Scribd
Upload
34 views4 pages

Active Directory & FSMO Roles Guide

Uploaded by

sethii_ankush
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
34 views4 pages

Active Directory & FSMO Roles Guide

Uploaded by

sethii_ankush
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 4

What is active directory?

Active directory holds all the information about the objects in the domain including login authentication process, sharing of
resources, network resources etc. It defines security boundaries in logical database structrue.
What are fsmo roles? In details
There are five types of roles.
Domain Naming Master (Forest wide)
Schema Master (Forest Wide)
Rid master (Domain Wide)
Pdc emulator (Domain Wide)
Infrastructure Master (Domain Wide)

Domain Naming master :- Adding / changing/ deleting any domain in a forest, it takes care.
Schema Master :- It maintains structure of the active directory in a forest.
Rid Master:- It assigns RID & SID to the newly created object like users & computers. IF rid master is down else you cant create
any objects
Pdc Emulator :- It works as a PDC to any NT BDCs in your enviorment. It works as a time server to maintain same time in your
network. It works to change password , lockout etc
Infrastructure Master :- This works when we are renaming any group member ship object. This roles take care

What is dns?
Dns stands for Domain Naming server / service. It resolves IP address to Host Name & Host name to IP address.

What is stub zone?


A stub zone is a copy of a zone that contains only those resource records, necessary to identify the authoritative domain name
system servers for that zone. Stubzone replicate only minimum information.

What is SOA?
Its start of authority. It help in replication between primary & secondary zone.

What is active directory integrated zone?


If you create a active directory integrated zone, your zone would be secure & multi master. you can transfer zone from your zone
to anywhere in the forest, dc, & different domain.

What is schema?
Its a predefined set of rules & resolution which tells us that what objects & set of attributes we can create.

What is Global catalog server?


Global catlog server keeps full information about its own domain & partial information about others domain. It provides group
membership information during logon and authentication.

Tell me about active directory structure


Forest-tree-Domain
What types of backup do u used to take?
Normal.
What is the database file of Active directory?
NTDS.DIT it has three partition. Domain, Configuration & Schema. Domain part will never replicate with other domain. Only
Configuration & schema part will replicate in the entire forest

What are dns queries?


There are two type of queries. One is itertive & one is recursive. Recursiive query send the request & if not found found it will
prompt you the error message. In itertivee query , if not found it will be forwarded to another dns record to check.
How dns resolves websites?
First it checks in its own cache memory, if not found then forward to dns server, it will check in the dns server cache record, if
not found it will be sending a query to ISP dns. & finally it will give you the output

What is difference between stub zone & active directory integrated zone?
Tell them about both in details.

What is port no of DNS,LDAP,GC,SMTP?


DNS- 53, LADP-389, GC-3268, SMTP-25.
What is difference between incremental & differential backup?
INCREMENTAL – first normal then only as per the changes every day happens
Diffrential- first normal after that take whole changes done as on monday on tuesday & futher.

What are the core services for exchange server?

How do u promote a domain controller to a GCS?


Through active directory site services, then go to serven name & then ntds setting, right click go to properties & select the check
box for gcs.

What is GPO? Which policy will take effect if configured Computer setting & user setting too?

Technical Interview Questions – Active Directory

What is Active Directory?


AD is a directory service that is used to manage and maintain all the network resources.
it is a central location which provides users access to the database and all other network resources.

Where is the AD database held? What other folders are related to AD?
AD database is NTDS.DIT. It is stored in the NTDS folder.
SYSVOL and NTFRS are some other folders related to the AD.

What is the SYSVOL folder?


SYSVOl stores all the public copy of the domain which is replicated to all the other DC.'s.
It also stores the logon scripts and policies of the domain.

Name the AD NCs and replication issues for each NC


Domain NC, Configuration NC and Schema NC.

How do you view replication properties for AD partitions and DCs?


through sites and services and through replmon tool and repadmin command line.

What is the Global Catalog?


It stores complete information of its own domain and partial information of all the other domains in the
forest.
partial information are: distinguished name, object GUID and object SID

How do you view all the GCs in the forest?


Through replmon tool and through sites and services.

Trying to look at the Schema, how can I do that?


First register the schema by running the command : regsvr32 schmmgmt.dll
then open the MMC and add the AD schema snapin.

What are the Support Tools? Why do I need them?


support tools are additional features which are used to manage the AD in an advanced mode.

What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?
these are all utilities which are used to manage the AD domains and forest in an advanced mode.

What is the KCC?


KCC is Knowledge Consistency Checker.
It is used to replicate AD information between the DC's.

What are the requirements for installing AD on a new server?


DNS, IP address and a windows 2000 or 2003 (server) operating system.

How can you forcibly remove AD from a server, and what do you do later? • Can I get user passwords
from the AD database?
dcpromo /forceremoval and then do the metadata cleanup from the other DC.

What tool would I use to try to grab security related packets from the wire?
network monitor.

What is tombstone lifetime attribute?


Tombstone lifetime attribute describes the time period an account an stay in the database file after
deletion form the domain.
For windows 2000 and 2003: 30 days.
windows 2003 SP1 and later: 180 days.

What are the FSMO roles? Who has them by default? What happens when each one fails?

I want to look at the RID allocation table for a DC. What do I do?

dcdiag /test:ridmanager /v

How do you backup AD?


Take a backup of system state data on any DC.

How do you restore AD?


Logon in the Directory Service restore Mode and restore the system state data backup.
What are GPOs?
Group Policy Objects.

What is the order in which GPOs are applied?


Sites >>>> Domain >>>> OU.

Some more question which they ask in the interview.

What is DNS?
What is Recursive query?
What is Itersive query?
What is stub zone?
What is Primary & Secondary Zones?

Port numbers?
FTP: 21 TELNET: 23 SMTP: 25
DNS: 53 DHCP: 67 KERBEROS: 88
POP3: 110 NNTP: 119 IMAP: 143
SNMP: 161 LDAP: 389 SSL: 443
MS-DS-AD: 445 RPC: 530 LDAP-S:636
IMAP-S: 993 POP-S: 995 Lotus Notes: 1352
Sametime: 1533 MS-PPTP: 1723 MS-RDP: 3389

You might also like