What is the Difference between Win NT and Win 2000?
Ans: 
 
Win NT  Win 2000    
No concept of Active directory Concept of Active directory    
PDC,BDC--(read only copy) DC,ADC--(read ,write copy)    
Database stored in SAM(fixed size-40 MB) Database stored in NTDS.DIT(Not fixed)    
Not supported RIS Supported RIS  
What is the Difference between Win 2000 and Win 2003?
Ans:
 
Win 2000  Win 2003    
Can’t rename the Domain Can rename the Domain    
No authorization with DHCP Authorization with DHCP    
Can’t create new domain tree in existing forest Can create new domain tree in existing forest    
   
What are the versions in Win 2000?
 Ans: win 2000 server and win adv 2000 server and win 2000 Data center server.
What are the versions in Win 2003?
Ans: standard version and enterprise version and web version and data center server
How much RAM, Processor supported by Win 2000 versions?
Ans: 2000Server: 4GBRAM, 4 Processors, 2000Advanced server: 8GB RAM, 8 Processors, data center server: 64 GB RAM, 32 Processors
How much RAM, Processors supported by Win 2003 versions?
Ans: standard – 4Gb   , Web- 2 Gb,2 Proce, Enterprise-32 Gb,8 Processors, Data Center – 64 Gb, 32 processors
What is the diff between win 2000server and Advanced server?
Ans:  Network load balancing and clustering
Can I rename the win 2003 DC?
Ans: If you have a Windows 2003 DC, you can use the Netdom tool to rename the DC. The Netdom provides a secure and supported methodology to rename one or more domains. You can find the tool from the Windows 2003 installation CD-ROM
What is Privilege mode?
Ans: A protected Memory Space Allocated for the win 2000 kernel that cannot be directly accessed by software applications.
9) In win2000, what is the partition Size, File Size in FAT 16?
Ans:  4 GB partition size and 2 GB File Size.
10) In win2000, what is the partition Size, File Size in FAT 32?
Ans: 2 GB to 2 TB partition size and 4GB file Size
11) In win2000, what is the Partition Size, File Size in NTFS?
Ans: 2 TB Partition size, File size is theoretically 16 Exabytes.
12)what is the difference between FAT and NTFS?
Ans:FAT does not support Data  compression and encryption
13) what is the difference between  win98 and Windows XP? 
 
Supports Fat16 and Fat32 Supports Fat16 and Fat32,NTFS    
No disk quotas Disk quotas    
Only Disk compression Supports Data compression and encryption    
No remote assistance and remote desktop remote assistance and remote desktop  
14)What is System restore?
15)What is the difference between Basic Disk and dynamic Disk?
16)Can you convert dynamic to basic?
17)What is the difference between system restore and last known configuration?
18)What is the difference between remote assistance and remote desktop?
19)What is the difference between IP4.0 and IP 6.0?
20)what is the difference between router and switch?
21)what is the difference between switch and hub?
22) Hub works in which layer?
23) switch works in which Layer?
24) router works in which Layer?
25) Describe all layers?
26)what is the port numbers of FTP,SMTP,Telnet,SMTP,DNS,DHCP,POP3,TFTP,SNTP?
PROFILES
1) What is profile?
Ans:  Windows maintains a group of settings for each individual user that logs into he system. This group setting is known as a user ‘profile’.
2) Where are the documents and settings for the roaming profile stored?
Ans: All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is.
3) What is Roaming and Mandatory profile?
Ans: Roaming user profile: A user profile that is copied to a network server so that it can be downloaded each workstation where the user logon
Mandatory profile: A user profile set up by the server administrator that is loaded from the server to the client each times the user logon. Changes that user makes to the profile are not saved
Active directory:
1) What is the organizational unit?
Ans: OU are additional container objects that can store users, computers, groups&other OU’s.
2) What is the use of organizational unit?
Ans: Uses:
1) To control replication traffic
2) To make authentication faster and more efficient.
3) To locate the nearest server providing directory enabled services
3) What is the active directory? 
Ans: Active directory is a centralized hierarchical directory database and it’s a directory service which contains information of all user accounts and shared resources on a network.
4) What are the main roles in active directory?
Ans:  FSOM stands for flexible Single operation Master
:1)Domain naming master
2)Schema master
3)PDC Emulator
4) RID  master
5)Infrastructure master
       5) What is the location & file system type where the active directory
        Information is installed?
        Ans: On NTFS partition, c:\windows\ntds.dit&c:\windows\sysvolv.
 6) For the replication between DC&ADC some file are used, what is the location of that Directory?
        Ans: c:\windows\sysvolv.
      7)What is Kerberos?
      Ans: this protocol is an internet standard authentication protocol that provides a   higher level of security. More efficient than windows NT LAN Manager
       8)What is Win NT LAN Manager (NTLM)?
      Ans: This protocol enables users of win95 and win98 and Win NT client’s computers to be authenticated to win 2000 domains. This protocol is only available when win 2000 Active Directory is configured to operate in mixed-mode
      9) Which protocol plays the security role for the authentication in 2000&2003?
       Ans: KEREBROS
      10) What is version of kerebros in 2003 o/s?
       Ans: KEREBROS v 5.5
      11) What is the protocol used by the active directory to perform it’s function?
       Ans: LDAP: Lightweight directory access protocol base on TCP/IP.
12) What is the command, which display the DC? Adc, Member server?
Ans: Net accounts.
13) What is the command to make a server into domain controller in win 2000&2003?
Ans: DCPROMO
14) what is the type of backup is used to take the active directory?
Ans: system state data backup.
15) What command line utility is used on windows 2000 servers domain controllers before they upgrade to plan win2003 domain controllers?
Ans:
1) adprep  /forest prep.
(This command must be issued on win 2000server holding schema master role in forest root  domain to prepare existing schema to support win2003AD.)
2)adprep  /domain prep
(Infrastructure master to be deployed on win 2003 server
Note: adprep tool on win 2003 CD ROM i386 directory
POLICIES :
1) What is group policy?
Ans:
2) Is Win NT supports Group policy?
Ans: NO, Supports only system Policy.
3) What is system policy?
4) What is difference between system policy and group policy?
5) What is policy order?
Ans: Local Group Policy-Site level Policy-Domain level policy-Organizational level policy
6) Will group policy applicable for win 98,win 95 and winNt workstation?
Ans: No, Only applicable for system policy 
7) In Win NT, where policies are stored?
Ans: NTCONFIG.POL
8) Suppose your sever is win 2000 and clients are win98and win95 which policy applicable? And where it is stored?
Ans: System policy and policies stored in CONFIG.POL
9) In win 2000, After Assigning policies, which command is to update policies?
Ans: Secedit  /refresh policy   user-policy/ enforce
         Secedit  /refresh policy   machine-policy/ enforce
10) In win 2003, After Assigning policies, which command is   to update policies?
Ans: GPUPDATE
11)what is the order in which group policy is applied?
Ans: Local—Site Level—Domain Level---Organizational Unit
BACKUP:
1)what is user data?
2)what is system state data?
3)what are three primary tasks you can perform using backup?
4)what is emergency repair disk?
5)who can take backup?
6)what are the 2 types of restore you can perform on active directory?
Ans: Authoritative,Non- Authoritative.
7)list 3 win2k tools use to recover a system failure?
8)what is the tool used to create ERD ?
Ans: Backup programme.
9)which type of backup reduce the time In order to take backup daily?
Ans: Incremental backup will take least  amount of time.
10)which win2k tool is used to restore of user, data on a DC?
Ans: Backup.
11)what is the command used to add recovery console to the boot loader menu?
Ans: Winnt32 /cmdcons.
12) what is command is used to perform authoritative restore before booting?
Ans: ntdsutil
      Authoritative restore
      Restore data base
      Restore sub tree
13)what is the type of mode in which you try to restore system state data or active directory data base?
Ans: Directory Services restore mode.
14) what is the extension used for a backup file?
Ans: .bkf
15)Name 5 standard  types of backups?
Ans: Normal, daily, incremental, differential, copy.
16)Is it possible to backup & restore  data on network drive?
Ans: Yes , it is possible.
17)Is it possible to restore system state data on networked pc’s?
Ans: No , It is not possible.
18)what is non authoritative ?
Ans: 
19)what is normal backup?
Ans: It is full and complete backup used to backup all selected files and folders. It removes the archive bit form backed up files and folders. 
20)what is copy backup?
Ans: A copy backup backs up all selected files and folders .but it does not affect remove or otherwise affect the archive bit.
21) What is incremental?
Ans: It is used to backup all selected files and folders that have changed since last normal backup or incremental backup. It removes archive bit from the backed up file and folders. 
It is not cumulative. It takes less time to backup .multiple backup sets are required at the time of restore. 
22) What is differential backup?
Ans: It backups all selected files and folders that have changed since last normal backup.
It does not remove the archive bit. It is commulative backup. It takes much time to backup. last backup set is used to restore
23) What is daily backup?
Ans:  A daily backup backups all selected files and folders that have changed during the day the back is made.
24) Back utility advanced mode features?
Ans: 1) Backup wizard
        2) Restore wizard 
        3) ERD 
25)Backup Wizard
Backup every thing.
Backup selected files, drives.
Only backup system state data.    
26) What is non authoritative?
Tape drives & Models
        HP DDS3 Dat Tape drive           HP DDS3 Dat Tape drive        
 Model  C1537                             Model  C1537E
 SCSI Internal 50 Pin                   SCSI External 50 Pin
 Capacity  12/24 GB                    Capacity  12/24 GB
Print Management & Administration
1) What is a printer in win2k terminology?
Ans: it is the software interface between win 2k o/s & the device that produces the printer output. 
2) Which win2k printing term is defined as a printer that has multiple ports and multiple print devices assigned to it?
Ans: printer Pool
3) Name 3 printer permissions?
Ans: Print, Manage Documents, Manage printers 
4) What is EMF?
5) Print Process:
Ans:  User starts print process
Using an application ex (Ms word)
Print job (Data & commands to print a document)
Graphical user Interface
Request to drivers
Driver converts file in to EMF or RAW
Backs again into GDI
Win 2k spooler
Determines local or network
 Local printer provider                                       Network
 Print processor                                                      Network local
 Print monitor                                                         HDD spooler
Communicates Directly to print device                 Print Processor
                                                                               Print monitor
                                                                               Print device  
6) What is print spooler?
Ans: printer spooler is a temporary storage area for print jobs waiting to be sent to a print device.   Systemroot\system32\spool\printers
7) Who can add printers and manage printer?
Ans:  administrators or power users (built in)  
8) Adding printer on a remote computer
Ans: start windows explorer>click my network places>entire network>domain or work group>select computer>highlight printer folder> double click printer folder.
9) Adding printers to printer pool
Ans: ports 1) lpt1 2) lpt2 3) lpt3               Enable printer pooling
10) Printer properities 
Ans: 99 highest for managers
         1  lowest   for employees 
Note: if managers and employees send print jobs to same print device you can set priorities 
11) Print permissions are
Print: send only print jobs to printer
Manage Documents: resume and restart and delete print jobs.
Manage printers: perform all tasks also share printers can change spooler settings    and can assign printer permissions.
12)What is a printer?
Ans: printer is software which acts as a interface between the print device and the operating system.
13)What is print device?
Ans: print device is a hardware component which is attached to the system to the print documents. 
14)What is local print device?
Ans: print device which is attached to the local system.
15)What is network print device?
Ans:print device which is there in the network.
16) What is print server?
Ans:The computer responsible for managing the print queues for group of printers.
17) What is print queue?
Ans: The collection of print jobs waiting to be printed by a specific printer.
DHCP (Dynamic Host Configuration Protocol) port: 67
1)What is DHCP?
Ans: DHCP is a TCP/IP protocol that provides that provides way to dynamically allocated IP address to computers on the network.
2)Advantages of DHCP?
Ans: Centrally manages IP address allocation
        Helps prevent address conflicts
        Reduces administrative effort
        Help converse IP addresses
3)What is SCOPE?
Ans: It is range of IP Address which is assigned to computers requesting for a Dynamic IP Address.
4)What is authorization?
Ans: It is Security precaution that ensures that only authorized DHCP Servers Can run in the network..
To avoid computers running illegal DHCP Servers in the network.
5) We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of it.
Ans: The server must be authorized first with the Active Directory.
 6)How can you force the client to give up the dhcp lease if you have access to the client PC?
Ans: ipconfig /release
7)Cannot find DHCP Server
Ans: Cause: DHCP service is stopped or disable.
8)How to restore or move a DHCP into another computer
Ans:The DHCP database is contained in the Dhcp.mdb file located in the %SystemRoot%\System32\Dhcp folder. The DHCP server uses this file to record and store information concerning active leases and reservations. After you install a new DHCP, you can copy Dhcp.mdb into the above mentioned location.
9) Describe how the DHCP lease is obtained. It’s a four-step process consisting of 
 Ans(a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.
10) What is super scope?
Ans: the super scope is assigned a range of IP addresses that can be assigned to DHCP clients that reside on multiple subnets.
11) What is multicast scope?
Ans: the multicast scope contains a range of classD multicast IP address ,and is used to assign these addresses to client computers that request them. 
12) What is difference between scope and super scope?
Ans: A scope is assigned a range of IP address that can be assigned to DHCP clients that reside on a single subnet. Where the super scope is assigned a range of IP addresses that can be assigned to DHCP clients that reside on multiple subnets.
13) What is BOOTP?
14) What is range of multicast scope?
Ans: Only IP address range from 224.0.0.0 to 239.255.255.255
DNS (Domain Naming Service) port -53
What is the difference between WINS and DNS?
Ans: WINS resolves NETBIOS Names to IP address where DNS resolves Host names to IP address
1)List  the types of DNS servers?
Ans: Standard primary, standard secondary, active directory integrated zone, root 
4)what is the primary purpose of DNS?
Ans: For host resolution.
5) what is start of authority?
Ans: It contains serial no. , this indicates the modification done to the zone.
6)what is Dynamic DNS?
Ans: Dynamically update the service records
7)what is the maximum character  size of  DNS?
Ans:63
What is the maximum character size of WINS?
9)what is zone or zone file?
Ans: A zone is a Database for either a DNS domain or for a DNS domain and one or more of it’s Sub domains. This storage database is special text file called zone or zone file.
11)why multiple DNS services are created for the same zone?
Ans: load balancing, fault tolerance.
12)what is  caching only server?
Ans: Caching only servers does not stores only zones.it resolves host names
 To IP address for client computers and stores the resulting mapping information in it’s cache. this DNS server provides the cached information to the client computer with contacting other DNS servers to resolve the query.
 It is the temporary storage of zone information.
13)what is zone transfer?
Ans: The process of copying zone to a standard DNS server is called zone transfer.
14)what is master DNS server?
Ans: As the DNS contains the master copy  of the zone information is called Master DNS.
15)what is forwarders?
Ans:  The queries of one server  will be forwarded to other DNS act as forwarder by internal name resolution.
17)which protocol is supported by DNS server?
Ans: Dynamic Updated protocol.
18)what are four service records?
Ans: _msdcs,_sites,_tcp,_udp
19) what are six service records in win 2003?
Ans:  -msdcs: (Microsoft Domain controller service)
 It contains the information which domain controller is hosting the zone.
 Site: In which site the zone has been configured.
Tcp& Udp: These are two protocols that are responsible for communicating with active directory.
Domain DNS Zones & Forest DNS Zones:
In which domain & Forest, DNS has be configured the information.
19) What is Resource record?
Ans: The entries are in zone is called Resource record. The entry may be host name IP address mapping entry.
20) What is the primary thing you have to do on a DNS server before it starts resolution of host name?
21) When will you configure root DNS server?
Ans: : A root server should be used only when a network is not connected to the internet or when a network is connected to the internet or when a network  is connected to the internet by using  a proxy server
22)what is forward lookup zone?
Ans:Resolves  hostnames to ip address.
23)what is reverse look up zone?
Ans: Resolves ip address to hostnames.
24)what is standard  primary zone?
Ans: Standard primary  DNS  server stores DNS entries(IP address to host mapping and other DNS resource records ) in zone file that is maintained on the server. The primary server maintains the master copy of zone file. When changes need to be the zone they should be made only standard primary server.
25)what is standard secondary zone?
Ans: Standard secondary DNS server stores copies of zones from the standard primary.
26) what is root server?
Ans:Root server contains a copy of a zone for the root domain – either the root domain for the internet, or the root domain for a company private, internal network. the purpose of the root server is to enable  other DNS servers on a network to access the second level domains on the internet.
Note: A root server should be used only when a network is not connected to the internet or when a network is connected to the internet or when a network  is connected to the internet by using  a proxy server
27)what is round robin?
Ans: Round robin is used when multiple servers (such as web servers) have identical configurations and identical host names ,but different IP addresses. 
28) can you configure root server  to use a forwarder?
Ans: NO.
29)what are Root hints?
Ans:Root hints are server names and ip address combination that point to the root servers located either on the internet or on your organization private network.
Root hint tab contains list of DNS  Servers can contract to resolve client DNS queries.
 Maintains all the information of 13 root servers.
32)what is  Active Directory integrated zone?
Ans: Active directory integrated DNS server just like standard primary except DNS entries stored in active directory data  store rather than in a zone file. Active directory supports multi master replication when changes need to be made to the zone. They can be on any active directory –integrated DNS server that containg  the zone. 
33)what is simple query?
Ans: A simple query is a query that DNS server can resolve without contacting any other DNS servers.
34) what is recursive query?
Ans: a recursive is a query that can’t resolve it self it must be contract one or more additional DNS servers to resolve the query.
35) what is scavenging?
Ans: Scavenging is the process of searching for and  Deletes stele resource records in a zone
PTR: Pointer resource record
SRV: Service locator resource record
36)What is SRV?
Ans: Used to map specific service (tcp/ip) to list of servers that provide that service.
37) What is CNAME?
Ans: Alias resource record .used to map an additional host name to the actual name of  the host. 
38) What is stub zone in 2003?
Ans: stub zone contains the information of Name Server & start of authority. It gives the information in which system, in which server, in which domain DNS has been configured
The properties of DNS in Advanced Tab
(Disable Recursion or disable forwarder)
By default this option is unchecked telling that recursive property
is present.
BIND Secondaries:
The zone transfers between the primary & secondary (replication between primary and secondary) BIND is responsible.
Fail on load if bad zone data:
This option is unchecked telling that even if the zone contains some errors it will be loaded if it is checked the zone will not be loaded.
Enable Round Robin: 
If the same zone is present in the same subnet the query will be passed on round robin passion until it gets resolved.
Enable Net Mask ordering:
This option is utilized for DNS Server maintained on multihome pc (A pc having multiple NIC cards) and solving the queries of diff clients subnets 
Secure cache against pollution:
It secures the cache information by not storing the information of unauthorized DNS servers.
Friday, February 26, 2010
ADS and DNS ROLES
ADS Roles:
1, Forest Roles 2, Domain Roles
I. Forest Roles:
a. Domain Naming operation Master (DNOM)
It will maintain a unique domain name
Start – programs – admin tools – ads domain & trusts – open ads domain &trusts – set operation master it displays the domain naming operation master.
b. Global catalog master (GCS)
Total information about the domain and partial information of replications.
Start – programs – admin tools –ads sites &services – open services
Open default first site name – open computer name – r+click on ntds settings – go to properties – displays the gcs with checkbox.
c. Schema master
System is having own attributes to enable and disable all this done will be in the schema master.
Start- run – type ‘regsvr32 schemmgnt.dll” display the schema registry information click – ok. After that go to start – run – mmc – click on the add button &select schema , click adding close the folder – ok. It displays the close attributes.
II. Domain Roles
Rid master
Start – programs – admin tools –ads users & computers – open ads users &computers – r+click the domain name & select operation master.
Pdc master
Start – programs – admin tools –ads users & computers – open ads users &computers – r+click the domain name & select operation master.
Infrastructure master
ADS Backup:
Start- programs- accessories – system tools - backup
Backup files are: 1, Ads 2, sys vol 3, boot files (boot.ini) 4. com+reg 5. Registry
Minimum Requirement of ADS:
1, static ip 2, 256 Ram 3, stand alone pc 4, 2003 serve cd
ADS work with LDAP protocols (389)
C:\windows\sysvol:- servers copy of the domains public files
C:\windows\ntds:- ADS database and log files.
ADS versions’: 2000 serve 1.0 2003 server 1.1
In ADS when ever u r creating a user account it will create a unique identifier (sid) this is called security identifier
 
ADS are having 2 elements:
Logical elements
Domain, Trees, Forest, organization units
Physical elements
Sites and services, domain controller
Classes and Types in win 2003 server
1, standard class 2, Abstract class 3, Auxiliary class 4, 88 class
Crating Application Data part ion:
Run – cmd – ntdsutil - domain management – connection – connect sever
Create NC application directory portions
Delete NC application directory portions
Role Transferring:
Start – programs – Admin tools – ads users & computers – India.com – r+click operation master – rid+pdc, infrastructure.
ADS Database:
NTDS.Dit – 16 mb each user 1 kb max 16 million users
(New technology directory service. Directory information tree
SAM – 40 mb
Group:
A group consist of users accounts, computer & groups it self.
1, domain local group 2, global group 3, universal group
Group policy stored at system root/ sys32.G.P
Domain controller: it contain rewritable copy of the ADS database
Name Space: A collection of resources using common name is called name space
ex: India.com
DNS (DOMAIN NAMING SERVICE - {53} Roles :
Disable Resurrection
Bind secondarys
Fail load if bad zones data
Enable round robin
Enable net mask ordering
Secure cache against pollution
DNS queries:
1, Recursive query - DNS to client
2, Interactive query - DNS to DNS
DNS Zones :
Forward lookup Zone – it resolves ip address to host name
Reverse lookup Zone - it resolves host name to ipaddress
1, Primary Zone 2, Secondary one 3, Stub zone
DNS Managing or trouble shoot:
1, ns lookup
2, ip config/ all
3, Ipconfig/flush dns
4, ipconfig/Display dns
5, ipconfig/event viewer
OSI Layers: {APSTNDP}
1, Application Layer
2, Presentation Layer
3, session Layer
4, Transport Layer
5, Network Layer – Router (Layer 3)
6, Data link Layer – Switch (Layer 2)
7, Physical Layer - Hub (Layer 1 )
TCP/IP Layers { ATIDP} A protocol is a set of rules that governs data communication
1, Application layer
2, Transport Layer
3, Internet Layer
4, Data-link layer
TCP/IP Responsibilities:
Opening and closing sessions
Packet management
Flow control
Error detection and handling
IP Range:
Class A – 0- 127
Class B – 128-191
Class C – 192- 224
Class D – 225-249 – Research and development
Class E – 250-255 - Research and development
System Boot Files:
NTLDR – system procedure
BOOT.ini - Boot configuration
NTDETECT .com – gathering hardware
NTBOOTDD.sys – system devices
NTUSER – user profile
IO.sys
Config.sys
DHCP (Dynamic Host Control Protocol) Backend process {DORA}
D- Discover
O-offer
R- Request
A- Acknowledgement
Backup Types:
1, Normal
2, Incremental
3, Deferential
4, copy
5, Daily
PORT Numbers:
IP – 0 DNS –53 ICP - 1494
DHCP – 67 ICMP – 1
TCP – 6 HTTP – 80
IGRP – 9 EIGRP – 88
UDP - 17 OSPF - 89
FTP – 21 POP3 – 110
TELNET - 23 RPC – 111
SMTP – 25 L2TP - 115
RDP – 27 NNTP - 119
IPV6 - 41 LDAP –389
Private ip - for organization use
Public ip – we have to buy from isp’s
What is the NAT (Network Address Transfer?)
Net is used for difference n/w such as public network to private network, private network to public network.
To binding the ip address private to public ip
Ras: Remote administration server
It provides communication between client and server through telephone line across the world
PPTP – It supports homo genius O.S
L2TP – It supports hetro genius O.S
Private and Public Ip address?
Private ip is come in the form of classes non-routable ip address, these type of address are using with in the organization.
Private ip ‘s used on the internal network
External ip address obtained from an isp, that will allow traffic out to the internet
DNS QUESTIONS
1)List the types of DNS servers?
Ans: Standard primary, standard secondary, active directory integrated zone, root server, caching only, and forwarders, master.
2)what is ttl?
Ans: time to live
3)What is PTR?
Ans: Used to map IP address to their host names. These records only used in reverse lookup zone.
4)what is the primary purpose of DNS?
Ans: For host resolution.
5) what is start of authority?
Ans: It contains serial no. , this indicates the modification done to the zone.
6)what is Dynamic DNS?
Ans: Dynamically update the service records
7)what is the maximum character size of DNS?
Ans:63
9)what is zone or zone file?
Ans: A zone is a Database for either a DNS domain or for a DNS domain and one or more of it’s Sub domains. This storage database is special text file called zone or zone file.
11)why multiple DNS services are created for the same zone?
Ans: load balancing, fault tolerance.
12)what is caching only server?
Ans: Caching only servers does not stores only zones.it resolves host names
To IP address for client computers and stores the resulting mapping information in it’s cache. this DNS server provides the cached information to the client computer with contacting other DNS servers to resolve the query.
It is the temporary storage of zone information.
13)what is zone transfer?
Ans: The process of copying zone to a standard DNS server is called zone transfer.
14)what is master DNS server?
Ans: As the DNS contains the master copy of the zone information is called Master DNS.
15)what is forwarders?
Ans: The queries of one server will be forwarded to other DNS act as forwarder by internal name resolution.
17)which protocol is supported by DNS server?
Ans: Dynamic Updated protocol.
18)what are four service records?
Ans: _msdcs,_sites,_tcp,_udp
19) what are six service records in win 2003?
Ans: -msdcs: (Microsoft Domain controller service)
It contains the information which domain controller is hosting the zone.
Site: In which site the zone has been configured.
Tcp& Udp: These are two protocols that are responsible for communicating with active directory.
Domain DNS Zones & Forest DNS Zones:
In which domain & Forest, DNS has be configured the information.
19)what is Resource record?
Ans: The entries are in zone is called Resource record. The entry may be host name IP address mapping entry.
20)what is the primary thing you have to do on a DNS server before it starts resolution of host name?
21)when will you configure root DNS server?
Ans: : A root server should be used only when a network is not connected to the internet or when a network is connected to the internet or when a network is connected to the internet by using a proxy server
22)what is forward lookup zone?
Ans:Resolves hostnames to ip address.
23)what is reverse look up zone?
Ans: Resolves ip address to hostnames.
24)what is standard primary zone?
Ans: Standard primary DNS server stores DNS entries(IP address to host mapping and other DNS resource records ) in zone file that is maintained on the server. The primary server maintains the master copy of zone file. When changes need to be the zone they should be made only standard primary server.
25)what is standard secondary zone?
Ans: Standard secondary DNS server stores copies of zones from the standard primary.
26) what is root server?
Ans:Root server contains a copy of a zone for the root domain – either the root domain for the internet, or the root domain for a company private, internal network. the purpose of the root server is to enable other DNS servers on a network to access the second level domains on the internet.
Note: A root server should be used only when a network is not connected to the internet or when a network is connected to the internet or when a network is connected to the internet by using a proxy server
27)what is round robin?
Ans: Round robin is used when multiple servers (such as web servers) have identical configurations and identical host names ,but different IP addresses.
28) can you configure root server to use a forwarder?
Ans: NO.
29)what are Root hints?
Ans:Root hints are server names and ip address combination that point to the root servers located either on the internet or on your organization private network.
Root hint tab contains list of DNS Servers can contract to resolve client DNS queries.
Maintains all the information of 13 root servers.
32)what is Active Directory integrated zone?
Ans: Active directory integrated DNS server just like standard primary except DNS entries stored in active directory data store rather than in a zone file. Active directory supports multi master replication when changes need to be made to the zone. They can be on any active directory –integrated DNS server that containg the zone.
33)what is simple query?
Ans: A simple query is a query that DNS server can resolve without contacting any other DNS servers.
34) what is recursive query?
Ans: a recursive is a query that can’t resolve it self it must be contract one or more additional DNS servers to resolve the query.
35) what is scavenging?
Ans: Scavenging is the process of searching for and Deletes stele resource records in a zone
PTR: Pointer resource record
SRV: Service locator resource record
36)What is SRV?
Ans: Used to map specific service (tcp/ip) to list of servers that provide that service.
37) What is CNAME?
Ans: Alias resource record .used to map an additional host name to the actual name of the host.
38) What is stub zone in 2003?
Ans: stub zone contains the information of Name Server & start of authority. It gives the information in which system, in which server, in which domain DNS has been configured
The properties of DNS in Advanced Tab
(Disable Recursion or disable forwarder)
By default this option is unchecked telling that recursive property
is present.
BIND Secondaries:
The zone transfers between the primary & secondary (replication between primary and secondary) BIND is responsible.
Fail on load if bad zone data:
This option is unchecked telling that even if the zone contains some errors it will be loaded if it is checked the zone will not be loaded.
Enable Round Robin:
If the same zone is present in the same subnet the query will be passed on round robin passion until it gets resolved.
Enable Net Mask ordering:
This option is utilized for DNS Server maintained on multihome pc ( A pc Having multiple nic cards ) and solving the queries of diff clients subnets
Secure cache against pollution :
It secures the cache information by not storing the information of unauthorized DNS servers.
DNS TROUBLESHOOTING
50)How to check AD DNS Registration
Ans:You should have four folders with the following names under DNS forward lookup zones are present when DNS is correctly registering the Active Directory DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp
51)A Records appear and disappear randomly
Cause: Your DNS zone is configured to query WINS.
52)Can't logon or join the domain
Ans:If DNS is not set up on the Domain controller correctly, domain-wide issues can occur such as replication between domain controllers. If DNS is not set up on the client correctly, the client may experience many networking and internet issues. Unable log on to the domain or join the domain from a workstation or server, and can't access the Internet indicate that you may have DNS settings issues.
53)Can't open an external website using the same network domain name?
Ans:Create a DNS record for pointing to the www with the public IP.
 
54)What are Common DNS settings mistakes
1.The domain controller is not pointing to itself for DNS resolution on all network interfaces. Especially, when you have multihomed server, the WAN connection may be assign 127.0.0.1 as DNS ip.
2. The "." zone exists under forward lookup zones in DNS.
3. The clients on LAN do not point the DNS to internal DNS server.
55)Can't find server name for ....: No response from server - DNS Request Timed Out?
Ans: Symptom: When running nslookup, you may receive this message: Can't find server name for ....: No response from server
Cause: the DNS server's reverse lookup zones do not contain a PTR record for the DNS server's IP address. Refer to case 0204BL
56)Can't Find Server Name for Address 127.0.0.1 when running nslookup?
Ans:Cause: You don't have a DNS server specified in your TCP/IP Properties. If you have no DNS server configured on your client, Nslookup will. default to the local loopback address.
57)DNS issue with IP Filtering
Ans:Symptoms: you have a windows 2000 server running IIS for public access with 10 public IPs. The router is broken. We would like to enable IP filtering to block all ports except the port 80 for the web, 25 and 110 for the mail. After enabling IP Filtering, the server can't access any web sites, can't ping yahoo.com and nslookup gets time out.
Cause: IP Filtering block the ports fro DNS.
58)"DNS name does not exist."?
Ans:Cause: 1. Incorrect DNS.
2. The netlogon service tries to register the RR before the DNS service is up.
59)DNS on multi homed server?
Ans:It is not recommended to install DNS on a multihomed server. If you do, you should restrict the DNS server to listen only on a selected address.
60)DNS request time out - ip name lookup failed?
Ans:When troubleshooting Outlook 550 5.7.1 relaying denied - ip name lookup failed by using nslookup to resolve host name,
61)you may receive "DNS request time out...*** Request to mail.chicagotech.net time-out.?
Ans:Possible causes: 1. Incorrect DNS settings.
2. Incorrect TCP/IP settings on the DC.
3. Missing PRT on Reverse Lookup Zones.
62)DNS server can't access the Internet?
Ans:Symptoms: You have a domain controller with DNS. The server can ping router and any public IPs. However, the server can't open any web sites.
Resolution: Check the server DNS settings, especially make sure the server points to the internal DNS instead of the ISP DNS or 127.0.0.1.
63)How to register the DNS RR?
Ans:1. Go to DNS Manager to add it manually.
2. Use netlogon, ipconfig and nbtstat command.
64)How to troubleshoot DNS problems?
Ans:To correct DNS settings and troubleshoot DNS problems, you can 1) run nslookup from a command line is the default dns server the one you expect.
2) use ipconfig /all on client to make sure the client point to correct DNS server and the the DC server points to only itself for DNS by its actual tcp/ip address, and make sure no any ISP DNS listed in tcp/ip properties of any W2K/XP.
3) When the machine loads it should register itself with the DNS. If not, use ipconfig /regiesterdns command.
4) Check Event Viewer to see whether the event logs contain any error information. On both the client and the server, check the System log for failures during the logon process. Also, check the Directory Service logs on the server and the DNS logs on the DNS server.
5) Use the nltest /dsgetdc: domainname command to verify that a domain controller can be located for a specific domain. The NLTest tool is installed with the Windows XP support tools.
6) If you suspect that a particular domain controller has problems, turn on the Netlogon debug logging. Use the NLTest utility by typing nltest /dbflag:0x2000ffff at a command prompt. The information is logged in the Debug folder in the Netlogon.log file.
7) Use DC Diagnosis tool, dcdiag /v to diagnose any errors. If you still have not isolated the problem, use Network Monitor to monitor network traffic between the client and the domain controller.
65)How can I verify a computer DNS entries are correctly registered in DNS?
A: You can use the NSLookup tool to verify that DNS entries are correctly registered in DNS. For example, to verify record registration, use the following commands: nslookup computername.domain.com.
66)How to add DNS and WINS into your Cisco VPN server?
Ans:If your VPN client cannot find servers or cannot ping computer name, you may need to add DNS and WINS into your VPN server. For example, to add DNS and WINS on a Cisco Firewall PIX, add vpdn group 1 client configuration DNS server name and vpdn group 1 client configuration wins wins server name..
67)How to clear bad information in Active Directory-integrated DNS
Ans:You may need to clear bad information in Active Directory-integrated if DNS is damaged or if the DNS contains incorrect registration information. To do that, 1) Change the DNS settings to Standard Primary Zone.
2) Delete the DNS zones.
3) Use ipconfig /flushdns command.
4) Recreate the DNS zones.
5) Restart Net Logon service
6)Use ipconfig /registerdns
68)How to ensure that DNS is registering the Active Directory DNS records?
Ans:To ensure that DNS is registering the Active Directory DNS records, to go DNS Management console>Server name>Forward Lookup Zones>Properties, make sure Allow Dynamic Updates is set to Yes and _msdcs, _sites, _tcp and _udp are correctly registering the Active Directory DNS records. If these folders do not exist, DNS is not registering the Active Directory DNS records. These records are critical to Active Directory functionality and must appear within the DNS zone. You should repair the Active Directory DNS record registration.
69): How does the internal DNS resolve names Internet without the ISP's DNS server?
Ans: As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.
70)How to reinstall the dynamic DNS in a Windows 2000 Active Directory?
Ans:Under the following situations you may want to reinstall the DDNS in a Windows 2000 Active Directory:
Some weird DNS errors have occurred and clearing DNS information has been unsuccessful.
Services that depend upon DNS, such as, the File Replication service (FRS) and/or Active Directory are failing.
The secondary DNS server doesn't support dynamic updates.
To reinstall the dynamic DNS in a Windows 2000 Active Directory,
1. Clear the DNS information.
2. Clear the Caching Reslover.
3. Point all DNS servers to the first DNS server under TCP/IP properties.
4. Re-add the zones and configure them to be Active Directory integrated.
5. Register your A resource record for DNS as well as your start of authority (SOA).
71)How to repair the DNS record registration
Ans:To repair the Active Directory DNS record registration:
Check for the existence of a Root Zone entry. View the Forward Lookup zones in the DNS Management console. There should be an entry for the domain. Other zone entries may exist. There should not be a dot (".") zone. If the dot (".") zone exists, delete the dot (".") zone. The dot (".") zone identifies the DNS server as a root server. Typically, an Active Directory domain that needs external (Internet) access should not be configured as a root DNS server.
The server probably needs to reregister its IP configuration (by using Ipconfig) after you delete the dot ("."). The Netlogon service may also need to be restarted. Further details about this step are listed later in this article.
Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.
To install the Windows 2000 Support tools:
Insert the Windows 2000 CD-ROM.
Browse to Support\Tools.
Run Setup.exe in this folder.
Select a typical installation. The default installation path is Systemdrive:\Program Files\Support Tools.
After you run the Netdiag utility, refresh the view in the DNS Management console. The Active Directory DNS records should then be listed.
NOTE: The server may need to reregister its IP configuration (by using Ipconfig) after you run Netdiag. The Netlogon service may also need to be restarted.
If the Active Directory DNS records do not appear, you may need to manually re-create the DNS zone.
After you run the Netdiag utility, refresh the view in the DNS Management console. The Active Directory DNS records should then be listed. Manually re-create the DNS zone:
Still need help, contact consultant Your feedback and contributions to this web site
72)How to configure DNS Forwarders
Ans:To ensure network functionality outside of the Active Directory domain (such as browser requests for Internet addresses), configure the DNS server to forward DNS requests to the appropriate Internet service provider (ISP) or corporate DNS servers. To configure forwarders on the DNS server:
Start the DNS Management console.
Right-click the name of the server, and then click Properties.
Click the Forwarders tab.
Click to select the Enable Forwarders check box.
NOTE: If the Enable Forwarders check box is unavailable, the DNS server is attempting to host a root zone (usually identified by a zone named only with a period, or dot ("."). You must delete this zone to enable the DNS server to forward DNS requests. In a configuration in which the DNS server does not rely on an ISP DNS server or a corporate DNS server, you can use a root zone entry.
Type the appropriate IP addresses for the DNS servers that will accept forwarded requests from this DNS server. The list reads from the top down in order; if there is a preferred DNS server, place it at the top of the list.
Click OK to accept the changes.
73)DC's FQDN Does Not Match Domain Name?
Ans: Symptoms: After you promote or install a domain controller, the DNS suffix of your computer name may not match the domain name. Or the FQDN does not match the domain name because a NT 4.0 upgrade automatically clears the Change primary DNS suffix when domain membership changes check box. It is not possible to rename the computer on the Network Identification tab. Also, you may receive NETLOGON events in the System Log with ID:5781 or other error messages that indicate a failure to dynamically register DNS records.
Resolutions: 1. After you upgrade to Microsoft Windows 2000, but before you run dcpromo and obtain the Active Directory Installation Wizard, add the following values to the following registry key:
Value name: SyncDomainWithMembership
Value type: REG_DWORD
Value: 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
2. If you have already promoted to a domain controller, use the Active Directory Installation Wizard to demote to a member server. Click to select the Change primary DNS suffix when domain membership changes check box, and then run dcpromo to promote back to a domain controller.
3. Modify HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ and changed domain=mydomain.com, NV Domain=mydomain.com, SyncDomainWithMembership= 1 (here mydomain.com is yhe donaim name).
74)Primary or Active Directory Integrated DNS
Ans:With Active Directory Integrated DNS, this permits all servers to accept updates. Instead of adding standard secondary DNS servers, you can convert the server from a primary DNS server to an Active Directory Integrated Primary server and configure another domain controller to be a DNS server. With Active Directory Integrated DNS servers, all the servers are primary servers, so when a zone change is made at one server, it is replicated to the others, eliminating the need for a zone transfer.
75)2nd DNS Issues
1. When setup 2nd DNS, make sure you type correct Master DNS Server IP address.
2. Make sure primary DNS and 2nd DNS servers can ping each other and not firewall block them.
3. Make sure primary DNS and 2nd DNS servers point to each other as primary and themselves as secondary.
76)Some A Records don't appear in DNS
Cause: 1. incorrect TCP/IP settings.
2. Register this connection's address in DNS is unchecked.
77)The DSA operation is unable to proceed because of a DNS lookup failure.
Symptoms: 1. When trying to DCPROMO, ,you receive: "The operation failed because: The directory service failed to replicate off changes made locally. The DSA operation is unable to proceed because of a DNS lookup failure."
2. The Event Viewer may list Event ID: 1265 - The DSA operation is unable to proceed because of a DNS lookup failure.
3. DCDiag test display this message: "The DSA operation is unable to proceed because of a DNS lookup failure".
Causes: 1. Incorrect TCP/IP configuration.
2. Incorrect DNS configuration
3. Bad information in DNS Manager.
78)“The procedure entry point DsIsManagedDnW could be located in the dynamic link library NTDSAPI.dll”
Ans: Symptom: when trying to run DCDiag and getting the following error, "the procedure entry point DsIsManagedDnW could be located in the dynamic link library NTDSAPI.dll".
Resolutions: 1. Remove the dcdiag.exe from Controller Panel and install it from w2k/xp DC.
2. The "entry point not found" is typical of a service pack mismatch and the dcdiag.exe is out of sync with the service pack level of your system. To fix, go to the service pack x folder, and find "adminpack.msi" Right click it and select install.
79)Troubleshooting the Domain Locator Process
1) Check Event Viewer on both the client and the DNS server for any errors.
Verify that the IP configuration is correct for your network by using ipconfig /all.
Ping both the DNS IP address and the DNS server name to verify network connectivity and name resolution. .
Use nslookup servername.domain.com command to verify that DNS entries are correctly registered in DNS.
If nslookup command does not succeed, use one of the following methods to reregister records with DNS: a) force host record registration by using ipconfig /register dns; b) force domain controller service registration by stopping/restarting the Netlogon service.
If you still have the same issue, use Network Monitor to monitor network traffic between the client and the domain controller.
80)Which DNS does a VPN client use
1. Assuming both LAN connection and VPN connection have the different DNS because they are assigned by different DHCPs, the active DNS goes with the default gateway.
2. You can pick up which DNS you want to use manually.
81)Which ports are used for DNS
Ans:UDP and TCP port 53. However, the internal DNS clients may not hear answers even though the query has been sent out on 53,until you open the UDP port above 1023.
82)Why I can't perform external name resolution to the root hint servers on the Internet?
A: make sure "." zone does not exist under forward lookup zones in DNS. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.
83) Why do I have to point my domain controller to itself for DNS?
A: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the ISP's DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. The preferred DNS setting for the domain controller is itself; no other DNS servers should be listed. The only exception to this rule is with additional domain controllers. Additional domain controllers in the domain must point to the first domain controller (which runs DNS) that was installed in the domain and then to themselves as secondary.
84): Everyone can access our web site on the Internet. But no one can
access the web site internally. Instead, we are point to our Intranet.
A: If you network domain name is the same of your web site name, you should point the web to the web public IP. To do this, open DNS manager and create a host. for example www.chicagotech.net=public ip.
85) *** Can't find server name for address w.x.y.z: Timed out
Cause: the DNS server cannot be reached or the service is not running on that computer.
2. *** Can't find server name for address 127.0.0.1: Timed out
Cause: no servers have been defined in the DNS Service Search Order list
3. *** Can't find server name for address w.x.y.z: Non-existent domain
Cause: there is no PTR record for the name server's IP address.
4.*** ns.domain.com can't find child.domain.com.: Non-existent domain
5. *** Can't list domain child.domain.com.: Non-existent domain
Cause: No separate db file for the domain, thus querying that domain or running a zone transfer on it will produce the above errors.
86)What does netdiag /fix do
A:Netdiag /fix switch is very useful tool to correct issues with DNS and domain controller tests. 1. DNS Test: If the computer is a domain controller, Netdiag verifies all the DNS entries in the Netlogon.dns file to determine if they are correct and updates the appropriate entries if there is a problem. 2. Domain Controller Test: If the domain GUID cached in a local computer on your primary domain is different than the domain GUID saved in a domain controller, Netdiag tries to update the domain GUID on the local computer.
1, Forest Roles 2, Domain Roles
I. Forest Roles:
a. Domain Naming operation Master (DNOM)
It will maintain a unique domain name
Start – programs – admin tools – ads domain & trusts – open ads domain &trusts – set operation master it displays the domain naming operation master.
b. Global catalog master (GCS)
Total information about the domain and partial information of replications.
Start – programs – admin tools –ads sites &services – open services
Open default first site name – open computer name – r+click on ntds settings – go to properties – displays the gcs with checkbox.
c. Schema master
System is having own attributes to enable and disable all this done will be in the schema master.
Start- run – type ‘regsvr32 schemmgnt.dll” display the schema registry information click – ok. After that go to start – run – mmc – click on the add button &select schema , click adding close the folder – ok. It displays the close attributes.
II. Domain Roles
Rid master
Start – programs – admin tools –ads users & computers – open ads users &computers – r+click the domain name & select operation master.
Pdc master
Start – programs – admin tools –ads users & computers – open ads users &computers – r+click the domain name & select operation master.
Infrastructure master
ADS Backup:
Start- programs- accessories – system tools - backup
Backup files are: 1, Ads 2, sys vol 3, boot files (boot.ini) 4. com+reg 5. Registry
Minimum Requirement of ADS:
1, static ip 2, 256 Ram 3, stand alone pc 4, 2003 serve cd
ADS work with LDAP protocols (389)
C:\windows\sysvol:- servers copy of the domains public files
C:\windows\ntds:- ADS database and log files.
ADS versions’: 2000 serve 1.0 2003 server 1.1
In ADS when ever u r creating a user account it will create a unique identifier (sid) this is called security identifier
ADS are having 2 elements:
Logical elements
Domain, Trees, Forest, organization units
Physical elements
Sites and services, domain controller
Classes and Types in win 2003 server
1, standard class 2, Abstract class 3, Auxiliary class 4, 88 class
Crating Application Data part ion:
Run – cmd – ntdsutil - domain management – connection – connect sever
Create NC application directory portions
Delete NC application directory portions
Role Transferring:
Start – programs – Admin tools – ads users & computers – India.com – r+click operation master – rid+pdc, infrastructure.
ADS Database:
NTDS.Dit – 16 mb each user 1 kb max 16 million users
(New technology directory service. Directory information tree
SAM – 40 mb
Group:
A group consist of users accounts, computer & groups it self.
1, domain local group 2, global group 3, universal group
Group policy stored at system root/ sys32.G.P
Domain controller: it contain rewritable copy of the ADS database
Name Space: A collection of resources using common name is called name space
ex: India.com
DNS (DOMAIN NAMING SERVICE - {53} Roles :
Disable Resurrection
Bind secondarys
Fail load if bad zones data
Enable round robin
Enable net mask ordering
Secure cache against pollution
DNS queries:
1, Recursive query - DNS to client
2, Interactive query - DNS to DNS
DNS Zones :
Forward lookup Zone – it resolves ip address to host name
Reverse lookup Zone - it resolves host name to ipaddress
1, Primary Zone 2, Secondary one 3, Stub zone
DNS Managing or trouble shoot:
1, ns lookup
2, ip config/ all
3, Ipconfig/flush dns
4, ipconfig/Display dns
5, ipconfig/event viewer
OSI Layers: {APSTNDP}
1, Application Layer
2, Presentation Layer
3, session Layer
4, Transport Layer
5, Network Layer – Router (Layer 3)
6, Data link Layer – Switch (Layer 2)
7, Physical Layer - Hub (Layer 1 )
TCP/IP Layers { ATIDP} A protocol is a set of rules that governs data communication
1, Application layer
2, Transport Layer
3, Internet Layer
4, Data-link layer
TCP/IP Responsibilities:
Opening and closing sessions
Packet management
Flow control
Error detection and handling
IP Range:
Class A – 0- 127
Class B – 128-191
Class C – 192- 224
Class D – 225-249 – Research and development
Class E – 250-255 - Research and development
System Boot Files:
NTLDR – system procedure
BOOT.ini - Boot configuration
NTDETECT .com – gathering hardware
NTBOOTDD.sys – system devices
NTUSER – user profile
IO.sys
Config.sys
DHCP (Dynamic Host Control Protocol) Backend process {DORA}
D- Discover
O-offer
R- Request
A- Acknowledgement
Backup Types:
1, Normal
2, Incremental
3, Deferential
4, copy
5, Daily
PORT Numbers:
IP – 0 DNS –53 ICP - 1494
DHCP – 67 ICMP – 1
TCP – 6 HTTP – 80
IGRP – 9 EIGRP – 88
UDP - 17 OSPF - 89
FTP – 21 POP3 – 110
TELNET - 23 RPC – 111
SMTP – 25 L2TP - 115
RDP – 27 NNTP - 119
IPV6 - 41 LDAP –389
Private ip - for organization use
Public ip – we have to buy from isp’s
What is the NAT (Network Address Transfer?)
Net is used for difference n/w such as public network to private network, private network to public network.
To binding the ip address private to public ip
Ras: Remote administration server
It provides communication between client and server through telephone line across the world
PPTP – It supports homo genius O.S
L2TP – It supports hetro genius O.S
Private and Public Ip address?
Private ip is come in the form of classes non-routable ip address, these type of address are using with in the organization.
Private ip ‘s used on the internal network
External ip address obtained from an isp, that will allow traffic out to the internet
DNS QUESTIONS
1)List the types of DNS servers?
Ans: Standard primary, standard secondary, active directory integrated zone, root server, caching only, and forwarders, master.
2)what is ttl?
Ans: time to live
3)What is PTR?
Ans: Used to map IP address to their host names. These records only used in reverse lookup zone.
4)what is the primary purpose of DNS?
Ans: For host resolution.
5) what is start of authority?
Ans: It contains serial no. , this indicates the modification done to the zone.
6)what is Dynamic DNS?
Ans: Dynamically update the service records
7)what is the maximum character size of DNS?
Ans:63
9)what is zone or zone file?
Ans: A zone is a Database for either a DNS domain or for a DNS domain and one or more of it’s Sub domains. This storage database is special text file called zone or zone file.
11)why multiple DNS services are created for the same zone?
Ans: load balancing, fault tolerance.
12)what is caching only server?
Ans: Caching only servers does not stores only zones.it resolves host names
To IP address for client computers and stores the resulting mapping information in it’s cache. this DNS server provides the cached information to the client computer with contacting other DNS servers to resolve the query.
It is the temporary storage of zone information.
13)what is zone transfer?
Ans: The process of copying zone to a standard DNS server is called zone transfer.
14)what is master DNS server?
Ans: As the DNS contains the master copy of the zone information is called Master DNS.
15)what is forwarders?
Ans: The queries of one server will be forwarded to other DNS act as forwarder by internal name resolution.
17)which protocol is supported by DNS server?
Ans: Dynamic Updated protocol.
18)what are four service records?
Ans: _msdcs,_sites,_tcp,_udp
19) what are six service records in win 2003?
Ans: -msdcs: (Microsoft Domain controller service)
It contains the information which domain controller is hosting the zone.
Site: In which site the zone has been configured.
Tcp& Udp: These are two protocols that are responsible for communicating with active directory.
Domain DNS Zones & Forest DNS Zones:
In which domain & Forest, DNS has be configured the information.
19)what is Resource record?
Ans: The entries are in zone is called Resource record. The entry may be host name IP address mapping entry.
20)what is the primary thing you have to do on a DNS server before it starts resolution of host name?
21)when will you configure root DNS server?
Ans: : A root server should be used only when a network is not connected to the internet or when a network is connected to the internet or when a network is connected to the internet by using a proxy server
22)what is forward lookup zone?
Ans:Resolves hostnames to ip address.
23)what is reverse look up zone?
Ans: Resolves ip address to hostnames.
24)what is standard primary zone?
Ans: Standard primary DNS server stores DNS entries(IP address to host mapping and other DNS resource records ) in zone file that is maintained on the server. The primary server maintains the master copy of zone file. When changes need to be the zone they should be made only standard primary server.
25)what is standard secondary zone?
Ans: Standard secondary DNS server stores copies of zones from the standard primary.
26) what is root server?
Ans:Root server contains a copy of a zone for the root domain – either the root domain for the internet, or the root domain for a company private, internal network. the purpose of the root server is to enable other DNS servers on a network to access the second level domains on the internet.
Note: A root server should be used only when a network is not connected to the internet or when a network is connected to the internet or when a network is connected to the internet by using a proxy server
27)what is round robin?
Ans: Round robin is used when multiple servers (such as web servers) have identical configurations and identical host names ,but different IP addresses.
28) can you configure root server to use a forwarder?
Ans: NO.
29)what are Root hints?
Ans:Root hints are server names and ip address combination that point to the root servers located either on the internet or on your organization private network.
Root hint tab contains list of DNS Servers can contract to resolve client DNS queries.
Maintains all the information of 13 root servers.
32)what is Active Directory integrated zone?
Ans: Active directory integrated DNS server just like standard primary except DNS entries stored in active directory data store rather than in a zone file. Active directory supports multi master replication when changes need to be made to the zone. They can be on any active directory –integrated DNS server that containg the zone.
33)what is simple query?
Ans: A simple query is a query that DNS server can resolve without contacting any other DNS servers.
34) what is recursive query?
Ans: a recursive is a query that can’t resolve it self it must be contract one or more additional DNS servers to resolve the query.
35) what is scavenging?
Ans: Scavenging is the process of searching for and Deletes stele resource records in a zone
PTR: Pointer resource record
SRV: Service locator resource record
36)What is SRV?
Ans: Used to map specific service (tcp/ip) to list of servers that provide that service.
37) What is CNAME?
Ans: Alias resource record .used to map an additional host name to the actual name of the host.
38) What is stub zone in 2003?
Ans: stub zone contains the information of Name Server & start of authority. It gives the information in which system, in which server, in which domain DNS has been configured
The properties of DNS in Advanced Tab
(Disable Recursion or disable forwarder)
By default this option is unchecked telling that recursive property
is present.
BIND Secondaries:
The zone transfers between the primary & secondary (replication between primary and secondary) BIND is responsible.
Fail on load if bad zone data:
This option is unchecked telling that even if the zone contains some errors it will be loaded if it is checked the zone will not be loaded.
Enable Round Robin:
If the same zone is present in the same subnet the query will be passed on round robin passion until it gets resolved.
Enable Net Mask ordering:
This option is utilized for DNS Server maintained on multihome pc ( A pc Having multiple nic cards ) and solving the queries of diff clients subnets
Secure cache against pollution :
It secures the cache information by not storing the information of unauthorized DNS servers.
DNS TROUBLESHOOTING
50)How to check AD DNS Registration
Ans:You should have four folders with the following names under DNS forward lookup zones are present when DNS is correctly registering the Active Directory DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp
51)A Records appear and disappear randomly
Cause: Your DNS zone is configured to query WINS.
52)Can't logon or join the domain
Ans:If DNS is not set up on the Domain controller correctly, domain-wide issues can occur such as replication between domain controllers. If DNS is not set up on the client correctly, the client may experience many networking and internet issues. Unable log on to the domain or join the domain from a workstation or server, and can't access the Internet indicate that you may have DNS settings issues.
53)Can't open an external website using the same network domain name?
Ans:Create a DNS record for pointing to the www with the public IP.
54)What are Common DNS settings mistakes
1.The domain controller is not pointing to itself for DNS resolution on all network interfaces. Especially, when you have multihomed server, the WAN connection may be assign 127.0.0.1 as DNS ip.
2. The "." zone exists under forward lookup zones in DNS.
3. The clients on LAN do not point the DNS to internal DNS server.
55)Can't find server name for ....: No response from server - DNS Request Timed Out?
Ans: Symptom: When running nslookup, you may receive this message: Can't find server name for ....: No response from server
Cause: the DNS server's reverse lookup zones do not contain a PTR record for the DNS server's IP address. Refer to case 0204BL
56)Can't Find Server Name for Address 127.0.0.1 when running nslookup?
Ans:Cause: You don't have a DNS server specified in your TCP/IP Properties. If you have no DNS server configured on your client, Nslookup will. default to the local loopback address.
57)DNS issue with IP Filtering
Ans:Symptoms: you have a windows 2000 server running IIS for public access with 10 public IPs. The router is broken. We would like to enable IP filtering to block all ports except the port 80 for the web, 25 and 110 for the mail. After enabling IP Filtering, the server can't access any web sites, can't ping yahoo.com and nslookup gets time out.
Cause: IP Filtering block the ports fro DNS.
58)"DNS name does not exist."?
Ans:Cause: 1. Incorrect DNS.
2. The netlogon service tries to register the RR before the DNS service is up.
59)DNS on multi homed server?
Ans:It is not recommended to install DNS on a multihomed server. If you do, you should restrict the DNS server to listen only on a selected address.
60)DNS request time out - ip name lookup failed?
Ans:When troubleshooting Outlook 550 5.7.1 relaying denied - ip name lookup failed by using nslookup to resolve host name,
61)you may receive "DNS request time out...*** Request to mail.chicagotech.net time-out.?
Ans:Possible causes: 1. Incorrect DNS settings.
2. Incorrect TCP/IP settings on the DC.
3. Missing PRT on Reverse Lookup Zones.
62)DNS server can't access the Internet?
Ans:Symptoms: You have a domain controller with DNS. The server can ping router and any public IPs. However, the server can't open any web sites.
Resolution: Check the server DNS settings, especially make sure the server points to the internal DNS instead of the ISP DNS or 127.0.0.1.
63)How to register the DNS RR?
Ans:1. Go to DNS Manager to add it manually.
2. Use netlogon, ipconfig and nbtstat command.
64)How to troubleshoot DNS problems?
Ans:To correct DNS settings and troubleshoot DNS problems, you can 1) run nslookup from a command line is the default dns server the one you expect.
2) use ipconfig /all on client to make sure the client point to correct DNS server and the the DC server points to only itself for DNS by its actual tcp/ip address, and make sure no any ISP DNS listed in tcp/ip properties of any W2K/XP.
3) When the machine loads it should register itself with the DNS. If not, use ipconfig /regiesterdns command.
4) Check Event Viewer to see whether the event logs contain any error information. On both the client and the server, check the System log for failures during the logon process. Also, check the Directory Service logs on the server and the DNS logs on the DNS server.
5) Use the nltest /dsgetdc: domainname command to verify that a domain controller can be located for a specific domain. The NLTest tool is installed with the Windows XP support tools.
6) If you suspect that a particular domain controller has problems, turn on the Netlogon debug logging. Use the NLTest utility by typing nltest /dbflag:0x2000ffff at a command prompt. The information is logged in the Debug folder in the Netlogon.log file.
7) Use DC Diagnosis tool, dcdiag /v to diagnose any errors. If you still have not isolated the problem, use Network Monitor to monitor network traffic between the client and the domain controller.
65)How can I verify a computer DNS entries are correctly registered in DNS?
A: You can use the NSLookup tool to verify that DNS entries are correctly registered in DNS. For example, to verify record registration, use the following commands: nslookup computername.domain.com.
66)How to add DNS and WINS into your Cisco VPN server?
Ans:If your VPN client cannot find servers or cannot ping computer name, you may need to add DNS and WINS into your VPN server. For example, to add DNS and WINS on a Cisco Firewall PIX, add vpdn group 1 client configuration DNS server name and vpdn group 1 client configuration wins wins server name..
67)How to clear bad information in Active Directory-integrated DNS
Ans:You may need to clear bad information in Active Directory-integrated if DNS is damaged or if the DNS contains incorrect registration information. To do that, 1) Change the DNS settings to Standard Primary Zone.
2) Delete the DNS zones.
3) Use ipconfig /flushdns command.
4) Recreate the DNS zones.
5) Restart Net Logon service
6)Use ipconfig /registerdns
68)How to ensure that DNS is registering the Active Directory DNS records?
Ans:To ensure that DNS is registering the Active Directory DNS records, to go DNS Management console>Server name>Forward Lookup Zones>Properties, make sure Allow Dynamic Updates is set to Yes and _msdcs, _sites, _tcp and _udp are correctly registering the Active Directory DNS records. If these folders do not exist, DNS is not registering the Active Directory DNS records. These records are critical to Active Directory functionality and must appear within the DNS zone. You should repair the Active Directory DNS record registration.
69): How does the internal DNS resolve names Internet without the ISP's DNS server?
Ans: As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.
70)How to reinstall the dynamic DNS in a Windows 2000 Active Directory?
Ans:Under the following situations you may want to reinstall the DDNS in a Windows 2000 Active Directory:
Some weird DNS errors have occurred and clearing DNS information has been unsuccessful.
Services that depend upon DNS, such as, the File Replication service (FRS) and/or Active Directory are failing.
The secondary DNS server doesn't support dynamic updates.
To reinstall the dynamic DNS in a Windows 2000 Active Directory,
1. Clear the DNS information.
2. Clear the Caching Reslover.
3. Point all DNS servers to the first DNS server under TCP/IP properties.
4. Re-add the zones and configure them to be Active Directory integrated.
5. Register your A resource record for DNS as well as your start of authority (SOA).
71)How to repair the DNS record registration
Ans:To repair the Active Directory DNS record registration:
Check for the existence of a Root Zone entry. View the Forward Lookup zones in the DNS Management console. There should be an entry for the domain. Other zone entries may exist. There should not be a dot (".") zone. If the dot (".") zone exists, delete the dot (".") zone. The dot (".") zone identifies the DNS server as a root server. Typically, an Active Directory domain that needs external (Internet) access should not be configured as a root DNS server.
The server probably needs to reregister its IP configuration (by using Ipconfig) after you delete the dot ("."). The Netlogon service may also need to be restarted. Further details about this step are listed later in this article.
Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.
To install the Windows 2000 Support tools:
Insert the Windows 2000 CD-ROM.
Browse to Support\Tools.
Run Setup.exe in this folder.
Select a typical installation. The default installation path is Systemdrive:\Program Files\Support Tools.
After you run the Netdiag utility, refresh the view in the DNS Management console. The Active Directory DNS records should then be listed.
NOTE: The server may need to reregister its IP configuration (by using Ipconfig) after you run Netdiag. The Netlogon service may also need to be restarted.
If the Active Directory DNS records do not appear, you may need to manually re-create the DNS zone.
After you run the Netdiag utility, refresh the view in the DNS Management console. The Active Directory DNS records should then be listed. Manually re-create the DNS zone:
Still need help, contact consultant Your feedback and contributions to this web site
72)How to configure DNS Forwarders
Ans:To ensure network functionality outside of the Active Directory domain (such as browser requests for Internet addresses), configure the DNS server to forward DNS requests to the appropriate Internet service provider (ISP) or corporate DNS servers. To configure forwarders on the DNS server:
Start the DNS Management console.
Right-click the name of the server, and then click Properties.
Click the Forwarders tab.
Click to select the Enable Forwarders check box.
NOTE: If the Enable Forwarders check box is unavailable, the DNS server is attempting to host a root zone (usually identified by a zone named only with a period, or dot ("."). You must delete this zone to enable the DNS server to forward DNS requests. In a configuration in which the DNS server does not rely on an ISP DNS server or a corporate DNS server, you can use a root zone entry.
Type the appropriate IP addresses for the DNS servers that will accept forwarded requests from this DNS server. The list reads from the top down in order; if there is a preferred DNS server, place it at the top of the list.
Click OK to accept the changes.
73)DC's FQDN Does Not Match Domain Name?
Ans: Symptoms: After you promote or install a domain controller, the DNS suffix of your computer name may not match the domain name. Or the FQDN does not match the domain name because a NT 4.0 upgrade automatically clears the Change primary DNS suffix when domain membership changes check box. It is not possible to rename the computer on the Network Identification tab. Also, you may receive NETLOGON events in the System Log with ID:5781 or other error messages that indicate a failure to dynamically register DNS records.
Resolutions: 1. After you upgrade to Microsoft Windows 2000, but before you run dcpromo and obtain the Active Directory Installation Wizard, add the following values to the following registry key:
Value name: SyncDomainWithMembership
Value type: REG_DWORD
Value: 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
2. If you have already promoted to a domain controller, use the Active Directory Installation Wizard to demote to a member server. Click to select the Change primary DNS suffix when domain membership changes check box, and then run dcpromo to promote back to a domain controller.
3. Modify HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ and changed domain=mydomain.com, NV Domain=mydomain.com, SyncDomainWithMembership= 1 (here mydomain.com is yhe donaim name).
74)Primary or Active Directory Integrated DNS
Ans:With Active Directory Integrated DNS, this permits all servers to accept updates. Instead of adding standard secondary DNS servers, you can convert the server from a primary DNS server to an Active Directory Integrated Primary server and configure another domain controller to be a DNS server. With Active Directory Integrated DNS servers, all the servers are primary servers, so when a zone change is made at one server, it is replicated to the others, eliminating the need for a zone transfer.
75)2nd DNS Issues
1. When setup 2nd DNS, make sure you type correct Master DNS Server IP address.
2. Make sure primary DNS and 2nd DNS servers can ping each other and not firewall block them.
3. Make sure primary DNS and 2nd DNS servers point to each other as primary and themselves as secondary.
76)Some A Records don't appear in DNS
Cause: 1. incorrect TCP/IP settings.
2. Register this connection's address in DNS is unchecked.
77)The DSA operation is unable to proceed because of a DNS lookup failure.
Symptoms: 1. When trying to DCPROMO, ,you receive: "The operation failed because: The directory service failed to replicate off changes made locally. The DSA operation is unable to proceed because of a DNS lookup failure."
2. The Event Viewer may list Event ID: 1265 - The DSA operation is unable to proceed because of a DNS lookup failure.
3. DCDiag test display this message: "The DSA operation is unable to proceed because of a DNS lookup failure".
Causes: 1. Incorrect TCP/IP configuration.
2. Incorrect DNS configuration
3. Bad information in DNS Manager.
78)“The procedure entry point DsIsManagedDnW could be located in the dynamic link library NTDSAPI.dll”
Ans: Symptom: when trying to run DCDiag and getting the following error, "the procedure entry point DsIsManagedDnW could be located in the dynamic link library NTDSAPI.dll".
Resolutions: 1. Remove the dcdiag.exe from Controller Panel and install it from w2k/xp DC.
2. The "entry point not found" is typical of a service pack mismatch and the dcdiag.exe is out of sync with the service pack level of your system. To fix, go to the service pack x folder, and find "adminpack.msi" Right click it and select install.
79)Troubleshooting the Domain Locator Process
1) Check Event Viewer on both the client and the DNS server for any errors.
Verify that the IP configuration is correct for your network by using ipconfig /all.
Ping both the DNS IP address and the DNS server name to verify network connectivity and name resolution. .
Use nslookup servername.domain.com command to verify that DNS entries are correctly registered in DNS.
If nslookup command does not succeed, use one of the following methods to reregister records with DNS: a) force host record registration by using ipconfig /register dns; b) force domain controller service registration by stopping/restarting the Netlogon service.
If you still have the same issue, use Network Monitor to monitor network traffic between the client and the domain controller.
80)Which DNS does a VPN client use
1. Assuming both LAN connection and VPN connection have the different DNS because they are assigned by different DHCPs, the active DNS goes with the default gateway.
2. You can pick up which DNS you want to use manually.
81)Which ports are used for DNS
Ans:UDP and TCP port 53. However, the internal DNS clients may not hear answers even though the query has been sent out on 53,until you open the UDP port above 1023.
82)Why I can't perform external name resolution to the root hint servers on the Internet?
A: make sure "." zone does not exist under forward lookup zones in DNS. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.
83) Why do I have to point my domain controller to itself for DNS?
A: The Netlogon service on the domain controller registers a number of records in DNS that enable other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the ISP's DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. The preferred DNS setting for the domain controller is itself; no other DNS servers should be listed. The only exception to this rule is with additional domain controllers. Additional domain controllers in the domain must point to the first domain controller (which runs DNS) that was installed in the domain and then to themselves as secondary.
84): Everyone can access our web site on the Internet. But no one can
access the web site internally. Instead, we are point to our Intranet.
A: If you network domain name is the same of your web site name, you should point the web to the web public IP. To do this, open DNS manager and create a host. for example www.chicagotech.net=public ip.
85) *** Can't find server name for address w.x.y.z: Timed out
Cause: the DNS server cannot be reached or the service is not running on that computer.
2. *** Can't find server name for address 127.0.0.1: Timed out
Cause: no servers have been defined in the DNS Service Search Order list
3. *** Can't find server name for address w.x.y.z: Non-existent domain
Cause: there is no PTR record for the name server's IP address.
4.*** ns.domain.com can't find child.domain.com.: Non-existent domain
5. *** Can't list domain child.domain.com.: Non-existent domain
Cause: No separate db file for the domain, thus querying that domain or running a zone transfer on it will produce the above errors.
86)What does netdiag /fix do
A:Netdiag /fix switch is very useful tool to correct issues with DNS and domain controller tests. 1. DNS Test: If the computer is a domain controller, Netdiag verifies all the DNS entries in the Netlogon.dns file to determine if they are correct and updates the appropriate entries if there is a problem. 2. Domain Controller Test: If the domain GUID cached in a local computer on your primary domain is different than the domain GUID saved in a domain controller, Netdiag tries to update the domain GUID on the local computer.
ACTIVE DIRECTORY
1
1) What is Active directory?
ans:active directory is a centralized hierarchical directory database and it’s a directory servive which contains information of all user accounts and shared resources on a network.
2) What is a tree?
Ans: a tree is a collection of domains that share a single dns name space and are connected by transitive trust relationship.
3) What is forest?
Ans:A forest is collection of one or more domains that share a common schema and global catalog.
4) What is organizational unit? And it’s purpose?
Ans:OU are additional container objects that can store users, computers,groups&other OU’s.
Purpose:
1)To delegate administration
2)To manage the application of group policy.
5)what are sites?
Ans: a site is a physical component of active directory that is used to define and represent the topology of a network.
A site is collection of one or more well connected IP subnets.
Uses:
1)To control replication traffic
2)To make authentication faster and more efficient.
3)To locate the nearest server providing directory enabled services.
6)what is domain controllers?
Ans: domain controllers are the physical storage location for the active directory database.
7)what are physical components of a active directory?
Ans:Domain controllers, sites.
8)what are logical components of active directory?
Ans: Forests,trees,domains,OU’s
9)what is the command to make a server into domain controller in win 2000&2003?
Ans: DCPROMO.
10) What is the command to remove the domain controller functionality?
Ans: DCPROMO /FORCEREMOVAL.
11) what is the location & file system type where the active directory
Information is installed?
Ans: On NTFS partition, c:\windows\ntds.dit&c:\windows\sysvolv.
12)for the replication between dc&adc some file are used, what is the location of that directory?
Ans:c:\windows\sysvolv.
13)which version of active directory in win2000&win2003?
Ans: Win2000 : 1.0
Win2003 : 1.1.
14)what is the command used to install active directory on remote servers?
Ans: dcpromo /answer: answerfile
(answer file is a text file created from the /support/tool folder by using deploy.cab file)
15)what is the type of backup is used to take the active directory?
Ans: system state data backup.
16)which protocol plays the security role for the authentication in 2000&2003?
Ans: KEREBROS
17)What is version of kerebros in 2003 o/s?
Ans: KEREBROS v 5.5
18)what is the protocol used by the active directory to perform it’s function?
Ans:LDAP : Light weight directory access protocol base on tcp/ip.
19)How many services are installed ,when you install active directory and what are they?
Ans: Total five services
1)Active directory domains &t rusts
2)Active directory sites and services
3)Active directory users and groups
4)Domain controller security policy.
5)Domain security policy.
20)what is the command which display the dc. Adc, member server?
Ans: Net accounts.
21)what is command to know the SID,RID,DID of a user?
Ans: who am I /user(SID: security identifier
21)can you create a new domain tree in existing forest in win2000?
Ans:No, in win 2003 only we can create.
22)In what replication process goes in win2000 and win2003?
Ans: two way replication process.(ADC::read &write copy)
22) How can you authenticate between forests?
A: Windows 2000 always uses NTLM for authentication between forests; 2003 will use kerebros if and only if dns is used while setting up the domains. If the netbios name is uses; NTLM is used for 2003.
23) What types of classes exist in Windows Server 2003 Active Directory?
A: Structural class. The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.
Abstract class. Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.
Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.
88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments
25) When should you create a forest?
A: Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.
26) what type domain names are used in win 2003& win2000?
Ans:Fully qualified domain names(Any name with extension)
27)what are the six underplaying major roles in active directory to be transferred to ADC from DC to make additional domain controller to act as a domain controller?
Ans:1)Domain naming master 6)Global catalog server.
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master
28)what are FSOM rules?
Ans: FSOM stands for flexible Single operation Master
:1)Domain naming master
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master
29) Define the six responsibilities of an active directory?
Ans:
Domain naming master: ensures the domain names to be unique.
Schema master: classes and attributes and architecture is maintained by the schema.
RID Master: ensures user accounts to be unique
PDC Emulator: Act as a emulator for user login, replication between DC and BDC’s.
Infrastructure Master: responsible for changes or modifications in group membership.
Allows to user to move from one group to other.
30) What snap-in administrative tools are available for Active Directory?
A: Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from admin pack)
31) How do you delete a lingering object?
A: Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.
32)what is Global catalog Server?
Ans: A Global catalog server is a searchable index which stores all the information about all objects in an active directory.
The main role of global catalog server is to help quickly find objects across domains ,supply information about universal group membership and authenticate user principal names(UPN) are supplied.
33)which type of zone is created when you install active directory?
Ans:active directory integrated zone with six service records are created with domain name when you install A.D on application directory partition.
34)where global catalog servers are configured?
Ans:Domain controller individually.
35)where universal group membership cache is configured?
Ans:At the site ,it applies to all domain controllers with in a specific site.
36)what command line utility is used on windows 2000 servers domain controllers before they upgrade to plan win2003 domain controllers?
Ans:
1) adprep /forestprep.
(This command must be issued on win 2000server holding schema master role in forest root domain to prepare existing schema to support win2003AD.)
2)adprep /domainprep
(infrastructure master to be deployed on win 2003 server
Note: adprep tool on win 2003 CD ROM i386 directory
37) what are the types of partitions a win2000 domain controller holds in a active directory?
Ans: Domain Partition: It contains all objects,objects associated with particular domain.
Schema master: It contains a copy of active directory schema for a given forest. this partition was replicated to all DC.
Configuration Master: which contains information about active directory sites& services.
Global catalog partition: :which contains a subset of the attributes of all objects in active directory forest.
38)what are the types of partitions that is supported by win 2003 server?
Ans: win 2003 server supports all four partitions, i.e supports win 2000 server.it also supports new partition.
Application directory partition: the main purpose of this partition is to store data (objects and attributes) related to active directory integrated application and services.
Note: it’s a partition that is replicated only to specific domain controller. it is used to store data relating to services such as DNS
Some benefits of using this partition
1)provides redundancy,availability,fault tolerance.
2) reduce replication traffic
3)allows applications or services thst use LDAP to store& access their data In A.D.
4)it holds any type of object except security principal such as users&computer&security groups.
39)How to check DC replication status,
Ans: Go to event logs for NTFRS (File Replication Service) It will tell you when the last synch was.
40)How to Enable or Disable a Global Catalog (GC)
Ans:Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.
WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.
41)How to install/remove AD/DC
Ans:To install/remove AD/DC, use Promote and Demote command.
42)How to repopulate AD DNS entries
Ans:Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.
This domain controller holds the last replica of the following application directory partitions
Symptoms: When you demote a DC by using the Active Dcpromo, you may receive the following error message: This domain controller holds the last replica of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com
Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.
43)What will happen when demoting a DC
Ans:When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.
1) What is Active directory?
ans:active directory is a centralized hierarchical directory database and it’s a directory servive which contains information of all user accounts and shared resources on a network.
2) What is a tree?
Ans: a tree is a collection of domains that share a single dns name space and are connected by transitive trust relationship.
3) What is forest?
Ans:A forest is collection of one or more domains that share a common schema and global catalog.
4) What is organizational unit? And it’s purpose?
Ans:OU are additional container objects that can store users, computers,groups&other OU’s.
Purpose:
1)To delegate administration
2)To manage the application of group policy.
5)what are sites?
Ans: a site is a physical component of active directory that is used to define and represent the topology of a network.
A site is collection of one or more well connected IP subnets.
Uses:
1)To control replication traffic
2)To make authentication faster and more efficient.
3)To locate the nearest server providing directory enabled services.
6)what is domain controllers?
Ans: domain controllers are the physical storage location for the active directory database.
7)what are physical components of a active directory?
Ans:Domain controllers, sites.
8)what are logical components of active directory?
Ans: Forests,trees,domains,OU’s
9)what is the command to make a server into domain controller in win 2000&2003?
Ans: DCPROMO.
10) What is the command to remove the domain controller functionality?
Ans: DCPROMO /FORCEREMOVAL.
11) what is the location & file system type where the active directory
Information is installed?
Ans: On NTFS partition, c:\windows\ntds.dit&c:\windows\sysvolv.
12)for the replication between dc&adc some file are used, what is the location of that directory?
Ans:c:\windows\sysvolv.
13)which version of active directory in win2000&win2003?
Ans: Win2000 : 1.0
Win2003 : 1.1.
14)what is the command used to install active directory on remote servers?
Ans: dcpromo /answer: answerfile
(answer file is a text file created from the /support/tool folder by using deploy.cab file)
15)what is the type of backup is used to take the active directory?
Ans: system state data backup.
16)which protocol plays the security role for the authentication in 2000&2003?
Ans: KEREBROS
17)What is version of kerebros in 2003 o/s?
Ans: KEREBROS v 5.5
18)what is the protocol used by the active directory to perform it’s function?
Ans:LDAP : Light weight directory access protocol base on tcp/ip.
19)How many services are installed ,when you install active directory and what are they?
Ans: Total five services
1)Active directory domains &t rusts
2)Active directory sites and services
3)Active directory users and groups
4)Domain controller security policy.
5)Domain security policy.
20)what is the command which display the dc. Adc, member server?
Ans: Net accounts.
21)what is command to know the SID,RID,DID of a user?
Ans: who am I /user(SID: security identifier
21)can you create a new domain tree in existing forest in win2000?
Ans:No, in win 2003 only we can create.
22)In what replication process goes in win2000 and win2003?
Ans: two way replication process.(ADC::read &write copy)
22) How can you authenticate between forests?
A: Windows 2000 always uses NTLM for authentication between forests; 2003 will use kerebros if and only if dns is used while setting up the domains. If the netbios name is uses; NTLM is used for 2003.
23) What types of classes exist in Windows Server 2003 Active Directory?
A: Structural class. The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.
Abstract class. Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.
Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.
88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments
25) When should you create a forest?
A: Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.
26) what type domain names are used in win 2003& win2000?
Ans:Fully qualified domain names(Any name with extension)
27)what are the six underplaying major roles in active directory to be transferred to ADC from DC to make additional domain controller to act as a domain controller?
Ans:1)Domain naming master 6)Global catalog server.
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master
28)what are FSOM rules?
Ans: FSOM stands for flexible Single operation Master
:1)Domain naming master
2)Schema master
3)PDC Emulator
4) RID master
5)Infrastructure master
29) Define the six responsibilities of an active directory?
Ans:
Domain naming master: ensures the domain names to be unique.
Schema master: classes and attributes and architecture is maintained by the schema.
RID Master: ensures user accounts to be unique
PDC Emulator: Act as a emulator for user login, replication between DC and BDC’s.
Infrastructure Master: responsible for changes or modifications in group membership.
Allows to user to move from one group to other.
30) What snap-in administrative tools are available for Active Directory?
A: Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from admin pack)
31) How do you delete a lingering object?
A: Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.
32)what is Global catalog Server?
Ans: A Global catalog server is a searchable index which stores all the information about all objects in an active directory.
The main role of global catalog server is to help quickly find objects across domains ,supply information about universal group membership and authenticate user principal names(UPN) are supplied.
33)which type of zone is created when you install active directory?
Ans:active directory integrated zone with six service records are created with domain name when you install A.D on application directory partition.
34)where global catalog servers are configured?
Ans:Domain controller individually.
35)where universal group membership cache is configured?
Ans:At the site ,it applies to all domain controllers with in a specific site.
36)what command line utility is used on windows 2000 servers domain controllers before they upgrade to plan win2003 domain controllers?
Ans:
1) adprep /forestprep.
(This command must be issued on win 2000server holding schema master role in forest root domain to prepare existing schema to support win2003AD.)
2)adprep /domainprep
(infrastructure master to be deployed on win 2003 server
Note: adprep tool on win 2003 CD ROM i386 directory
37) what are the types of partitions a win2000 domain controller holds in a active directory?
Ans: Domain Partition: It contains all objects,objects associated with particular domain.
Schema master: It contains a copy of active directory schema for a given forest. this partition was replicated to all DC.
Configuration Master: which contains information about active directory sites& services.
Global catalog partition: :which contains a subset of the attributes of all objects in active directory forest.
38)what are the types of partitions that is supported by win 2003 server?
Ans: win 2003 server supports all four partitions, i.e supports win 2000 server.it also supports new partition.
Application directory partition: the main purpose of this partition is to store data (objects and attributes) related to active directory integrated application and services.
Note: it’s a partition that is replicated only to specific domain controller. it is used to store data relating to services such as DNS
Some benefits of using this partition
1)provides redundancy,availability,fault tolerance.
2) reduce replication traffic
3)allows applications or services thst use LDAP to store& access their data In A.D.
4)it holds any type of object except security principal such as users&computer&security groups.
39)How to check DC replication status,
Ans: Go to event logs for NTFRS (File Replication Service) It will tell you when the last synch was.
40)How to Enable or Disable a Global Catalog (GC)
Ans:Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.
WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.
41)How to install/remove AD/DC
Ans:To install/remove AD/DC, use Promote and Demote command.
42)How to repopulate AD DNS entries
Ans:Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type netdiag /fix.
This domain controller holds the last replica of the following application directory partitions
Symptoms: When you demote a DC by using the Active Dcpromo, you may receive the following error message: This domain controller holds the last replica of the following application directory partitions:
DC=MSTAPI,DC=yourdomain,DC=com
Resolutions: Try NTDSUTIL, Tapicfg.exe and dcpromo /forceremoval. Refer to case 082604JH.
43)What will happen when demoting a DC
Ans:When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.
Subscribe to:
Comments (Atom)
 
 
