ACTIVE DIRECTORY

1

1) What is Active directory?
ans:active directory is a centralized hierarchical directory database and it’s a directory servive which contains information of all user accounts and shared resources on a network.

2) What is a tree?
Ans: a tree is a collection of domains that share a single dns name space and are connected by transitive trust relationship.

3) What is forest?
Ans:A forest is collection of one or more domains that share a common schema and global catalog.

4) What is organizational unit? And it’s purpose?
Ans:OU are additional container objects that can store users, computers,groups&other OU’s.
Purpose:
1)To delegate administration
2)To manage the application of group policy.

5)what are sites?
Ans: a site is a physical component of active directory that is used to define and represent the topology of a network.
A site is collection of one or more well connected IP subnets.
Uses:
1)To control replication traffic
2)To make authentication faster and more efficient.
3)To locate the nearest server providing directory enabled services.

6)what is domain controllers?
Ans: domain controllers are the physical storage location for the active directory database.

7)what are physical components of a active directory?
Ans:Domain controllers, sites.

8)what are logical components of active directory?
Ans: Forests,trees,domains,OU’s

9)what is the command to make a server into domain controller in win 2000&2003?
Ans: DCPROMO.
10) What is the command to remove the domain controller functionality?
Ans: DCPROMO /FORCEREMOVAL.

11) what is the location & file system type where the active directory
Information is installed?
Ans: On NTFS partition, c:\windows\ntds.dit&c:\windows\sysvolv.

12)for the replication between dc&adc some file are used, what is the location of that directory?
Ans:c:\windows\sysvolv.

13)which version of active directory in win2000&win2003?
Ans: Win2000 : 1.0
Win2003 : 1.1.

14)what is the command used to install active directory on remote servers?
Ans: dcpromo /answer: answerfile
(answer file is a text file created from the /support/tool folder by using deploy.cab file)

15)what is the type of backup is used to take the active directory?
Ans: system state data backup.

16)which protocol plays the security role for the authentication in 2000&2003?
Ans: KEREBROS

17)What is version of kerebros in 2003 o/s?
Ans: KEREBROS v 5.5

18)what is the protocol used by the active directory to perform it’s function?
Ans:LDAP : Light weight directory access protocol base on tcp/ip.

19)How many services are installed ,when you install active directory and what are they?
Ans: Total five services
1)Active directory domains &t rusts
2)Active directory sites and services
3)Active directory users and groups
4)Domain controller security policy.
5)Domain security policy.
20)what is the command which display the dc. Adc, member server?
Ans: Net accounts.

21)what is command to know the SID,RID,DID of a user?
Ans: who am I /user(SID: security identifier

21)can you create a new domain tree in existing forest in win2000?
Ans:No, in win 2003 only we can create.

22)In what replication process goes in win2000 and win2003?
Ans: two way replication process.(ADC::read &write copy)

22) How can you authenticate between forests?
A: Windows 2000 always uses NTLM for authentication between forests; 2003 will use kerebros if and only if dns is used while setting up the domains. If the netbios name is uses; NTLM is used for 2003.

23) What types of classes exist in Windows Server 2003 Active Directory?
A: Structural class. The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.
Abstract class. Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.
Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.
88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments

25) When should you create a forest?
A: Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.


26) what type domain names are used in win 2003& win2000?
Ans:Fully qualified domain names(Any name with extension)

27)what are the six underplaying major roles in active directory to be transferred to ADC from DC to make additional domain controller to act as a domain controller?
Ans:1)Domain naming master 6)Global catalog server.
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master

28)what are FSOM rules?
Ans: FSOM stands for flexible Single operation Master
:1)Domain naming master
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master

29) Define the six responsibilities of an active directory?
Ans:
Domain naming master: ensures the domain names to be unique.
Schema master: classes and attributes and architecture is maintained by the schema.
RID Master: ensures user accounts to be unique
PDC Emulator: Act as a emulator for user login, replication between DC and BDC’s.
Infrastructure Master: responsible for changes or modifications in group membership.
Allows to user to move from one group to other.

30) What snap-in administrative tools are available for Active Directory?
A: Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from admin pack)

31) How do you delete a lingering object?
A: Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.


32)what is Global catalog Server?
Ans: A Global catalog server is a searchable index which stores all the information about all objects in an active directory.
The main role of global catalog server is to help quickly find objects across domains ,supply information about universal group membership and authenticate user principal names(UPN) are supplied.

33)which type of zone is created when you install active directory?
Ans:active directory integrated zone with six service records are created with domain name when you install A.D on application directory partition.

34)where global catalog servers are configured?
Ans:Domain controller individually.

35)where universal group membership cache is configured?
Ans:At the site ,it applies to all domain controllers with in a specific site.

36)what command line utility is used on windows 2000 servers domain controllers before they upgrade to plan win2003 domain controllers?
Ans:
1) adprep /forestprep.
(This command must be issued on win 2000server holding schema master role in forest root domain to prepare existing schema to support win2003AD.)
2)adprep /domainprep
(infrastructure master to be deployed on win 2003 server
Note: adprep tool on win 2003 CD ROM i386 directory

37) what are the types of partitions a win2000 domain controller holds in a active directory?
Ans: Domain Partition: It contains all objects,objects associated with particular domain.
Schema master: It contains a copy of active directory schema for a given forest. this partition was replicated to all DC.
Configuration Master: which contains information about active directory sites& services.
Global catalog partition: :which contains a subset of the attributes of all objects in active directory forest.

38)what are the types of partitions that is supported by win 2003 server?
Ans: win 2003 server supports all four partitions, i.e supports win 2000 server.it also supports new partition.
Application directory partition: the main purpose of this partition is to store data (objects and attributes) related to active directory integrated application and services.
Note: it’s a partition that is replicated only to specific domain controller. it is used to store data relating to services such as DNS
Some benefits of using this partition
1)provides redundancy,availability,fault tolerance.
2) reduce replication traffic
3)allows applications or services thst use LDAP to store& access their data In A.D.
4)it holds any type of object except security principal such as users&computer&security groups.


39)How to check DC replication status,
Ans: Go to event logs for NTFRS (File Replication Service) It will tell you when the last synch was.

40)How to Enable or Disable a Global Catalog (GC)
Ans:Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.

WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.

41)How to install/remove AD/DC
Ans:To install/remove AD/DC, use Promote and Demote command.

42)How to repopulate AD DNS entries
Ans:Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.

This domain controller holds the last replica of the following application directory partitions

Symptoms: When you demote a DC by using the Active Dcpromo, you may receive the following error message: This domain controller holds the last replica of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com

Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.

43)What will happen when demoting a DC
Ans:When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.