Explore topic-wise InterviewSolutions in .

Enterprise Admin GROUP :
Members of this group have complete control of all domains in the FOREST By default, this group belongs to the administrators group on all domain controllers in the forest As such this group has full control of the forest, ADD USERS with caution

Domain Admin Group :
Members of this group have complete control of the domain By default, this group is a member of the administrators group on all domain controllers, workstations and member servers at the time they are linked to the domain As such the group has full control in the domain, add users with caution

Enterprise Admin Group :
Members of this group have complete control of all domains in the forest By default, this group belongs to the administrators group on all domain controllers in the forest As such this group has full control of the forest, add users with caution

Domain Admin Group :
Members of this group have complete control of the domain By default, this group is a member of the administrators group on all domain controllers, workstations and member servers at the time they are linked to the domain As such the group has full control in the domain, add users with caution

The types of objects that can be created in the ACTIVE Directory, relationships between them, and the attributes on each type of OBJECT. This table is fairly STATIC and much smaller than the DATA table.

The types of objects that can be created in the Active Directory, relationships between them, and the attributes on each type of object. This table is fairly static and much smaller than the data table.

This is the AD DATABASE and stores all AD OBJECTS. DEFAULT location is SystemRoot%ntdsNTDS.DIT.
Active Directory's database ENGINE is the EXTENSIBLE Storage Engine which is based on the Jet database and can grow up to 16 TB.

This is the AD database and stores all AD objects. Default location is SystemRoot%ntdsNTDS.DIT.
Active Directory's database engine is the Extensible Storage Engine which is based on the Jet database and can grow up to 16 TB.

VERIFY SRV RESOURCE Records: After AD is installed, the DC will register SRV records in DNS when it restarts. We can CHECK this using DNS MMC or nslookup COMMAND.

Verify SRV Resource Records: After AD is installed, the DC will register SRV records in DNS when it restarts. We can check this using DNS MMC or nslookup command.

LDAP is the directory service protocol that is used to QUERY and update AD. LDAP naming PATHS are used to ACCESS AD objects and include the following:

• Distinguished names
• Relative Distinguished names

LDAP is the directory service protocol that is used to query and update AD. LDAP naming paths are used to access AD objects and include the following:

OBJECT information for a domain. Replicates to all DCS within a domain. The object portion BECOMES part of GC. The attribute VALUES only replicates within the domain.

Object information for a domain. Replicates to all DCs within a domain. The object portion becomes part of GC. The attribute values only replicates within the domain.

This is RESERVED TRANSACTION LOG files of 20 MB (10 MB each) which PROVIDES the transaction log files enough room to shutdown if the other spaces are being used.

This is reserved transaction log files of 20 MB (10 MB each) which provides the transaction log files enough room to shutdown if the other spaces are being used.

Garbage Collection is a PROCESS that is designed to free space WITHIN the Active DIRECTORY database. This process runs independently on every DC with a default LIFETIME interval of 12 HOURS.

Garbage Collection is a process that is designed to free space within the Active Directory database. This process runs independently on every DC with a default lifetime interval of 12 hours.

Online Defragmentation method that RUNS as part of the GARBAGE collection process. The only advantage to this method is that the SERVER does not need to be taken offline for it to RUN. However, this method does not shrink the Active Directory database file (Ntds.dit).

Online Defragmentation method that runs as part of the garbage collection process. The only advantage to this method is that the server does not need to be taken offline for it to run. However, this method does not shrink the Active Directory database file (Ntds.dit).

Definitional details about objects and ATTRIBUTES that one CAN store in the AD. Replicates to all DCS. Static in NATURE.

Definitional details about objects and attributes that one CAN store in the AD. Replicates to all DCs. Static in nature.

The KCC generates and MAINTAINS the REPLICATION topology for replication within sites and between sites. KCC runs EVERY 15 minutes.

The KCC generates and maintains the replication topology for replication within sites and between sites. KCC runs every 15 minutes.

ntdsutil - type roles - connections - CONNECT servername - q - type transfer ROLE - at the fsmo MAINTENANCE prompt - type trasfer rid master

ntdsutil - type roles - connections - connect servername - q - type transfer role - at the fsmo maintenance prompt - type trasfer rid master

ntdsutil - type roles - connections - CONNECT servername - Q - type seize role - at the fsmo maintenance prompt - type seize RID MASTER

ntdsutil - type roles - connections - connect servername - q - type seize role - at the fsmo maintenance prompt - type seize rid master

repadmin.exe /options * and USE IS_GC for CURRENT domain options.
nltest /dsgetdc:CORP /GC

repadmin.exe /options * and use IS_GC for current domain options.
nltest /dsgetdc:corp /GC

This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to EDBnnnn.log. Where nnnn is the INCREASING NUMBER STARTING from 1.

This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to EDBnnnn.log. Where nnnn is the increasing number starting from 1.

This is the checkpoint file used to track the data not yet WRITTEN to database file. This indicates the starting point from which data is to be recovered from the log file, in CASE of FAILURE.

This is the checkpoint file used to track the data not yet written to database file. This indicates the starting point from which data is to be recovered from the log file, in case of failure.

Active Directory Sites and SERVICES allow you to specify site information. Active Directory USES this information to determine how BEST to use available network RESOURCES.

Active Directory Sites and Services allow you to specify site information. Active Directory uses this information to determine how best to use available network resources.

When an OBJECT in one domain is REFERENCED by another object in another domain, it REPRESENTS the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished NAME in a cross-domain object reference.

When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference.

NETDOM QUERY fsmo OR Replmon.exe

Netdom query fsmo OR Replmon.exe

REPLMON is the FIRST tool you should use when troubleshooting Active DIRECTORY replication ISSUES

Replmon is the first tool you should use when troubleshooting Active Directory replication issues

Temporary loss of the schema operations master will be visible only if we are trying to modify the schema or install an APPLICATION that modifies the schema during installation. A DC WHOSE schema master ROLE has been seized must never be brought BACK ONLINE.

Temporary loss of the schema operations master will be visible only if we are trying to modify the schema or install an application that modifies the schema during installation. A DC whose schema master role has been seized must never be brought back online.

Kerberos V5 is the primary security protocol for authentication WITHIN a domain. The Kerberos V5 protocol verifies both the IDENTITY of the USER and network services. This DUAL verification is KNOWN as mutual authentication.

Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos V5 protocol verifies both the identity of the user and network services. This dual verification is known as mutual authentication.

ADSI EDIT is an LDAP editor for managing objects in Active Directory. This Active Directory tool lets you view objects and attributes that are not exposed in the Active Directory Management CONSOLE.

ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory tool lets you view objects and attributes that are not exposed in the Active Directory Management Console.

The Kerberos V5 authentication mechanism issues TICKETS (A set of identification DATA for a security principle, issued by a DC for purposes of user authentication. Two forms of tickets in Windows 2000 are ticket-granting tickets (TGTs) and service tickets) for accessing network services. These tickets contain encrypted data, including an encrypted PASSWORD, which confirms the user's IDENTITY to the REQUESTED service.

The Kerberos V5 authentication mechanism issues tickets (A set of identification data for a security principle, issued by a DC for purposes of user authentication. Two forms of tickets in Windows 2000 are ticket-granting tickets (TGTs) and service tickets) for accessing network services. These tickets contain encrypted data, including an encrypted password, which confirms the user's identity to the requested service.

NETDOM is a command-line TOOL that ALLOWS management of Windows domains and TRUST RELATIONSHIPS

NETDOM is a command-line tool that allows management of Windows domains and trust relationships

An object's attribute is SET CONCURRENTLY to one value at one master, and another value at a SECOND master.

An object's attribute is set concurrently to one value at one master, and another value at a second master.

It’s group policy inheritance model, where the policies are applied to Local MACHINES, SITES, DOMAINS and ORGANIZATIONAL UNITS

It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units

This setting designates the Windows 2000 DNS server to be a ROOT HINT server and is usually deleted. If you do not delete this setting, you may not be able to perform EXTERNAL NAME resolution to the root hint SERVERS on the Internet.

This setting designates the Windows 2000 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

Domain local groups assign ACCESS PERMISSIONS to global domain groups for local domain resources. Global groups PROVIDE access to resources in other TRUSTED domains. Universal groups grant access to resources in all trusted domains.

Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.

If you are ABLE to query the ISP's DNS SERVERS from behind the PROXY server or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the ROOT hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.

If you are able to query the ISP's DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.

GPT : GROUP POLICY template.
GPC : Group policy CONTAINER.

GPT : Group policy template.
GPC : Group policy container.

Check for a disjointed NAMESPACE, and then RUN Netdiag.exe /FIX. You must install Support Tools from the WINDOWS 2000 Server CD-ROM to run Netdiag.exe.

Check for a disjointed namespace, and then run Netdiag.exe /fix. You must install Support Tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.

%SystemRoot%SYSVOLsysvoldomainnamePoliciesGUID

%SystemRoot%SYSVOLsysvoldomainnamePoliciesGUID

For each additional DC that is RUNNING DNS, the preferred DNS SETTING is the parent DNS server (first DC in the domain), and the ALTERNATE DNS setting is the actual IP address of network interface.

For each additional DC that is running DNS, the preferred DNS setting is the parent DNS server (first DC in the domain), and the alternate DNS setting is the actual IP address of network interface.

Same as Read & Execute, but not INHERITED by files WITHIN a folder. However, newly created SUBFOLDERS will INHERIT this PERMISSION.

Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.

Yes you can Connect Active Directory to other 3rd -party Directory Services such as DICTIONARIES used by SAP, Domino etc with the HELP of MIIS (MICROSOFT Identity Integration Server).

Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictionaries used by SAP, Domino etc with the help of MIIS (Microsoft Identity Integration Server).

Admin$, Drive$, IPC$, NETLOGON, PRINT$ and SYSVOL.

Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

Infrastructure MASTER is ACCOUNTABLE for UPDATING information about the user and group and GLOBAL catalogue.

Infrastructure Master is accountable for updating information about the user and group and global catalogue.

Unlimited. REMEMBER, THOUGH, that it’s the Administrator ACCOUNT, not any account that’s part of the Administrators GROUP.

Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.

COMPONENTS of AD includes
Logical STRUCTURE: TREES, Forest, DOMAINS and OU.
Physical Structures: DOMAIN controller and Sites.

Components of AD includes
Logical Structure: Trees, Forest, Domains and OU.
Physical Structures: Domain controller and Sites.

Read only DOMAIN Controller, organizations can easily deploy a domain controller in LOCATIONS where PHYSICAL security cannot be GUARANTEED.

Read only Domain Controller, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed.

RID MASTER stands for Relative Identifier for assigning UNIQUE IDS to the object created in AD.

RID master stands for Relative Identifier for assigning unique IDs to the object created in AD.

AD Domain SERVICES auditing, Fine-Grained PASSWORD POLICIES,Read-Only Domain Controllers,Restartable Active Directory Domain Services

AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain Controllers,Restartable Active Directory Domain Services

CDC or CHILD DC is a SUB domain controller under root domain controller which share name SPACE

CDC or child DC is a sub domain controller under root domain controller which share name space

SCAVENGING will HELP you clean up old UNUSED RECORDS in DNS.

Scavenging will help you clean up old unused records in DNS.

SCHEMA is an active directory COMPONENT describes all the attributes and objects that the directory SERVICE USES to store data.

Schema is an active directory component describes all the attributes and objects that the directory service uses to store data.

Maintains a SECURE channel between this COMPUTER and the domain CONTROLLER for authenticating USERS and services. If this service is STOPPED, the computer may not authenticate users and services, and the domain controller cannot register DNS records."

Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services, and the domain controller cannot register DNS records."

Tombstone lifetime in an Active DIRECTORY determines how long a deleted object is RETAINED in Active Directory. The deleted OBJECTS in Active Directory is STORED in a special object REFERRED as TOMBSTONE. Usually, windows will use a 60- day tombstone lifetime if time is not set in the forest configuration.

Tombstone lifetime in an Active Directory determines how long a deleted object is retained in Active Directory. The deleted objects in Active Directory is stored in a special object referred as TOMBSTONE. Usually, windows will use a 60- day tombstone lifetime if time is not set in the forest configuration.

In an ACTIVE directory FOREST, the DOMAIN controller is a server that contains a writable copy of the Active Directory Database participates in Active directory REPLICATION and controls ACCESS to network resource.

In an Active directory forest, the domain controller is a server that contains a writable copy of the Active Directory Database participates in Active directory replication and controls access to network resource.

LINGERING OBJECTS can EXISTS if a domain CONTROLLER does not replicate for an interval of TIME that is longer than the tombstone lifetime (TSL).

Lingering objects can exists if a domain controller does not replicate for an interval of time that is longer than the tombstone lifetime (TSL).