Ans(1):

 A server is a computer that provides services to other systems and systems

that make requests
 Mail servers
Also known as mail transfer agents (MTAs), mail servers receive and forward
emails. They can run programs like iMail or Exim to provide SMTP (Simple
Mail Transfer Protocol) services.
 File servers
Host files like images and videos, usually using a different protocol than web
servers.
 Web servers
Serve web pages to users using HTTP (Hypertext Transfer Protocol). They
can run Microsoft IIS or Apache HTTP Server.

Ans(2):
 A server operating system (OS) is installed on a server computer to manage
resources and provide services to multiple programs. A client OS runs on
devices like computers, laptops, and smartphones. Client OSs support one
user at a time and can handle hardware like printers and cameras.
 Purpose: Server OSs are optimized for providing services and managing
resources, while client OSs are optimized for accessing and interacting with
resources.
 Complexity: Server OSs are more complex and can handle critical
operations. Client OSs are simpler and can work on local processes.
 Security: Server OSs are more secure than client OSs.
 Number of clients: Server OSs can serve multiple clients simultaneously.

Ans(3):

 Active Directory (AD) is a proprietary directory service from Microsoft that

runs on Windows Server. It allows administrators to manage access to
network resources and permissions.
 Ans(4):
 The AD database is saved in a file on every DC in the domain. The
AD database is stored in the NTDS.DIT file located in the NTDS folder of the
system root, usually C:\Windows.
 AD uses the "Extensible Storage Engine (ESE)" which is an indexed and
sequential access method (ISAM) database. It uses record-oriented
database architecture which provides extremely fast access to records.
 The Active Directory database is made up of a single file named ntds.dit. By
default, it is stored in the %SYSTEMROOT%NTDS folder.
 Local and remote access to the Active Directory database is done with the
LDAP protocol (Lightweight Directory Access Protocol).

Ans(5):
To promote a server to a domain controller, you can:
1. Open Server Manager
2. Click the Notification Flag
3. Select Promote this server to a domain controller
4. Choose the Deployment Operation
5. Configure Domain Controller Options
6. Configure DNS Options
7. Choose Additional Options
8. Select Paths
9. Review Options

Ans(6):
Here are the five FSMO roles in Active Directory and their functions:

Schema Master

A forest-wide role that ensures changes to the AD schema are replicated

to all other DCs in the forest.

Domain Naming Master

A forest-wide role.

RID Master

A domain-wide role that assigns security identifier (SID) values to every

object created in the Active Directory. The RID Master also generates
unique relative identifiers and moves objects from one domain
controller to another within the forest.

PDC Emulator

A domain-wide role that synchronizes time, which is important for the

integrity of many processes, including Kerberos authentication.

Infrastructure Master

A domain-wide role that understands the organization's IT infrastructure

and updates object references at a local level. It also ensures that the
copies of other domains are up to date.

A domain controller (DC) can hold multiple roles at one time. For
example, a forest with two domains will have one DC in each
domain hosting the RID Master role.

Ans(7):

Ans(8):
A member server is a computer that belongs to a domain but is not the
domain controller. A domain controller is a server that stores directory
information and provides authentication and directory services for the
domain.

Here are some other differences between member servers

and domain controllers:

Identity management
A domain controller hosts Microsoft Active Directory Domain Services
(AD DS), which is an identity management, authentication, and
authorization service. A member server is a server whose identity is
managed by AD DS.

Directory information
Member servers don't store directory information, but domain
controllers do.

Functions
Member servers can function as file servers, database servers,
application servers, firewalls, remote access servers, and certificate
servers.

Authentication requests
Domain controllers are responsible for authenticating security requests
such as logins and permission checking.

A computer with a server OS and AD installed is a domain controller. Any

other computer with a server OS can be called a member server if it is
joined to the domain.

Ans(9):
The global catalog (GC) is a feature of Active Directory (AD) that allows a
domain controller (DC) to provide information on any object in the
forest. It is a distributed data storage that is stored in domain controllers
(also known as global catalog servers) and is used for faster searching.

The primary two functions of a Global Catalog within the Microsoft

Active Directory are logon capability and Microsoft Active Directory
queries.

Ans(10):
Forest architecture is a collection of one or more domain trees that
share a common logical structure, directory configuration, directory
schema, and global catalog. The first domain in the forest is called the
forest root domain.

Domain architecture is an architecture based on the Inversion of Control

Principle. It is biased towards Object-oriented programming. The
architecture consists of multiple concentric layers interfacing towards
the core domain, moving all coupling towards the center.

Ans(11):
The infrastructure master should not be on the global catalog (GC)
server in a multi-domain forest if every domain controller in the domain
doesn't host the GC. In this case, the infrastructure master should be
placed on a domain controller that doesn't host the GC.

The infrastructure master is responsible for updating references from

objects in the local domain to objects in other domains. The GC server
holds a copy of all the objects in the domain and a partial replica of
other domains in the forest.

The GC allows users and applications to find objects in an Active

Directory domain tree. It contains a partial replica of every naming
context in the directory, including the schema and configuration naming
contexts.

Ans(12):
The infrastructure master is responsible for updating references from
objects in the local domain to objects in other domains. The GC server
holds a copy of all the objects in the domain and a partial replica of
other domains in the forest.

The GC allows users and applications to find objects in an Active

Directory domain tree. It contains a partial replica of every naming
context in the directory, including the schema and configuration naming
contexts.

Ans(13):
Active Directory (AD) has both physical and logical structures. The logical
structure organizes network resources, while the physical structure
manages and configures network traffic.

The logical structure of AD is represented by the following components:

Organizational units, Domains, Trees, Forests.

The physical structure of AD is made up of:

Active Directory sites

Domain controllers

Domain controllers are computers that run Windows Server and hold
the Active Directory Domain Services role. They can be either physical or
virtual servers. Domain controllers are responsible for the security and
authentication of AD objects.

AD has three main tiers:

Domains: A group of related users, computers, and other AD objects

Trees: Multiple domains can be combined into a tree

Forests: Multiple trees can be grouped into a forest.

Ans(14):
Active Directory (AD) backups are used to recover critical system
components in case of a crash. Backups create a consistent copy of the
AD database, which can be used to restore the system if there is a failure
or disaster.

Here are some best practices for backing up AD:

Perform a full backup every 24 hours

Perform an incremental backup every 6 hours

Don't exceed a 60-day interval between backups

Ans(15):
SYSVOL, or System Volume, is a folder that contains files and folders on
the local hard disk of each domain controller in a domain. It's a
repository for all active directory files and stores important elements of
the Active Directory group policy.

Ans(16):
Group Policy is a Windows feature that allows for the centralized
management and configuration of user settings, computer settings, and
operating systems. Each policy is defined by a Group Policy object (GPO).

Group Policy adheres to a strict hierarchy. The four levels of hierarchy for
Group Policy processing are: Local, Site, Domain, OU.

The order that GPOs are processed is known as LSDOU, which stands for
local, site, domain, and organizational unit.

The order in which GPOs are processed is:

Local

Site

Domain
OU

GPOs that Windows processes last have the highest precedence.

Ans(18):
Active Directory (AD) restore can be performed in Directory Services
Restore Mode (DSRM). DSRM is a Safe Mode boot option for Windows
Server domain controllers. It allows an administrator to repair, recover,
or restore an AD database

To restore deleted Active Directory objects, you can:

Open the Active Directory Administrative Center

In the left pane, click the domain name and select the Deleted Objects
container

Right-click the container and click Restore

There are three types of AD restores: Authoritative, Non-Authoritative,

Primary.

In an authoritative restore, an Active Directory controller is recovered

from backup with a special flag that makes the data authoritative. This
means that it will be the source of data replicated to all other domain
controllers.

To boot into Active Directory repair, you can:

Run the Windows tool msconfig.exe

Switch to the Boot tab

Under Boot options, select Active Directory repair

Ans(19):
Directory Services Restore Mode (DSRM) is a safe mode boot option for
Windows Server domain controllers. It allows administrators to repair,
recover, or restore an Active Directory (AD) database.

To manually boot into DSRM, you can:

Press the F8 key repeatedly

Do this immediately after the BIOS POST screen, before the Windows
logo appears

Select DSRM mode from the boot menu

After logging in, you will see a Safe Mode watermark on the desktop,
and AD services won't start.

When Active Directory is initially set up, the Administrator will be

prompted for a password to use for DSRM if ever needed

Ans(19):
A domain is a network of computers and devices that are controlled by
one authority. A workgroup is a group of people who work together, or a
collection of networked computers.
Ans(20):
A proxy server is a system or router that acts as a gateway between users and the
internet. It's also known as an "intermediary" because it goes between end-users
and the web pages they visit.
Proxy servers use a different IP address on behalf of the user, concealing the user's
real address from web servers. They can help prevent cyber attackers from
entering a private network.

Ans(21):
A firewall is a network security device that monitors and controls network traffic.
It can be a hardware or software unit that filters incoming and outgoing traffic
based on a set of rules. Firewalls are used in both personal and enterprise
settings.

Third-party firewalls are important for securing corporate networks. They provide
an extra layer of protection against external threats.

To change the Windows Firewall settings, you can:

Click Update & Security

Click Windows Security

Click Open Windows Security

Click Firewall & network protection

Select your active network

Click the Windows Defender Firewall button to turn the firewall on or off

You can also disable Windows Firewall by:

Opening the Start Menu

Selecting Control Panel

Selecting System and Security

Selecting Windows Firewall

Selecting Turn Windows Firewall On or Off in the left sidebar

Windows Firewall offers three network profiles: domain, private, and public.
These profiles are used to assign rules. For example, you can allow a specific
application to communicate on a private network, but not on a public network.