Myfen Comptuers

Active Directory Interview Questions

1. Different between Windows 2000 ADS and Windows 2003 ADS?

2. What is roe of LDAP in Ads?
Ans. LDAP is the directory service protocol that is used to query and update
AD. LDAP naming paths are used to access AD objects and include the
following:
 Distinguished names
 Relative Distinguished names

Distinguished name gives the complete path of the object

E.g. CN=Sanjo Thomas, OU=India, DC=Microsoft,DC=com

Relative Distinguished name is the portion of the distinguished

name that uniquely identifies the object.

E.g. CN=Sanjo Thomas OR OU= India

3. What is role of DNS in ADS?

Ans. Domain Name System (or Service or Server), It resolves the Host Name to IP
Address and IP Address to Host Name, in other words we can say an Internet
service that translates domain names into IP addresses. Because domain names
are alphabetic, they're easier to remember. The Internet however, is really based
on IP addresses.
Every time you use a domain name, therefore, a DNS service must translate the
name into the corresponding IP address. For example, the domain name
www.example.com might translate to 198.105.232.4.
The DNS system is, in fact, its own network. If one DNS server doesn't know how to
translate a particular domain name, it asks another one, and so on, until the
correct IP address is returned.
4. What is SRV Record and how it’s related to ADS?
Ans. After AD is installed, the DC will register SRV records in DNS when it
restarts. We can check this using DNS MMC or nslookup command.
Using MMC If the SRV records are registered, the following folders will be there in
The domain folder in Forward Lookup Zone.

  msdes
  sites
 tcp
 adp
Using nslookup
>nslookup
>ls -t SRV Domain
If the SRV records are properly created, they will be listed.
 5. Types of partition of AD Database
Ans. i. Schema Partition
ii. Configuration Partition
iii. Domain Partition
iv. Application Partition
6. Operation Master roles
Ans.  Schema master
  Domain naming master
  RID master
  PDC emulator
  Infrastructure daemon
7. Types of Replication
Ans. i. Active directory Intrasite Replication
ii. Active directory Intersite Replication
8. What is USN and KCC?
9. What is Authorative and non-Authorative restore?
Ans. Authoritative restore – Running NTDSUTIL after the restore updates the USN
(Updated Sequence Numbers) to be greater than any other member domain
controller to which the machine formerly replicated. This will cause the restored
domain controller to replicate its Active Directory information to all other domain
controllers.
Non-Authoritative restore – A restore overwriting the System State to the point at
which it was backed up. A Non-Authoritative System State restore is usually done
when there are other domain controllers on the network responsible for
replicating the Active Directory changes to systems with older Updated Sequence
Numbers
10. What is Global catalog?
Ans. A global catalog is created automatically on the initial domain controller in the
forest. A Global catalog is a domain controller that stores a copy of all Active
Directory objects in a forest. In addition, the global catalog stores each object’s
most common searchable attributes. The global catalog stores a full copy of all
objects in the directory for its host domain and a partial copy of all objects for all
other domains in the forest, which provides efficient searches without
unnecessary referrals to domain controllers
11. What is function of SYSVOL?
Ans. The System Volume (SYSVOL) is a collection of folders in the file system that exists on each
domain controller in a domain. The SYSVOL folders provide a default Active Directory
location for files that must be replicated throughout a domain, including Group Policy objects
(GPO),startup and shutdown scripts, and logon and logoff scripts. Windows Server 2003 uses
the File Replication service (FRS) to replicate changes made to the SYSVOL folders from one
domain controller to other domain controllers. FRS replicates these changes according to the
schedule that you create during your site topology design.
12. What does File Replication service works in Windows 2000
Ans. File Replication service (FRS) replicates system policies and logon scripts stored in System
Volume (SYSVOL) and replicates data for Distributed file system (Dfs)
13. What is garbage collection in ADS?
Ans. Garbage Collection is a process that is designed to free space within the Active Directory
database. This process runs independently on every DC with a default lifetime
interval of 12 hours.

The Garbage Collection process has 3 main steps

1. Removing "tombstones" from the database. Tombstones are remains of

objects that have been previously deleted.

(**When an object is deleted, it is not actually removed from the Active Directory database. It is
marked for deletion at a later date. This then gets replicated to other DCs. When the
tombstoneLifetime is over, the object is deleted.)

2. Deletion of any unnecessary log files.

3. The process launches a defragmentation thread to claim additional free space.

There are two ways to defragment the Active Directory database in Windows 2000.

Online Defragmentation method that runs as part of the garbage collection

process. The only advantage to this method is that the server does not
need to be taken offline for it to run. However, this method does not
shrink the Active Directory database file (Ntds.dit).

Offline Defragmentation: This is done by taking the server offline and use Ntdsutil.exe to
defragment the database. This approach requires that the ADS database be
started in repair mode. The advantage to this method is that the database
is resized, unused space is
removed, and the size is reflected by the Ntds.dit file.
14. What is default replication time between DC in the same site and how to change it?
15. What are the logical components of AD database?
Ans. Logical Structure:
i. Forest
ii. Domain
iii. Tree
iv. Organization Unit
v. Global Catalog
16. How Windows 2000 domain controller does writes information to AD database files?
17. What are the files of ADS?
18. Difference between incremental and differential backup?
19. What re security templates and GPO administrative templates?
20. Which user or group has the rights to update or modify AD schema?
21. Which service is use for replication between DC in a domain?
22. Which tool is used to manage a windows 2000 domain controller from a non-domai
Controller like W2K prof, win 95/98 etc.
23. Which utility is used to view the role of schema master and domain naming master?
24. What is the role of Global catalog in Windows 2000domain environment?
25. Where to place a global catalog in multi-domain and multi-site Windows 2000 forest?
26. Which are the two method of ADS database de-fragmentation?
27. What steps are used to remove an existing windows 2000 domain controller with a new
domain controller?
28. What is KCC (Knowledge Consistency Checker)?