients IP address may change
H ost
- Indicates that this is a system for clients, e.g. XP machines
C onfiguration - A clue that you are in charge of
the options, e.g. DNS Server
P rotocol - The
rules controlling the flow of packets between client and server
Lease is a good
name for a DHCP IP property. Take for example the 8 day default
lease; if the client is shutdown for 2 days, when it restarts it will
continue to have the same IP address. Halfway through their lease clients
attempt to renew their lease. IPCONFIG /all will show you the lease,
while /renew will do what it says, top up the lease.
Only reduce the
duration if you are short of IP addresses. For example, if you only have
250 IP addresses but 300 possible clients. It also makes sense to set
short leases if you are likely to discontinue a scope in the near future.
Here is a table
summarising how a DHCP service results in clients getting an IP address.
If you are interested in seeing these packets, use Network monitor to capture
DHCP in action. Here are the classic 4 packets that clients exchange
during a lease negotiation.
|
Client
|
Server
|
|
DHCPDiscover -->
|
<--- DHCPOffer
|
|
DHCPRequest -->
|
<--- DHCPack
|
|
|
|
|
DHCPInform Server check that it is Authorized in
Active Directory
|
|
Note 1: DHCPRequest may seem strange, but it comes into play if there are
two DHCP servers and both make an offer to a potential client.
Note 2: DHCPack. Once in a blue moon you see DHCPNack this is a
negative acknowledgement which mean, ' I do no know you'. The most likely
cause of Nack is the client is trying to renew an IP address from the wrong
DHCP server.
Take the time to
investigate Scope Options, this the most likely place that I will win my bet
that you will find a new setting which will improve your network
performance. These options can be set at the Scope Level, Server Level,
Reservation Level or at the Class Level (Tricky). So find all four places
and make up your mind which would be the best level for your network.
Examples of DHCP Scope Options:
Classes (Advanced Tab)
Reserving IP
addresses is useful in two situations, for file and print servers and for
important machines where leases are in short supply. How does DHCP know
which machine to lease a particular IP? The answer is by its MAC address
(also called NIC or Physical address). In Windows 2003 when you enter the
MAC address DHCP strips out the hyphens if you absentmindedly include them
amongst the HEX numbers. To find the MAC address ping the machine then
type arp -a.
Remember that you
can set DHCP Options for the reservations; after all that may have been the
very reason why you decided to make reservations in the first place.
In a Windows
Server 2003 (or 2000) domain all DHCP servers need to be authorized in Active
Directory. This is an example of Microsoft's new security initiative, and
an attempt to eliminate rogue DHCP servers set up junior administrators in a
large company. So, you need to logon (or RunAs) a member of the
Enterprise Admins group. Then right click the DHCP server icon, and
authorize.
Incidentally, The RIS service also
needs to be authorized before it becomes active.
Even after you authorize a server, each scope must be
activated individually. So, right click the scope to activate (or
deactivate). Keep your eye on the red or green arrows to judge your
success. Note you may have to refresh from the server icon, often
pressing F5 is not enough.
6. What
is Relay Agent?
If we
want to assign IP address automatically to other subnets then we need to
require relay agent. DHCP server always uses broadcast traffic to assign IP
address for the clients. But Router does not forward broadcast Packets. Router
only broadcast unicast packets. To overcome this problem across subnets we are
using DHCP Relay agent.
7. What
is Clustering?
Clustering
means it is a group of two or more server running same application and fault
tolerance it is called Clustering.
Windows
2000 Advanced server support and Data center server support 8 Nodes.
Windows
2003 enterprise edition and Datacenter server support 4 Nodes.
But,
Windows 2000 server and 2003 Standard Edition Not support for Clustering.
8. What
is Transferring and Seizing?
Transferring: If your Domain Computer wants to Shutdown for
a while, you can transfer roles to another domain controller.
Seizing: If your
Computer wants to Shutdown Permanently then you can seize your Roles from your
Computer to another Computer by using Ntdsutil.
9. What
is Device manager?
The
Device Manager is a tool included with Microsoft Windows operating systems that
allows the user to display and control the hardware attached to the computer.
When a piece of hardware is not working, the offending hardware is highlighted
where the user can deal with it.
10.
Definition of CMOS? (Complementary Metal oxide Semiconductor)
A part of the motherboard that maintains system variables in
static RAM. It also supplies a real-time clock that keeps track of the date,
day and time. CMOS Setup is typically accessible by entering a specific
sequence of keystrokes during the POST at system start-up.
11. FSMO (Flexible Single Master Operation) Roles?
- Schema Master: It will Contain all the object
Attributes, Nothing but user Properties.
- Domain naming Master: If we are adding any server
or Removing any server from the Domain. This will contain all the
information.
- PDC Emulator: Any password changes by
other Domain it will be updated to PDC Emulator, It will work in mixed
mode, where NT B dc domain is there.
- RID Master: It will give SID ( Security Identify) to any objects created in that
Domain.
- Infrastructure Master: It will have the group
information for that Domain.
12. Volume types?
1) Simple volume,
2) Stripped
volume
3) Spanned Volume
4) Mirrored
Volume (Raid 1)
5) Raid 5 Volume.
Raid 1 (Mirrored Volume)
Mirrored volumes are created using two
physical disks. A mirrored volume required same amount of unallocated space on
each physical disk is used. When the data is written to a mirrored volume the
data is written to a disk and then synchronized on the second disk an exact
copy of the data is available on both physical disks.
Raid 5
Raid 5 volume provides fault
tolerance and performance. But write operation is slower than stripped volume.
Here we need 3 hard disk. Here it is a distributed data, data and
parity. If data loss we can get information from parity
13. FAT file system want to convert in
to NTFS file system which command?
Convert E: /FS:
NTFS
14.
What is NAT?
Network Address Translator. Network devices that are assigned
private IP address cannot access Internet site directly therefore traffic must
be routed through a net device called NAT.
Here we have to
assign Private IP address and a Public IP address
15. What is ADS?
Ads is the
Active directory service It will store all the information database in the centralized location and allow the
users to access the resources from the network.
In windows Ntds.dit
database
IN Win NT SAM
database
Active Directory is an implementation of LDAP directory services by Microsoft for use in Windows environments. Active
Directory allows administrators to assign enterprise-wide policies, deploy
programs to many computers, and apply critical updates to an entire
organization. An Active Directory stores information and settings relating to
an organization in a central, organized, accessible database. Active Directory
networks can vary from a small installation with a few hundred objects, to a
large installation with millions of objects.
Active Directory is a directory service used to store information
about the network resources across a domain.
An Active Directory (AD) structure is a
hierarchical framework of objects. The objects fall into three broad categories
— resources (e.g. printers), services (e.g. e-mail), and users (accounts, or
users and groups). The AD provides information on the objects, organizes the
objects, controls access, and sets security.
Each object represents a single entity —
whether a user, a computer, a printer, an application, or a shared data
source—and its attributes. Objects can also be containers of other objects. An
object is uniquely identified by its name and has a set of attributes—the characteristics and information that
the object can contain—defined by a schema, which also determines
the kind of objects that can be stored in the AD.
Each attribute object can be used in several
different schema class objects. These schema objects exist to allow the schema
to be extended or modified when necessary. However, because each schema object
is integral to the definition of AD objects, deactivating or changing these objects
can have serious consequences
because it will fundamentally change the structure of AD itself. A schema
object, when altered, will automatically propagate through Active Directory and
once it is created it can only be deactivated — not deleted. Changing the
schema usually requires a fair amount of planning
Active directory Logical Unit => Schema, Domain Tree
Active Directory Physical Unit => OU, Site, Objects
Schema
- conceptual
schema, a
map of concepts and their relationships
- logical schema, a map of entities and their attributes
and relations
- physical schema, a particular implementation of
a logical schema
Flexible
single master operation:
Forest-wide FSMO Roles:
- Schema Master
that manages modifications to the AD schema
and its replication to other Domain controllers.
- Domain Naming Master
that manages adding, and some modification operations for domains.
Domain-wide FSMO Roles:
- Relative ID Master
that allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer
objects). It also manages objects moving between domains.
- Infrastructure Master that maintains
security identifiers, GUIDs, and DNs for objects referenced across
domains. Most commonly it updates user and group links.
- PDC Emulator that emulates a Windows NT Primary
Domain Controller
(PDC). It is also the favored DC for other DCs in replicating and confirming
password information, and is the authoritative source of time in the
domain.
Lightweight Directory
Access Protocol (LDAP)
In computer networking, the Lightweight
Directory Access Protocol, or LDAP (It is a networking
protocol for querying and modifying directory services running over TCP/IP.
A
directory is a set of information with similar attributes organized in a
logical and hierarchical manner. The most common example is the telephone
directory, which consists of a series of names (either of a person or
organization) organized alphabetically, with an address and phone number
attached.
A client
starts an LDAP session by connecting to an LDAP server, by default on TCP port 389.
The client then sends operation requests to the server, and the server sends
responses in turn. With some exceptions the client need not wait for a response
before sending the next request, and the server may send the
responses in any order.
The basic operations are:
- Start TLS - optionally protect the
connection with Transport Layer Security (TLS), to have a more secure connection
- Bind
- authenticate and specify LDAP protocol version
- Search
- search for and/or retrieve directory entries
- Compare
- test if a named entry contains a given attribute value
- Add
a new entry
- Delete
an entry
- Modify
an entry
- Modify
DN - move or rename an entry
- Abandon
- abort a previous request
- Extended
Operation - generic operation used to define other operations
- Unbind
- close the connection (not the inverse of Bind)
FSMO
PARTITION
Application partition
Schema Partition
Configuration
Partition
17. What's the difference between Windows 2000 and
Windows XP?
Windows 2000 and Windows XP are essentially the same operating
system (known internally as Windows NT 5.0 and Windows NT 5.1, respectively.)
Here are some considerations if you're trying to decide which version to use:
Windows 2000 benefits
- Windows 2000 has lower system
requirements, and has a simpler interface (no "Styles" to mess
with).
- Windows 2000 is slightly less expensive, and has no product
activation.
- Windows 2000 has been out for a while, and
most of the common problems and security holes have been uncovered and
fixed.
- Third-party software and hardware products
that aren't yet XP-compatible may be compatible with Windows 2000; check
the manufacturers of your devices and applications for XP support before
you upgrade.
Windows XP benefits
- Windows XP is somewhat faster than Windows 2000, assuming
you have a fast processor and tons of memory (although it will run fine
with a 300 Mhz Pentium II and 128MB of RAM).
- The new Windows XP interface is more
cheerful and colorful than earlier versions, although the less-cartoon
"Classic" interface can still be used if desired.
- Windows XP has more bells and whistles,
such as the Windows Movie Maker, built-in CD writer support, the Internet Connection Firewall, and Remote Desktop Connection.
- Windows XP has better support for games
and comes with more games than Windows 2000.
- Windows XP is the latest OS - if you don't
upgrade now, you'll probably end up migrating to XP eventually anyway, and
we mere mortals can only take so many OS upgrades.
- Manufacturers of existing hardware and software
products are more likely to add Windows XP compatibility now than
Windows 2000 compatibility.
18. Difference bet domain and workgroup.
Domains
Domains are collections of computers grouped for management purposes; they share a group name. Domains let users’ access resources using a single logon. Administrators don’t have to create multiple user accounts for a single user to give that user access to all domain resources.
Domains are collections of computers grouped for management purposes; they share a group name. Domains let users’ access resources using a single logon. Administrators don’t have to create multiple user accounts for a single user to give that user access to all domain resources.
From a security
perspective, a domain is a set or collection of computers that share a
common security database and a common security policy. NT domains advance the
concepts seen in LAN Manager for UNIX and LAN Server domains. Each domain has a
unique domain name.
Workgroups
The terms workgroup and domain are used extensively in Microsoft networking and refer to the management mechanisms available to network members. Workgroups imply decentralized management, whereas domains imply centralized control.
The terms workgroup and domain are used extensively in Microsoft networking and refer to the management mechanisms available to network members. Workgroups imply decentralized management, whereas domains imply centralized control.
Workgroups are
collections of computers grouped just for viewing purposes; each computer user
is responsible for managing its security functions. A workgroup can consist of
NT Workstations, NT Servers, UNIX computers running Server Message Block (SMB)
services, and others. They communicate using a common set of networking
protocols at all seven layers of the OSI model
19.
Difference between NT4.0 & windows 2000
·
File system difference (NTFS,
FAT, FAT32)
·
In winnt
server concept pdc and bdc but there is no concept in 2000.
·
In winnt server sam database
r/w format in pdc and read only format in bdc ,but in 2000 domain and every
domain controller sam database read/writer format .
2000 server can any time any moment become server or member of server simple add/remove dcpromo. But in winnt you have to reinstall operating system.
2000 server can any time any moment become server or member of server simple add/remove dcpromo. But in winnt you have to reinstall operating system.
- Even though Windows 2000 is built on the
Windows NT architecture, Microsoft has added many new features (Plug and
Play, USB support, Recovery Console, IntelliMirror, Group Policy, Active
Directory, integration of IIS and Terminal Services)
20. What is Boot.ini?
The "boot.ini" is a Microsoft
initialization file found on the Microsoft Windows NT Microsoft Windows 2000,
and Microsoft Windows XP operating systems. This file is always located on the root
directory of the primary hard disk drive. In other words, it is located at
"C:\" directory or the "C Drive". This file is used by
Microsoft Windows as a method of displaying a menu of operating systems
currently on the computer and allowing the user to easily select which
operating system to load. In addition, this file is also used to point to the
locations of each of the operating systems.
Basic
example of the boot.ini file:
[boot
loader]
timeout=5
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
timeout=5
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
In
the above example, the boot.ini contains two sections, the "[boot
loader]", and "[operating systems]". Within the boot loader
section there are two lines. The "timeout" line is used for how long
the boot menu time should be displayed, in seconds; we recommend that the
timeout be set to at least five if you wish the computer to boot faster and
commonly use the default operating systems. The "default" line is the
default operating system that the boot.ini will load. If multiple operating
systems are in the boot.ini, the default operating system will be automatically
selected and used if the user does not specify a different operating system by
the time the timeout value expires.
The
next section, or the "operating system" section, is used to list and
specify the location of each of the operating systems installed on the
computer. Below is a listing of each of the options.
11)What is a Forest
A forest is a collection of domains that don’t necessarily form a contiguous namespace. By default every domain in a forest will have 2 way transitive trust with other domains which means the resources can be accessed across domains. All child domains share same schema in entire forest
12) What happens if a Schema or Domain naming master
goes down, wouldthere be any impact on the end user authentication?
Actually, Schema master and domain naming master are on
forest level andSchema master is responsible for schema modification. So if a
user going to loginand
user doesn’t modify the schema. finally No impact from schema master.Domain naming master responsible for adding for
removing/modify any domain inthe forest. So again No impact.
Finally if my both server are down so there is noimpact of user login.
13)If
RID master is down, can domain user login in domain?
A
server that has RID (Relative Identifiers) master role only generates the
uniqueIDs to the newly created objects. Hence if your RID master
is down; no new objectscould be created however the existing users would
keep on getting authenticatedas authentication is done via Kerberos v5
in server 2003 that does not include RISmaster server.
14)Can
I edit Schema....?
Yes,
for editing the schema the user must be member of Schema Admin Group.
15)There
are 50 systems, all systems are joined in domain controller, in that one of the pc got disconnected from the domain
suddenly, how can u solve the problem, what are the steps do you follow to
overcome?
(1)
check logical problems like TCP/IP whether it is configured properly or
not.
(2)
check physical problems like cable, rj45 whether it is inserted properly
or not.
(3)
Check ICMP in firewall
16)How
to troubleshoot the Replication Issue with the Active Directory?Explain
1. Repadmin.exe
2.Remplmon
3. Active directory sites andservice
3. Active directory sites andservice
17) What is Kerberos? Which version is currently used by Windows?
Kerberos
is a network authentication protocol that verifies both the identity
of theuser that is requesting authentication as well as the
server providing the requestedauthentication, also known as mutual
authentication.
The Kerberos version 5 authentication protocols provide a mechanism forauthentication and mutual
authentication between
a client & a server, or betweenone server and another server.
18)What is Proxy
server?
A proxy server is computer that functions as an intermediary between a
webbrowser (such as Internet Explorer) and the Internet. Proxy servers help
improveweb performance by storing a copy of frequently used WebPages.
When a browserrequests a webpage stored in the proxy server's collection (its
cache), it is providedby the proxy server, which is faster than going to
the web. Proxy servers also helpimprove security by filtering out some web content and malicious software.Proxy servers are used mostly by networks in organizations and
companies. Typically, people connecting to the Internet from home will not
use a proxy server.
19)DHCP Process and which Protocol DHCP uses?
Dynamic
Host Configuration Protocol (DHCP) is a standard protocol defined by
RFC1541 (which is superseded by RFC 2131) that allows a server to
dynamicallydistribute IP addressing and configuration information
to clients.
DHCP
Process fall into four basic phases:
DHCP
DISCOVER
DHCP OFFER
DHCP REQUEST
DHCP ACK
Protocol
and PortDHCP uses the same two ports assigned by IANA for BOOTP:
67/UDP
for sending data to the server, and
68/UDP for data to the client.
20)What is the impact if DNS Server fails?
If
you DNS server fails, Active Directory stops working & server stops
responding. You can't resolve host names.
21)What are the AD database types and its flow?
The
Active Directory creates and stores four types of log files on the
maintenance and management of transactions. These files are stored in
%system/NTDS and Syscvol.
• Transaction
log files.
The current transaction file is Edb.log, which by default contains information
about recent transactions and is limited to 10MB. When this limit is
reached, transaction files are automatically created with the name
• Checkpoint files. The checkpoint is Edb.chk, and it is used to list transactions thathave
been committed to the Active Directory
•Reserved log files. The reserved log
file can be a number sequence of logs, with amaximum size of 10MB,
named res1.log, res2.log, and so on. These logs are used inplace of the
transaction log when the creation of a new log file is attempted
•Patch files. Patch files (with a .pat suffix) are used during
the backup-and-restore process of the Active Directory. Database
entries are sometimes divided during backup into what is
known as split transactions. The patch files are used to record these splits, and
"patch" the transaction back together during restoration.
22) What is offline
defragmentation in AD and how do we do it?
Performing an offline defragmentation
creates a new, compacted version of thedatabase file. Depending on how
fragmented the original database file was, the newfile may be considerably
smaller. To perform offline defragmentation of the Active Directory
database:
1.Back up Active Directory
Reboot the domain
controller, press F8 & Choose Directory ServicesRestore Mode and
press ENTER. Press ENTER again to start the bootprocess.
2.Log on using the Administrator
account with the password
Click Start, point to Programs,
point to Accessories, and then clickCommand Prompt. At the command
prompt, type ntdsutil, and thenpress ENTER
3.Type files, and then press
ENTER.
1.Type
info, and then press ENTER. This displays current informationabout
the path and size of the Active Directory database and its logfiles. Note the
path.
2.Establish a location that has enough drive space for
the compacteddatabase to be stored.
3.Type
compact to
drive:\directory
and then press ENTER, where
drive
and
directory is the path
to the location you established in the previousstep.Note You must specify
a directory path. If the path contains anyspaces, the entire path must
be surrounded by quotation marks. Forexample, type: compact
to "c:\new folder"
4.A
new database named Ntds.dit is created in the path you specified.
5.Type quit, and
then press ENTER. Type quit again to return to the commandprompt.
If
defragmentation succeeds without errors, follow the
Ntdsutil.exe on-screen instructions.
Delete
all the log files in the log directory by typingthe following command:
del
drive :\ pathToLogFiles \*.logCopy the new Ntds.dit file over the old
Ntds.dit file in the current Active Directorydatabase path that you noted
in step
6.Note you do not have delete the Edb.chk
file.Restart the computer normally.
23)Different types of backups ?
This article
explains different types of backup available in windows
(ntbackup.exe). The Backup utility supports five methods of backing up
data on your computer or network.
a)Copy backup :A copy backup copies
all selected files but does not mark each file as having beenbacked
up
b)Daily backup : A daily backup
copies all selected files that have been modified the day
the dailybackup is performed. The backed-up files are not marked as having
been backed up
c)Differential backup
:
A differential backup copies files created or changed since the last normal
orincremental backup. It does not mark files as having been backed up.
d)Incremental backup : An incremental
backup backs up only those files created or changed since the lastnormal
or incremental backup. It marks files as having been backed up.
e)Normal backup : A normal backup
copies all selected files and marks each file as having been backedup
Strategy : Normal
+ Incremental :
Backing up your data
using a combination of normal backups and incrementalbackups requires the
least amount of storage space and is the quickest backupmethod.
Strategy : Normal
+ Differential
Backing up your data
using a combination of normal backups and differential backups is more
time-consuming, especially if your data changes frequently, but itis
easier to restore the data because the backup set is usually stored on only a
few disks or tapes.
24) How to host multiple
website using IIS 6.0?
Every
Web site has a descriptive name, and can support one or more host
headernames. Organizations that host multiple Web sites on a single server
often use hostheaders because this method enables them to create multiple Web
site identitieswithout using a unique IP address for each site.
You
must be a member of the Administrators group on the local computer To
add a Web site using a host header identifier using the Web Site
Creation Wizard
1.In
IIS Manager, expand the local computer, right-click the Web Sites
directory,point to New, and then click Web Site.
2.Click Next.
3.In
the Description box, type the name you have selected for the Web site, andthen
click Next
4.In
the Enter the IP address to use for this Web site box, click the IP address
usedby all sites on the server.
5.In
the TCP port this Web site should use box, type the port number used by
allsites on the server.
6.In
the Host Header for this Web site (Default:None) box, type the host headername
to identify the Web site. The host header name must contain the full
nameof the site, for example, www.microsoft.com.
7.If
SSL encryption is not enabled on the server, the SSL port box does not
appear.If SSL encryption is enabled on the server, type the SSL port
number, and thenclick Next. Note that you cannot use host headers
with SSL encryption.
8.In
the Path box, type or browse to the path of your Web site home directory.
9.To
create a secured or private Web site, clear the Allow anonymous access to
thisWeb site check box, and click Next. (Web sites are configured for
anonymousaccess by default.)10.In the Web Site Access Permissions box,
set the permissions for the homedirectory.1Click Next, and then click Finish.
25) What are the steps taken while moving
the FSMO roles?
Windows 2000/2003 Active Directory
domains utilize a Single Operation Mastermethod called FSMO (Flexible
Single Master Operation) You can transfer FSMO roles by using
the Ntdsutil.exe command-line utility or byusing an MMC snap-in tool. Depending
on the FSMO role that you want to transfer,you can use one of the
following three MMC snap-in tools:
•
Active Directory Schema snap-in
•
Active Directory Domains and Trusts
snap-in
•
Active Directory Users and Computers
snap-in
•
To transfer the FSMO role
the administrator must be a member of thefollowing group:
|
FSMO Role
|
Administrator must be a member
of
|
|
Schema
|
Schema
Admins
|
|
|
|
|
Domain Naming
|
Enterprise Admins
|
|
RID
|
Domain Admin
|
|
PDC Emulator
|
|
|
Infrastructure
|
To Transfer the Domain-Specific RID Master,
PDC Emulator, and InfrastructureMaster FSMO Roles:
1.Open the Active Directory Users and
Computers snap-in from theAdministrative Tools folder.
2.If you are NOT
logged onto the target domain controller, in the snap-in,
right-click the icon next to Active Directory Users and Computers and
pressConnect to Domain Controller.
3.Select
the domain controller that will be the new role holder,
the target, andpress OK.
4.Right-click the
Active Directory Users and Computers and press OperationMasters.
5.Select
the appropriate tab for the role you wish to transfer
and press theChange button.
6.Press
OK to confirm the change.
7.Press OK
all the way out.
To Transfer the Domain Naming Master Role:
1.Open
the Active Directory Domains and Trusts snap-in from the Administrative Tools
folder.
2.If you are NOT
logged onto the target domain controller, in the snap-in,
right-click the icon next to Active Directory Domains and Trusts and press
Connectto Domain Controller.
3.Select the domain
controller that will be the new role holder and press OK.
4.Right-click the
Active Directory Domains and Trusts icon again and press
Operation Masters.
5.Press the Change
button.
6.Press
OK to confirm the change.
7.Press OK
all the way out.
Transferring the Schema Master Role
1.Click
Start, click run, type mmc, and then click OK.
2.On
the Console, menu click Add/Remove Snap-in.
3.Click Add.
4.Click
Active Directory Schema.
5.Click Add.
6.Click
Close to close the Add Standalone Snap-in dialog box.
7.Click
OK to add the snap-in to the console.
8.Right-click the
Active Directory Schema icon, and then click
Change DomainController.
9. Click Specify
Domain Controller, type the name of the domain controller thatwill
be the new role holder, and then click OK.
10.Right-click Active
Directory Schema, and then click Operation Masters.
11.In the Change
Schema Master dialog box, click Change.
12.Click OK.
13.Click OK .
14.Click Cancel to
close the dialog box.
To transfer the FSMO roles from the
Ntdsutil command:
1.On any domain
controller, click Start, click Run, type Ntdsutil in
the Open box,and then click OK.
2.Type roles,
and then press ENTER.
3.Type
connections, and then press ENTER.
4.Type connect to
server <servername>, where <servername> is the name
of the server you want to use, and then press ENTER.
5.At the server
connections: prompt, type q, and then press ENTER again.1.Type
transfer <role>. where <role> is the role
you want to transfer.
6.You
will receive a warning window asking if you want to perform the
transfer.Click on Yes.2.After you transfer
the roles, type q and press ENTER until you quitNtdsutil.exe.1.Restart the server and make sure you update your
backup.
26)What
is the Protocol? How is it different
than BOOTP or RARP?
DHCP is based on
BOOTP and maintains some backward compatibility. The maindifference is
that BOOTP was designed for manual pre-configuration of the hostinformation in
a server database, while DHCP allows for dynamic allocation
of network addresses and configurations to newly attached
hosts. Additionally, DHCP
allows for recovery
and reallocation of network addresses through a leasing mechanism. RARP is a protocol used
by Sun and other vendors that allows a computer to find out its own
IP number, which is one of the protocol parameters typically passed to the
client system by DHCP or BOOTP. RARP doesn't support other parameters and
usingit, a server can only serve a single LAN. DHCP and BOOTP are designed so
they can be routed
27)How
to rename domain name in win 2003 server?
To
rename a domain controllerOpen Command
Prompt. Type:netdom
computername CurrentComputerName/add:NewComputerNameEnsure the computer
account updates and DNS registrations are completed, thentype:netdom computername CurrentComputerName
/makeprimary:NewComputerNameRestart the computer.From the command
prompt,
type:netdom computername NewComputerName /remove:OldComputerName
• To
perform this procedure, you must be a member of the Domain Adminsgroup or the Enterprise Admins group in Active
Directory.
•This command-line method requires the Netdom
Windows support tool.
• To
enumerate the names with which the computer is currently configured, ata command prompt, type:netdom computername
ComputerName
/enumerate:
{AlternateNames |PrimaryName | AllNames}
To
rename a domain controller in a domain that contains a single domain
controllerInstall a Windows Server 2003 member server in the domain.On the
new server, create an additional domain controller by installingActive
Directory.After Active Directory is installed, enable the global catalog
on the new domaincontroller. Transfer the operations master roles
from the domain controller that you want torename to the new domain controller.
Note that you must transfer the roles, do notseize them.Verify that the
new domain controller is functioning correctly by doing
the following:Verify authentications and global catalog searches.Run
Dcdiag.exe against the domain controller.Perform any other appropriate
tests to verify that the new domain controller canprovide all of the
domain functions of the first domain controller.Verify that the \systole
and \net logon drives are shared on the new domain controller by doing the
following: On the new domain controller, open Command Prompt. Type: Net share In the list that is
generated, verify the existence of Systole and Net logon. Uninstall Active
Directory from the domain controller that you want to rename to be a
member server. Rename the member server.
--
--
What
is a Forest
A forest is a collection of domains that
don’t necessarily form a contiguous namespace. By default every domain in a
forest will have 2 way transitive trust with other domains which means the
resources can be accessed across domains. All child domains share same schema
in entire forest
What
is a Domain
Domain is a logical structure that is
used to make a network secure by applying security policies. Under a forest we
can have Child domains or tree domains. Child domains share the same Domain
naming master & schema master role & it inherits namespace of parent
domain. In child domain, you don’t have Enterprise administrator account. It
exists in parent domain only for most of the configuration. The trust between
parent & child is Parent-child two way transitive trust. For example if parent
domain is ABC.com, the child domain will be XYZ.ABC.com. If you don’t want to
inherit parent domain name, you use new tree in the forest like parent is ABC
& you can have new tree as XYZ.com
What
is LDAP?
LDAP stands for Light Weight Directory
Access protocol. It’s a protocol that is used to access the Active Directory
database.
What
is Active Directory Schema?
The schema is the Active Directory
component that defines all the objects and their attributes. Objects in same
forest will have same Schema.
What
is the function of a domain controller?
The function of a domain controller is
to authenticate users ,computers and other network resources in a domain.
Why
do we need Netlogon?
This Service is responsible for creating
Secure Channel between Domain Controllers and client computers. Secure Channel
is created to pass the authentication packets.
What
is the function of Kerberos?
Kerberos is a protocol that is used by
domain controller to authenticate users,computers and other network resources
in a domain.
Port
Numbers
SMTP-25
POP3-110
IMAP4-
143
RPC-135
LDAP- 389
SSL-443
HTTP- 80
RDP- 3389
DNS- 53
DHCP-67,68
FTP-21
GC- 3268
Kerberos-
88
NNTP- 119
TFTP- 69
SNMP- 161
What
is DNS Scavenging?
This is a mechanism by which stale(old)
DNS resource records get deleted from DNS database after a certain interval.
What
is the location of Active directory database?
By default its located at
c:\windows\ntds folder
What
is RODC and explain the Scenario in which it will be used?
This is explained in below link
Explain
FSMO roles
This is explained in below link
What
are the Forest wide FSMO roles?
Schema Master and Domain Naming Master
How
do we check FSMO roles?
The command is netdom query fsmo
What
are Active directory partitions?
There are three native partitions
Schema/Configuration/Domain and additionally there is also the Application partition.
Schema partition contains details about
objects and attributes that are stored in the AD. This partition gets
replicated to all domain controllers across forest.
Configuration information contains
configuration data about forest and trees. This partition gets replicated to
all domain controllers across forest.
Domain partition contains object
information for a domain. This partition gets replicated to all domain
controllers within a domain.
Application Partition – This partition
contains information about applications in Active Directory. E.g. when AD
integrated DNS is used there are two application partitions for DNS zones –
Forest DNS Zones and Domain DNS Zones
What
is Multi Master Operation?
Active directory database follows
multiple master model which means changes in active directory database get
replicated to all the Domain Controllers in the domain. If there are any
conflicts in the data replication active directory uses a conflict resolution
algorithm which resolves the conflict by allowing the changes on the last DC
which means the last writer wins.
What
are the domain wide FSMO roles?
Infrastructure Master
RID Pool Manager
PDC Emulator
No comments:
Post a Comment