Interview

c

An active directory is a directory structure used on Microsoft Windows based computers and servers to
store information and data about networks and domains. It is primarily used for online information
and was originally created in 1996 and first used with Windows 2000. What is LDAP?
Light weight Directory access Protocol. It͛s a communication protocol Whole ADS will work on it
¦

es you can connect other vendors.
Examples: E-directory from Novell
c
c

AD Database is saved in u u .ou can see other files also in this folder. These are the
main files controlling the AD structure
÷ ntds.dit
÷ edb.log
÷ res1.log
÷ res2.log
÷ edb.chk
How to share AD folders
c

All active directory data base security related information store in SSVOL folder and its only created
on NTFS partition.

¦ ¦
*Schema NC, *Configuration NC, * Domain NC
Schema NC This NC is replicated to every other domain controller in the forest. It contains information
about the Active Directory schema, which in turn defines the different object classes and attributes
within Active Directory.
Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide
configuration information pertaining to the physical layout of Active Directory, as well as information
about display specifiers and forest-wide Active Directory quotas.
Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the
NC that contains the most commonly-accessed Active Directory data: the actual users, groups,
computers, and other objects that reside within a particular Active Directory domain.
c c !

Application Directory Partition is a partition space in Active Directory which an application can use to
store that application specific data. This partition is then replicated only to some specific domain
controllers.
The application directory partition can contain any type of data except security principles (users,
computers, groups).
"

The DnsCmd command is used to create a new application directory partition. Ex. to create a partition
named NewPartition on the domain controller DC1.contoso.com, log on to the domain controller
and type following command.

"

¦
By using replication monitor --- go to start > run > type replmon
c #¦$

The global catalog is a distributed data repository that contains a searchable, partial representation of every object
in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on
domain controllers that have been designated as global catalog servers and is distributed through multimaster
replication. Searches that are directed to the global catalog are faster because they do not involve referrals to
different domain controllers.

" #¦

!"
"
#
$%&'"(")!*&
c %
¦$ #¦
With too many DCs are configured to become the GC servers, it will cause the replication overhead
between the DCs across the forest.
& $% ' !

c &c !
& $ % &

$ '
'( $ )'

c
*c (+* )c
!+
!&c +&
)c (+*
)!
!"

!
#$% &'(

!)* ) +

,
! ! - !
+ . +
)

)

/ !
)

p

p !
" !" ## $%
& $" $% $ $"
p "p p' p
& (" " )
*p & ++
*p &

, ("# p

& -
. domains "
" $ "#% " #
"# "
p)
$ p "

$" . /001 $ "
p Domainp & " # "
"" &
#! #! ' # !,"

c c

One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to
configure Active Directory access and replication topology to take advantage of the physical network.
c , %,

Schedule enables you to list weekdays or hours when the site link is available for replication to happen
in the give interval. Interval is the re occurrence of the inter site replication in given minutes. It
ranges from 15 - 10,080 mins. The default interval is 180 mins.
c -¦¦
The Knowledge Consistency Checker (KCC) is a built-in process that runs on each domain controller
and regenerates the replication topology for all directory partitions that are contained on that domain
controller. The KCC runs at specified intervals of every 15 minutes by default and designates
replication routes between domain controllers that are most favorable connections that are available
at the time.
c !&#c

Intersite Topology Generator (ISTG), which is responsible for the connections among the sites. By
default Windows 2003 Forest level functionality has this role.
c . $

An NTFS partition with enough free space (250MB minimum) , An Administrator's username and
password , The correct version ,· A NIC ,· Properly configured TCP/IP (IP address, subnet
mask and - optional - default gateway)
0 1 -) ) .
0 23 - )
# !.
0
0 4
5554
3 55#
- 67!
.

c
¦ , c
%
/$
¦
(0
10

. How can you forcibly remove AD from a server and what do you do later Can I get user passwords
from the AD database?
Answere :-Demote the server using dcpromo /forceremoval, then remove the metadata from Active
directory using ndtsutil. There is no way to get user passwords from AD that I am aware of, but you
should still be able to change them.

/ #3/8

! )1
9:;<=#=8#9%2;3<3;8# # 3 #

) %
) 1= oductType
Se e T Value data),
1OK
/

) ) !1

>#
! # ; !

j

RDP

3389
j
!"
FTP-21,20 Telnet ± 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389 ,Dhcp :-68
]c c&*

¦ 2*
¦ 3%

¦ 23
¦ 455
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read
and write relationship that hosts copies of the Active Directory.
6"$ % $ $

Security-related modifications are replicated within a site immediately. These changes include account
and individual user lockout policies, changes to password policies, changes to computer account
passwords, and modifications to the Local Security Authority (LSA).
c c 455 $$

$
When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an
existing DC to update the directory and replicate from the DC the required portions of the directory. If
the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to
fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS
records. The Active Directory Installation Wizard verifies a proper configuration of the DNS
infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory
Installation Wizard.
75c
Organizations that operate on radically different bases may require separate trees with distinct
namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations
merge or are acquired and naming continuity is desired. Organizations form partnerships and joint
ventures. While access to common resources is desired, a separately defined tree can enforce more
direct administrative and security restrictions.
"
Four types of authentication are used across forests:

(1) Kerberos and NTLM network logon for remote access to a server in another forest;
(2) Kerberos and NTLM interactive logon for physical logon outside the user s home forest;
(3) Kerberos delegation to N-tier application in another forest; and
(4) user principal name (UPN) credentials.
74c

Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active
Directory Users and Group Manager, Active Directory Replication (optional, available from the
Resource Kit), Active Directory Schema Manager (optional, available from adminpak)
c /c 455

Structural class:
The structural class is important to the system administrator in that it is the only type from which new
Active Directory objects are created. Structural classes are developed from either the modification of
an existing structural type or the use of one or more abstract classes.
Abstract class:
Abstract classes are so named because they take the form of templates that actually create other
templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for
the defining objects.
Auxiliary class:
The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a
structural class, it provides a streamlined alternative by applying a combination of attributes with a
single include action.
88 class:
The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was
adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common
use for the development of objects in Windows Server 2003 environments.
78" $ $9
Windows Server 2003 provides a command called Repadmin that provides the ability to delete
lingering objects in the Active Directory.
7:c #¦$
The Global Catalog authenticates network user logons and fields inquiries about objects across a forest
or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000,
there was typically one GC on every site in order to prevent user logon failures across the network.
" c 455
When an account is created, it is given a unique access number known as a security identifier (SID).
Every group to which the user belongs has an associated SID. The user and related group SIDs
together form the user account s security token, which determines access levels to objects
throughout the system and network. SIDs from the security token are mapped to the access control
list (ACL) of any object the user attempts to access.
7]!! '
!
No.
If you delete a user account and attempt to recreate it with the same user name and password, the
SID will be different.
76c $$; $
Credential Management feature of Windows Server 2003 provides a consistent single sign-on
experience for users. This can be useful for roaming users who move between computer systems. The
Credential Management feature provides a secure store of user credentials that includes passwords
and X.509 certificates.
$ $ )
"Save password as encrypted clear text" must be selected on User Properties Account Tab Options,
since the Macs only store their passwords that way.
45c c 455
Dial-in,
VPN,
dial-in with callback.
47c $ $
All the documents and environmental settings for the roaming user are stored locally on the system,
and, when the user logs off, all changes to the locally stored profile are copied to the shared server
folder. Therefore, the first time a roaming user logs on to a new system the logon process may take
some time, depending on how large his profile folder is.
44c $ $
\Document and Settings\All Users
4c $$ $

MavaScipt,
VBScript,
DOS batch files
(.com, .bat, or even .exe)
c

Domain local groups assign access
permissions to global domain groups for local domain resources. Global groups provide access to resources in other
trusted domains. Universal groups grant access to resources in all trusted domains.
1.

c
Universal groups are allowed only in
native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be
promoted to Windows Server 2003 Active Directory.
2. c It¶s group policy inheritance model, where the policies are applied to ocal machines,
ites, omains and rganizational nits.
3. c

c ! If the ë file exist, it has the highest
priority among the numerous policies.
4. c

%SystemRoot%System32\GroupPolicy
5. c "#!"#$ Group policy template and group policy container.
6. c
"#!
%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
7.

c

The computer settings take priority.
8.

c gponame±> User Configuration±> Windows Settings±> Remote Installation
Services±> Choice Options is your friend.
9. c
Microsoft NetMeeting policies
10. Ñ

Via group policy, security
settings for the group, then Software Restriction Policies.
11. %
c A

text file can be used to add applications using the Software Installer, rather than the Windows Installer.
12. c

c

The former has
fewer privileges and will probably require user intervention. Plus, it uses .zap files.
13. c

c

&''(

Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP
properties. Users may be selectively restricted from modifying their IP address and other network
configuration parameters.
14. Ñ
)

90 minutes give or take.
15. c
Y It¶s now .
16.

. Make sure you check å

among the options when creating the policy.
17. c ** +
The user can view and modify user preferences that are not stored
in maintained portions of the Registry. If the group policy is removed or changed, the user preference will
persist in the Registry.
18. Ñ !,&''' You can¶t.
19. Ñ &''(User Configuration - Administrative Templates -
System - Group Policy - enable - Enforce Show Policies Only.
20. c
%

It helps to reconcile desktop settings, applications, and stored files for
users, particularly those who move between workstations or those who must periodically work offline.
21. c -

./! !. FAT and FAT32
provide no security over locally logged-on users. Only native NTFS provides extensive permission control
on both remote and local files.
22. Ñ./! !.

They don¶t, both have support for
sharing.
23. Y
Y

!.. Same as Read & Execute, but
not inherited by files within a folder. However, newly created subfolders will inherit this permission.
24.

$
It is possible for a user to navigate to a file for which he does not have folder permission. This
involves simply knowing the path of the file object. Even if the user can¶t drill down the file/folder tree
using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The
best way to start would be to type the full path of a file into Run« window.
25. .

/

Permissive, if at
least one group has Allow permission for the file/folder, user will have the same permission.
26. .

Restrictive, if at
least one group has Deny permission for the file/folder, user will be denied access, regardless of other
group permissions.
27. c
c

&''( Admin$, Drive$, IPC$,
NETLOGON, print$ and SYSVOL.
28. c
0
.1
.2
The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a
shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared
resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to
other domain controllers. Thus, redundant root nodes may include multiple connections to the same data
residing in different shared folders.
29. c
. 0

c34 . Use
the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares.
30. c
0
.

/

In
Partition Knowledge Table, which is then replicated to other domain controllers.
31. $
05
.
Yes.
32. c
. Two users opening the redundant copies of the
file at the same time, with no file-locking involved in DFS, changing the contents and then saving. Only one
file will be propagated through DFS.
33.

%
$

0
.. Yeah, you can¶t. Install a
standalone one.
34.
6

Symmetric.
35. Ñc&''(

0
Time
stamp is attached to the initial client request, encrypted with the shared key.
36. c

c&''(

RSA Data Security¶s Message
Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit
hash.
37. c
0

c&''(

Windows
Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate response to
exchange CA certificates with third-party certificate authorities.
38. c

/

Unlimited.
Remember, though, that it¶s the Administrator account, not any account that¶s part of the Administrators
group.
39.
0 c

!%7 A cracker
would launch a dictionary attack by hashing every imaginable term used for password and then compare
the hashes.
40. c

&''(
More
restrictive in Windows Server 2003.
41. Ñ

*
#

Ñ
+
* User¶s last 6 passwords.
Ñow do you iew eplication p ope ties fo AD?
> / 8
3?/ ?/
c at a e sites c at a e t ey used fo ?

- )
!.#$%)

!
1

! 1
ame some OU design conside ations?
@
" ) " !

?

!A
?

!A
! @

A @
A

B
@
$$ ! $ $)$C6'5 ,
7 c at a e FMSO Roles? List t em.
D D
! !D38
'3

/

#;
% !
C Logical Diag am of Actie Di ecto y ?, c at is t e diffe ence between c ild domain
& additional domain Se e ?
4 !1
! 3

8! 2!
'

)
3BDE2 ' ! %!

BDE2 !
28!)!! ;
3 1

!
DE2
11 ! F
! 2 !

' DE2
11 ' ! F
' !
6 c at a e Actie Di ecto y G oups?
A
)* )
4 ! #
) ! A ) +

%

!
!! !

!1

) !

G oup Types
GSecu ity g oups@ 3 !
3

) !
! ) !
)
GDist ibution g oups)
!

! < ;
) !
)
) "
)

)
5 G oup Scopes
A
) !
) ))

!
!

) ) ! -. 1 A
) ) !
-.
!
GDomain Local G oup@

, ,

! !

! )

)

)!
H )
)

) ) !

GGlobal G oup@ ! )

)

) -1
!

! .
)
!
A)
)

) ! )
@

) )

!
)

2 ) A)
)

)!
D

! -1
)
!
. ) ) !
A) , ,

! !

!
GUnie sal G oup Scope
!
)

)

)

- .
555

55
!
@ )
1
)

) ) !
@ )

)

' c at a e t e types of backup? Explain eac ?
%
I J )1 )1! )

)1!
"1 !)1 1
!! ) )1
D ! !)1
D
8
B !
D

B
!
8

)
!!
!)1
! !
) ! ) " )1

3
! )1 )

- !
)1. )
!!
)1!
! !)1

"1 " !)1

!!
)1

!

!)1

) )1
!*!
)

c at is t e SYSVOL folde ?
4
3 553 K -3<3K. !!

! ,

3<3K

!A
)* -A.
D / -D/3.
)

< 3<3K!
) L L$
c at is t e ISTG c o as t at ole by default?
! ) %3A!

) )

c at is t e o de in w ic G=Os a e applied?
3 @
# 1 ) !

) %
2
!
M
%! )
) %!

!
4#%/M
#%/-# % / 1 .

! %

! ,)
!% -%.
) !)

%
)

#%/
)
% B)1) 1 % B
, %
-%3. !
49#M4 ) !

)1! M
9# 9# ! % 1

N
B )

% ! ! !
! )
9#
%!
!! )

)
1 9 !) )
) )1 %

!

<
%
23- 2

3 .
%

!

) ! )23
9
3/K
23M
3/K
23
)
23
#1 O P?3
) PP
/#1

2 /
PP

-3/K.
2 ) !!
+
> !!

) >
+ 1
)
+

+
! + ! !

+
+ ! !!
%
+ )

+
!

!

7 9
% 23 23 M
A

I !$!
J"
C 42M
2-2 1
. " ! % %

D
8! 1
6 9
! 2 4
55M
D) ) 1
# ! 2
9 ! )
M
#13

1/
/
/
/
) ! !
/1 !
!
#1 3 )

@
#@
1
)
! ; ) ! !! %
3
;

)%
! !!

; ) ! 1
; 1 B %

* #1:
DS Inte iew Questions and answe s

23% E

' 3 1 " 1

!!
!1 !
1+

4

M
4 !23 M
3
)

+ 4
!M
>
! ! !
! !
1 DE2 %
M
4 !3/K
M
7 > ! !
1
23

+

9 !
!
) ! 3/K

+ 4 1 !! M
C 4! !
) !
!
23

! M
6
"

4! 1 ) 1 ! M
<
!
23
<

+

+

1
+

/ )
1 ! !)

<
1 )

! ! 4

M
'5 <
1
% <
! )
1

) ! ! % 4
1 !M
QQQQQQQ
' //

23
DE2 %

3

)
!
+
3

! ) !

+ 3
) ! +

+ !
! 23 )
1
! !
3/K

1
7 +
!

!
23 !

C + )
!

) !

9#
) !

!

6 ! !!
# 23

'5 23 Q

! )

##
!""
Primary DNS
Secondary DNS
Active Directory Integrated DNS
Forwarder
Caching only DNS

$

PTR records resolve IP addresses into hostnames.
For example, the A record for

j%& resolves this
domain name to '('j%(:
smtp14.msoutlookonline.net. A IN 100000 207.5.72.145
And then the PTR record resolves '('j%( back

to
j%& :
145.72.5.207.in-addr.arpa. PTR IN 100000 smtp14.msoutlookonline.net
As you can see, you need to type the reversed IP address and add "in-
addr.arpa" to it to query for PTR records. This is called reverse DNS.
One common myth about PTR records is that they are created for domain
names and your domain has to have one to make sure your mail will not be
rejected by other mail servers. The truth is that PTR records are created for IP
addresses, not domain names. This means that if you are using our servers to
send mail, you do not need to worry about your PTR record. IP addresses of all
our mail servers already have PTR records created.
If, however, you are using not only our mail server, but also some other server
outside our network and that mail server IP does not have a PTR record
created, we have no way to change that and you need to contact the company
which owns that mail server. For example, if you are sending mail through your
ISP mail server, you will need to contact their support team and request to
configure PTR records for all IP addresses their mail servers are using.
You can also always verify whether a particular IP address has a PTR record
created by running the "nslookup" tool or going to a site like
http://www.dnsreport.com.
For example:
C:\>&
Default Server: dns.company.com

Address: 232.14.15.6
> #
)

> &
Default Server: ns2.msoutlookonline.net
Address: 207.5.44.30
> j%('('*

Server: ns2.msoutlookonline.net
Address: 207.5.44.30
145.72.5.207.in-addr.arpa. name = smtp14.msoutlookonline.net
O

O

O

!
÷
!
÷

%
÷
!
'()*&
" #$%"$&
÷

!
%
÷
!
'()*&
" #%"&
÷
!
!
÷
!
!
÷

!
%
" #$%"$&
'()*&
÷
!
!
" #%"&
÷
+ !
÷

+ %
÷
+ !
'()*&
" #$%"$&
÷
+ !
" #%"&
,-. /

0 )1
(

2

3() /45)

'2
)
%) 45)
&

Step By Step Tuto ial Ñow to mig ate DÑ= se e f om a cindows se e 2003 to cindows
se e 2008
9# ) ) !

#13 1/

),
1:

,#
,
;2;/
2 <

,

# ! 9# 4

3 556
' #13 1

13 8 %!

1
@
#
% / 31
/ 12 , 19#

12 ,
Impo t t e DÑ= database
' , ) !

) !
1 %!

,!

3 / 8

)
)

# ,
9#
) !

1! 4
3 556
)

K ! 9#

4
3 556)

#13 1/

),
1:

) ,

;2;/

) , !
! !
) !

Y
2 4 ,9#

) !Y
$55

4
3 556 ) !
!

E o initializing and eading t e se ice configu ation ± Access Denied
2 <

7
4
3 5569# 9#
pY ;

F
C %! I

J !
4
3 556#9
9#
;
7
!
)

%!
)

F
Aut o ize t e DÑ= se e
' #13

19#
2 <)

) ) !

%
)
)
) ! ;

% ! 9# ,

9# %!

! )* ) +

/1 )*

1+
! 1

1/ !

9# +

Final Tip
%! ,$!

9# ! - 9#

. 4
3 556#
c at a e some of t e new tools and featu es p oided by cindows Se e 2008?
4
3 556

1 8!4
K

!
K )1
>1

! 4
3 556
%%3C )

4
3
4
!!
!4
3 556M
!4

3 556 3

;
; ;

!!
1 ;

!
9 K+

4 );

!4
3 556

!

)
3

;
;
)
9 K
+
c at two a dwa e conside ations s ould be an impo tant pa t of t e planning p ocess fo

a cindows Se e 2008 deployment?
4
3 556

" ! 1 3

)
4
3 5569
#)
)!

1 )
c at a e t e options fo installing cindows Se e 2008?
< 4

3 556 !
23

, 4
5553
4
3 55
Ñow do you configu e and manage a cindows Se e 2008 co e installation?

!4
3 556
!

c ic ont ol =anel tool enables you to automate t e unning of se e utilities and ot e

applications?
13
)
!4
>1

1 !
c at a e some of t e items t at can be accessed ia t e System = ope ties dialog box?
<

8 3
),
c en a c ild domain is c eated in t e domain t ee, w at type of t ust elations ip exists

between t e new c ild domain and t e t ees oot domain?
#

!

)
)

c at is t e p ima y function of domain cont olle s?
! !

1 9

! )* 1
c at a e some of t e ot e oles t at a se e unning cindows Se e 2008 could fill on

t e netwo k?
4

3 556 ) !

!
) 4

!
23 9#
/
/
c ic cindows Se e 2008 tools make it easy to manage and configu e a se e s oles

and featu es?
3 8
)
!

"1

! 3
8 )

!

c at cindows Se e 2008 se ice is used to install client ope ating systems oe t e
netwo k?
4
3 -43. )

1 R; )
1 !
c at domain se ices a e necessa y fo you to deploy t e cindows Deployment Se ices

on you netwo k?
4
3 " 9#
23 )

Ñow is cDS configu ed and managed on a se e unning cindows Se e 2008?
4
3 ) ! 43

)

c at is t e diffe ence between a basic and dynamic d ie in t e cindows Se e 2008

eni onment?
)
1 ) 833
1 S)
1 )

- .

1 ! )

) !

14
3 556/%
c at is RAID in cindows Se e 2008?
/% /

!%

1 !)
!
! /% ) )

)
4
3 556 ) ! /%
5-
. /%'- .
/% -
1 .
c at conceptual model elps p oide an unde standing of ow netwo k p otocol stacks

suc as T=I= wo k?
3%
! 1
1

)

1)
1
c at p otocol stack is installed by default w en you install cindows Se e 2008 on a

netwo k se e ?
#$%-
7.
!!4
3 556 % "
!

! 1
Ñow is a se e unning cindows Se e 2008 configu ed as a domain cont olle , suc as
t e domain cont olle fo t e oot domain o a c ild domain?
% 4

3 556

!
!
!

,
% 1

c at a e some of t e tools used to manage Actie Di ecto y objects in a cindows Se e

2008 domain?
4

-1
. !

@
#

)*

)
!

)
3
3
!
!

)
Ñow a e domain use accounts c eated and managed?
@

#
!

!

B

c at type of Actie Di ecto y objects can be contained in a g oup?

c at type of g oup is not aailable in a domain t at is unning at t e mixed-mode

functional leel?
@ ) ,

! )

4
554
5561 )
c at types of Actie Di ecto y objects can be contained in an O ganizational Unit?
+ @

@
+ @

)
)
! !

c at a e Actie Di ecto y sites in cindows Se e 2008?
1B ;

3 %)

)% >
! )

A)#

an se e s unning cindows Se e 2008 p oide se ices to clients w en t ey a e not
pa t of a domain?
3 4
3 556 ) !
1

1 )

c at does t e use of G oup =olicy p oide you as a netwo k administ ato ?
A

!
! !

@ A 1

)

!
c at tools a e inoled in managing and deploying G oup =olicy?
A
1
! )

A8
Ñow do you deal wit G oup =olicy in e itance issues?
A

)
! < )1
! ! A-! @
.) >1% !)* %! !
A

1
A ; !

- .A
Ñow can you make su e t at netwo k clients ae t e most ecent cindows updates
installed and ae ot e impo tant secu ity featu es suc as t e cindows Fi ewall enabled
befo e t ey can gain full netwo k access?
< ! 2 13 - ) 2 1

3 . 2 13 ) !

1

! 1 !!

c at is t e pu pose of deploying local DS se e s?

23
! !!"!

%

> 23

)

) 23

! 23 "
!"!

1
In te ms of DS, w at is a cac ing-only se e ?
23 !

" )

23 # !
23!
>
!
+
1!!
+ !
Ñow t e ange of I= add esses is defined fo a cindows Se e 2008 DÑ= se e ?
%

) 9#

) !%

%

)

,
Important Port Numbers:

ÑTTP ---------- 80
FTP ------------ 20,21
TelNet ---------- 23
SMTP ---------- 25
DNS ----------- 53
TFTP ----------- 69
SNMP ---------- 161
RIP ------------- 520
IMAP 4--------- 143
IMAP 3 --------- 220
RPC ------------ 135
LDAP ---------- 389
Net Stat -------- 15
WINS ---------- 42
BootP ---------- 67
DÑCP ---------- 68
POP2 ---------- 109
POP3 ---------- 110
Net BIOS ------ 139

SSL(ÑTTPS) --- 443
SQL Server ---- 1433
NFS ------------ 2049
SSÑ ------------ 22
RAP ----------- 38
BGP ----------- 179
Read more: http://newadmins.blogspot.com/search/label/Network%20administrator#ixzz1B1TYHYJG
$+
+'"

06
)

%&0"3
2%&0"270"
%& #

0 6

026 (
# (

$4895,, : $4895,,
#

8;;<"
+'"

(
="0"=%= " 0"
=
&

6

)
+'"
2 2

+'"

= + (

5' (
(
": ;

9

:"="2"="2'="2O)'="
!="

4 #

(

";0":- > #%-&2-1!?02=#%=&

@
#( A0

:+ #(
(

(2 #(#
#
#(

2 (
(

: ( #

)

3(

8' ( ()
#(

(

#:! 0" #

#
2
#

2

$ (0"!)

( )

(: ((

0"

";0"
( #
)

(

(

$$
>O'A :06

-10A
0"

$ 6
#
# +-:#
))
2

#

))

$' ( (
!:?
(

Interview

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Interview

Загружено:

Авторское право:

Доступные форматы

c 

¦   

c     

c   c  ! 

"      

"        

c  # ¦ $

& $  %  ' ! 

     '( $ )  ' 

    

       

  

c  c   

c ,      %,   

c  !&#c     

c .   $

   

]c c &* 

c  c   455 $ $

75c     

"       

Four types of authentication are used across forests:

74c      

c     /c   455

7:c # ¦ $

"      c   455

 $     $ )

47c    $ $   

44c  $     $   

\Document and Settings\All Users

4c $$     $  

 )  

# 1  )  ! 

   )    %!    

      ) ! ) 

 )     

 B  )  

  23- 2 

   .  " !   %  %

# 1 3  ) 

 !   !! 

DS Inte iew Questions and answe s

' 3        1 "          1  

' // 

 !     ) !  

For example, the A record for 

smtp14.msoutlookonline.net. A IN 100000 207.5.72.145

And then the PTR record resolves '('j%( back

145.72.5.207.in-addr.arpa. PTR IN 100000 smtp14.msoutlookonline.net

Default Server: dns.company.com

145.72.5.207.in-addr.arpa. name = smtp14.msoutlookonline.net

   !

,-.  /    

 # 13  1/  

2 <     

# !   9#         4

' # 13  1

 % / 3  1

/  12 ,  19#   

Impo t t e DÑ= database 

'     ,  ) !   

 K ! 9#  

 # 13  1/  

c

¦

c

c c !

"

"

c #¦$

& $% ' !

'( $ )'

c c

c , %,

c !&#c

c . $

]c c&*

c c 455 $$

75c

"

74c

c /c 455

7:c #¦$

" c 455

$ $ )

47c $ $

44c $ $

4c $$ $

)

# 1 ) !

) %!

) !)

)

B )

23- 2

. " ! % %

#1 3 )

! !!

' 3 1 " 1

' //

! ) !

For example, the A record for

And then the PTR record resolves '('j%( back

!

,-. /

#13 1/

2 <

# ! 9# 4

' #13 1

% / 31

/ 12 , 19#

Impo t t e DÑ= database

' , ) !

K ! 9#

#13 1/

2 4 ,9#

E o initializing and eading t e se ice configu ation ± Access Denied

2 <

C %! I

Aut o ize t e DÑ= se e

' #13

2 <)

% ! 9# ,

/1 )*

! 1

c at a e some of t e new tools and featu es p oided by cindows Se e 2008?

!4

c at a e t e options fo installing cindows Se e 2008?

< 4

Ñow do you configu e and manage a cindows Se e 2008 co e installation?

<

c at is t e p ima y function of domain cont olle s?

! !

4

Ñow is cDS configu ed and managed on a se e unning cindows Se e 2008?

c at is RAID in cindows Se e 2008?

% 4

4

Ñow a e domain use accounts c eated and managed?

@

c at type of Actie Di ecto y objects can be contained in a g oup?

@ ) ,

c at types of Actie Di ecto y objects can be contained in an O ganizational Unit?