Explore topic-wise InterviewSolutions in .

The RID MASTER is responsible for processing RID POOL REQUESTS from all domain controllersin a PARTICULAR domain. When a DC creates a security principal object such as a user orgroup, it ATTACHES a unique Security ID (SID) to the object. This SID consists of a domain SID(the same for all SIDs created in a domain), and a relative ID (RID) that is unique for eachsecurity principal SID created in a domain. Each DC in a domain is allocated a pool of RIDsthat it is allowed to assign to the security principals it creates. When a DC’s allocated RIDpool falls below a threshold, that DC issues a request for additional RIDs to the domain’sRID master. The domain RID master responds to the request by retrieving RIDs from thedomain’s unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain.PDC Emulator.

The RID master is responsible for processing RID pool requests from all domain controllersin a particular domain. When a DC creates a security principal object such as a user orgroup, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID(the same for all SIDs created in a domain), and a relative ID (RID) that is unique for eachsecurity principal SID created in a domain. Each DC in a domain is allocated a pool of RIDsthat it is allowed to assign to the security principals it creates. When a DC’s allocated RIDpool falls below a threshold, that DC issues a request for additional RIDs to the domain’sRID master. The domain RID master responds to the request by retrieving RIDs from thedomain’s unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain.PDC Emulator.

The PDC emulator is necessary to SYNCHRONIZE time in an enterprise. Windows 2000/2003Includes the W32Time (Windows Time) time service that is required by the KerberosAuthentication protocol. All Windows 2000/2003-based computers within an enterpriseUse a common time. The purpose of the time service is to ensure that the Windows TimeService uses a hierarchical relationship that CONTROLS authority and does not PERMIT loops TOENSURE appropriate common time usage.

The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003Includes the W32Time (Windows Time) time service that is required by the KerberosAuthentication protocol. All Windows 2000/2003-based computers within an enterpriseUse a common time. The purpose of the time service is to ensure that the Windows TimeService uses a hierarchical relationship that controls authority and does not permit loops toEnsure appropriate common time usage.

Basic storage uses NORMAL partition tables supported by MS-DOS, Microsoft Windows 95,Microsoft Windows 98, Microsoft Windows MILLENNIUM Edition (Me), Microsoft WindowsNT, Microsoft Windows 2000, Windows Server 2003 and Windows XP. A disk INITIALIZED forBasic storage is called a basic disk. A basic disk contains basic volumes, such as primaryPartitions, extended partitions, and logical drives. Additionally, basic volumes includemultidisk volumes that are created by using Windows NT 4.0 or earlier, such as volumesets, STRIPE sets, mirror sets, and stripe sets with parity. Windows XP does not supportthese multidisk basic volumes. Any volume sets, stripe sets, mirror sets, or stripe sets withparity must be backed up and deleted or converted to dynamic disks before you installWindows XP PROFESSIONAL.

Basic storage uses normal partition tables supported by MS-DOS, Microsoft Windows 95,Microsoft Windows 98, Microsoft Windows Millennium Edition (Me), Microsoft WindowsNT, Microsoft Windows 2000, Windows Server 2003 and Windows XP. A disk initialized forBasic storage is called a basic disk. A basic disk contains basic volumes, such as primaryPartitions, extended partitions, and logical drives. Additionally, basic volumes includemultidisk volumes that are created by using Windows NT 4.0 or earlier, such as volumesets, stripe sets, mirror sets, and stripe sets with parity. Windows XP does not supportthese multidisk basic volumes. Any volume sets, stripe sets, mirror sets, or stripe sets withparity must be backed up and deleted or converted to dynamic disks before you installWindows XP Professional.

DYNAMIC storage is supported in WINDOWS XP Professional, Windows 2000 and WindowsServer 2003. A disk initialized for dynamic storage is called a dynamic disk. A dynamic diskcontains dynamic volumes, such as SIMPLE volumes, spanned volumes, STRIPED volumes,mirrored volumes, and RAID-5 volumes. With dynamic storage, you can perform disk andvolume management without the need to restart Windows.

Dynamic storage is supported in Windows XP Professional, Windows 2000 and WindowsServer 2003. A disk initialized for dynamic storage is called a dynamic disk. A dynamic diskcontains dynamic volumes, such as simple volumes, spanned volumes, striped volumes,mirrored volumes, and RAID-5 volumes. With dynamic storage, you can perform disk andvolume management without the need to restart Windows.

The Sysvol folder on a Windows domain CONTROLLER is used to REPLICATE FILE-based data amongdomain controllers. Because junctions are used within the Sysvol folder structure, Windows NTfile system (NTFS) version 5.0 is required on domain controllers throughout a Windowsdistributed file system (DFS) forest.This is a quote from Microsoft themselves BASICALLY the domain controller info stored in files likeyour group policy stuff is replicated through this folder structure.

The Sysvol folder on a Windows domain controller is used to replicate file-based data amongdomain controllers. Because junctions are used within the Sysvol folder structure, Windows NTfile system (NTFS) version 5.0 is required on domain controllers throughout a Windowsdistributed file system (DFS) forest.This is a quote from Microsoft themselves basically the domain controller info stored in files likeyour group policy stuff is replicated through this folder structure.

Repadmin.exe: Replication Diagnostics ToolThis command-line TOOL assists ADMINISTRATORS in diagnosing replication PROBLEMS betweenWindows domain controllers.Administrators can use Repadmin to view the replication topology (sometimes referred to asRepsFrom and RepsTool) as seen from the perspective of each domain controller. In addition,Repadmin can be USED to manually create the replication topology (although in normal practicethis should not be necessary), to force replication events between domain controllers, and toview both the replication metadata and up-to-dateness vectors.

Repadmin.exe: Replication Diagnostics ToolThis command-line tool assists administrators in diagnosing replication problems betweenWindows domain controllers.Administrators can use Repadmin to view the replication topology (sometimes referred to asRepsFrom and RepsTool) as seen from the perspective of each domain controller. In addition,Repadmin can be used to manually create the replication topology (although in normal practicethis should not be necessary), to force replication events between domain controllers, and toview both the replication metadata and up-to-dateness vectors.

The KCC is a built-in PROCESS that runs on all domain controllers and generates replicationtopology for the ACTIVE Directory forest. The KCC creates separate replication topologiesdepending on whether replication is occurring within a SITE (intrasite) or between sites(intersite). The KCC also dynamically adjusts the topology to accommodate new domain controllers, domain controllers moved to and from sites, changing costs and schedules, anddomain controllers that are temporarily unavailable.

The KCC is a built-in process that runs on all domain controllers and generates replicationtopology for the Active Directory forest. The KCC creates separate replication topologiesdepending on whether replication is occurring within a site (intrasite) or between sites(intersite). The KCC also dynamically adjusts the topology to accommodate new domain controllers, domain controllers moved to and from sites, changing costs and schedules, anddomain controllers that are temporarily unavailable.

One or more well-connected (HIGHLY reliable and FAST) TCP/IP subnets. A SITE allowsadministrators to configure Active Directory access and replication TOPOLOGY to take advantage of the physical NETWORK.

One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allowsadministrators to configure Active Directory access and replication topology to take advantage of the physical network.

By using Active DIRECTORY REPLICATION Monitor.Start > Run > REPLMON.

By using Active Directory Replication Monitor.Start > Run > Replmon.

Infrastructure Master:

When an object in one domain is REFERENCED by ANOTHER object in another domain, itrepresents the reference by the GUID, the SID (for references to security principals), andthe DN of the object being referenced. The infrastructure FSMO role holder is the DCresponsible for updating an object’s SID and DISTINGUISHED name in a cross-domain objectreference. At any one TIME, there can be only one domain controller ACTING as theinfrastructure master in each domain.

Infrastructure Master:

When an object in one domain is referenced by another object in another domain, itrepresents the reference by the GUID, the SID (for references to security principals), andthe DN of the object being referenced. The infrastructure FSMO role holder is the DCresponsible for updating an object’s SID and distinguished name in a cross-domain objectreference. At any one time, there can be only one domain controller acting as theinfrastructure master in each domain.

The domain naming MASTER domain controller controls the addition or removal of domainsin the forest. This DC is the only one that can add or remove a domain from the directory. ITCAN also add or remove cross REFERENCES to domains in EXTERNAL directories. There can beonly one domain naming master in the WHOLE forest.

The domain naming master domain controller controls the addition or removal of domainsin the forest. This DC is the only one that can add or remove a domain from the directory. Itcan also add or remove cross references to domains in external directories. There can beonly one domain naming master in the whole forest.

The schema MASTER DOMAIN CONTROLLER controls all UPDATES and modifications to theschema. Once the Schema update is complete, it is replicated from the schema master to allother DCs in the directory. To update the schema of a forest, you must have access to theschema master. There can be only one schema master in the whole forest.

The schema master domain controller controls all updates and modifications to theschema. Once the Schema update is complete, it is replicated from the schema master to allother DCs in the directory. To update the schema of a forest, you must have access to theschema master. There can be only one schema master in the whole forest.

FSMO roles are server roles in a Forest.There are five types of FSMO roles

1. Schema master.
2. DOMAIN NAMING master.
3. Rid master.
4. PDC Emulator.
5. INFRASTRUCTURE master.

FSMO roles are server roles in a Forest.There are five types of FSMO roles

Functionality of RODCs:-

• Read-Only DS DATABASE.
• Uni-directional replication.
• CREDENTIAL caching.
• ADMINISTRATOR role SEPARATION.

Functionality of RODCs:-

Read-Only Domain Controllers (RODCS) ADDRESS some of the PROBLEMS that are commonly found in branch offices.These locations might not have a DC, Or they might have a writable DC but no physicalsecurity to that DC, low network bandwidth, or inadequate EXPERTISE to support that DC.

Read-Only Domain Controllers (RODCs) address some of the problems that are commonly found in branch offices.These locations might not have a DC, Or they might have a writable DC but no physicalsecurity to that DC, low network bandwidth, or inadequate expertise to support that DC.

A global catalog server is a domain controller. It is a master searchable database that CONTAINSINFORMATION about every OBJECT in every domain in a forest. The global catalog CONTAINS acomplete replica of all objects in Active Directory for its host domain, and contains a partialreplica of all objects in Active Directory for every other domain in the forest.It has two IMPORTANT functions:Provides group membership information during logon and authenticationHelps users locate resources in Active Directory

A global catalog server is a domain controller. It is a master searchable database that containsinformation about every object in every domain in a forest. The global catalog contains acomplete replica of all objects in Active Directory for its host domain, and contains a partialreplica of all objects in Active Directory for every other domain in the forest.It has two important functions:Provides group membership information during logon and authenticationHelps users locate resources in Active Directory

Domain functionality ACTIVATES features that affect the whole domain and that domain only.The four domain functional levels, their corresponding features, and SUPPORTED domainControllers are as follows:Windows 2000 MIXED (Default)Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, WindowsServer 2003Activated features: local and GLOBAL groups, global catalog support.

Domain functionality activates features that affect the whole domain and that domain only.The four domain functional levels, their corresponding features, and supported domainControllers are as follows:Windows 2000 mixed (Default)Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, WindowsServer 2003Activated features: local and global groups, global catalog support.

ACTIVE Directory DOMAIN Services (AD DS), formerly known as Active Directory Services, is thecentral location for configuration information, authentication requests, and information aboutall of the objects that are STORED within your forest. USING Active Directory, you can efficientlymanage users, computers, groups, printers, applications, and other directory-enabled objectsfrom one secure, centralized location.

Active Directory Domain Services (AD DS), formerly known as Active Directory Services, is thecentral location for configuration information, authentication requests, and information aboutall of the objects that are stored within your forest. Using Active Directory, you can efficientlymanage users, computers, groups, printers, applications, and other directory-enabled objectsfrom one secure, centralized location.