INTERVIEW QUESTIONS FOR WINDOWS DOMAIN Q: What is Active Directory? A: An active directory is a directory str ct re sed on Microso!

t Windo"s #ased co$% ters and servers to store in!or$ation and data a#o t net"or&s and do$ains' It is %ri$ari(y sed !or on(ine in!or$ation and "as ori)ina((y created in *++, and !irst sed "ith Windo"s -...'An active directory /so$eti$es re!erred to as an AD0 does a variety o! ! nctions inc( din) the a#i(ity to %rovide in!or$ation on o#1ects2 he(%s or)ani3e these o#1ects !or easy retrieva( and access2 a((o"s access #y end sers and ad$inistrators and a((o"s the ad$inistrator to set sec rity % !or the directory' Q: What is 4DA5? A: 4DA52 4i)ht"ei)ht Directory Access 5rotoco(2 is an Internet %rotoco( that e$ai( and other %ro)ra$s se to (oo& % in!or$ation !ro$ a server ' Q: I have set % a ti$e server in $y interna( net"or&' 6o"ever2 I sti(( )et an error $essa)e that The Windo"s Ti$e Service "as not a#(e to !ind a Do$ain 7ontro((er' A: Set the 5D7 e$ (ator !or the do$ain to synch "ith the ne" ti$e so rce2 the other D7s "i(( synch "ith the 5D7 FSMO and a(( the c(ients "i(( synch "ith the a thenticatin) D7' Q: I have )% in AD that assi)ns (ar)e a%%(ication to a thenticated sers2 no" this a%% is insta((ed on $ore than *8. co$% ters2 "e have s(o" (in& to $any sites and "e don9t have servers there' So the : estion is ho" I can chan)e !ro$ a thenticated sers to a s%ecia( )ro % "itho t insta((in) the so!t"are a)ain' I have not tried this #eca se I9$ a!raid that I "i(( ta&e $any days to recover i! it !ai(s? 6o" are yo de%(oyin) and assi)nin) to sers? A: Usin) ;5 so!t"are distri# tion /;5SD0 there are a n $#er o! "ays to de%(oy a%%(ications' It $i)ht #e #est to create another )ro % ca((ed <a%%(ication=<' Then start addin) yo r sers to this )ro %' Once the entire $e$#ers #e(on) to this )ro % yo can re$ove the a thenticated sers'

I! yo have (ots o! sers and s(o" (in&s it $i)ht #e #est to % #(ish rather than assi)n' This %rovides a $ore %hased a%%roach to sers insta((in) a%%s' 5rovidin) yo sers are ha%%y to )o to contro( %ane( to insta(( this $i)ht #e #etter' Q: 7an I create a scri%t !or ;5O re%ort? A: There are %re>%re%ared scri%ts yo don9t need to create the$' There is directory ca((ed scri%ts created in the insta((ation2 ta&e a (oo& in there Q: I a$ c rrent(y had a $i=ed $ode to%o(o)y ? r nnin) e=chan)e 8'8' I a$ %(annin) the e=ch' -... %)rade is it #est to %)rade direct(y or insta(( a se%arate -... server and $i)rate the $ai(#o=es /s"in) $ethod0 and "hat are the %ro9s and cons' A: We((2 %)radin) direct(y is the easiest "ay to )o2 # t o!ten a(so considered the ris&ier o! the t"o o%tions' This $ethod does not a((o" !or e=tensive testin) ahead o! ti$e2 there#y (eadin) to %otentia((y n&no"n %it!a((s' We reco$$end in $ost cases in a %rod ction environ$ent to se the s"in) $ethod #y insta((in) the AD7' This "i(( a((o" yo to # i(d a %er!ect "or(d and $i)rate s(o"(y and "ith (ess ris&' Q: Is it %ossi#(e to chan)e the na$e o! root do$ain a!ter insta((ation o! ADS? A: Not in Windo"s -... AD Q: What is the #est %rocess !or chan)e the %ass !or ad$in? This is !or the acco nt $ana)es the e=chan)e2 c( ster and other services and do I have to chan)e the %ass o%tion in each server and services? A: I! yo $ean yo have a (ot o! services that are r nnin) nder an acco nt "ith a s%eci!ic %ass"ord yo "i(( need to chan)e the %ass"ord and then )o into each service in Services a%%(et to chan)e the %ass"ord' Q: 6o" $any Do$ain 7ontro((er do I need a%%r' !or ,.. User?

A: @o co (d act a((y se 1 st * D7 in yo r scenario' I "o (d reco$$end - D7s !or red ndancy in case * D7 )oes do"n Q: What is the S@SVO4 !o(der? A: The sysVO4 !o(der stores the server9s co%y o! the do$ain9s % #(ic !i(es' The contents s ch as )ro % %o(icy2 sers etc o! the sysvo( !o(der are re%(icated to a(( do$ain contro((ers in the do$ain' The sysvo( !o(der $ st #e (ocated on an NTFS vo( $e'

INTERVIEW QUESTIONS FOR WINDOWS DOMAIN Q: What is the ;(o#a( 7ata(o)? A: The )(o#a( cata(o) is a distri# ted data re%ository that contains a searcha#(e2 %artia( re%resentation o! every o#1ect in every do$ain in a $ (tido$ain Active Directory !orest' The )(o#a( cata(o) is stored on do$ain contro((ers that have #een desi)nated as )(o#a( cata(o) servers and is distri# ted thro )h $ (ti$aster re%(ication' Searches that are directed to the )(o#a( cata(o) are !aster #eca se they do not invo(ve re!erra(s to di!!erent do$ain contro((ers' Q: What is RE54MON? What is RE5ADMIN? A: Re%($on dis%(ays in!or$ation a#o t Active Directory Re%(ication' Re%ad$in'e=e is a co$$and> (ine ti(ity that is desi)ned to he(% ad$inistrators $onitor2 dia)nose2 and tro #(eshoot re%(ication %ro#(e$s in Active Directory ' Q: What is NETDOM? A: NETDOM ti(ity in Microso!t Windo"s NT Server A'. Reso rce Bit' NETDOM (ets yo # i(d ne" tr st re(ationshi%s and reset e=istin) tr sts !ro$ the co$$and (ine'

Q: What are sites? What are they sed !or?

A: A site is a )ro %in) o! $achines #ased on a s #net o! T75CI5 addresses' ;enera((y this re!ers to a %hysica( site s ch as a %ortion o! the or)ani3ation in %artic (ar city or %art o! a city "hich is (in&ed #y (eased (ines or other $edia to other %arts o! the or)ani3ation

Q: What is B77 /Bno"(ed)e 7onsistency 7hec&er0 A: A connection o#1ect is a connection that AD ses !or re%(ication' 7onnection o#1ects are !a (t to(erant' When a co$$ nication !ai(s2 AD "i(( a to$atica((y recon!i) re itse(! to se another ro te to contin e re%(ication' The %rocess that creates connection o#1ects is ca((ed Bno"(ed)e 7onsistency 7hec&er /B770 Q: What are the re: ire$ents !or insta((in) AD on a ne" server? A: The !o((o"in) so!t"are and hard"are re: ire$ents a%%(y to a ! (( insta((ation or a Server 7ore insta((ation o! the Windo"s Server -..D o%eratin) syste$: E Insta(( Windo"s Server -..D E 7on!i) re a%%ro%riate T75CI5 and Do$ain Na$e Syste$ /DNS0 server addresses' E The drives that store the data#ase2 (o) !i(es2 and S@SVO4 !o(der !or Active Directory Do$ain Services /AD DS0 $ st #e %(aced on a (oca( !i=ed vo( $e' S@SVO4 $ st #e %(aced on a vo( $e that is !or$atted "ith the NTFS !i(e syste$' For sec rity % r%oses2 the Active Directory data#ase and (o) !i(es sho (d #e %(aced on a vo( $e that is !or$atted "ith NTFSTraditiona((y2 the Active Directory data#ase and (o) !i(es are %(aced on dis& drives that are %hysica((y (oca( to the do$ain contro((er co$% ter' As an o%tion2 yo can %(ace the Active Directory data#ase and

(o) !i(es on a non(oca( stora)e device i! the device a%%ears to #e F(oca(G to the ;etDriveTy%e ! nction that Dc%ro$o'e=e ses and it does not have advanced ro((#ac&2 ndo2 or sna%shot !eat res ena#(ed' For $ore in!or$ation a#o t the ;etDriveTy%e ! nction2 see ;etDriveTy%e F nction@o $ st %er!or$ a(( #ac& %s and restores o! AD DS2 inc( din) ro((in) the contents o! AD DS F#ac& in ti$e2G #y sin) syste$ state #ac& %s that are created #y s %%orted #ac& % a%%(ication %ro)ra$$in) inter!aces /A5Is0 and $ethods'@o $ st %er!or$ a(( #ac& %s and restores o! AD DS2 inc( din) ro((in) the contents o! AD DS F#ac& in ti$e2G #y sin) syste$ state #ac& %s that are created #y s %%orted #ac& % a%%(ication %ro)ra$$in) inter!aces /A5Is0 and $ethods'When yo se an ans"er !i(e to %er!or$ an nattended insta((ation o! AD DS2 s%eci!y a HD7INSTA44I section in the ans"er !i(e "ith a%%ro%riate %ara$eters' For a (ist o! entries !or the HD7INSTA44I section o! the ans"er !i(e'Veri!y that Ad%re%'e=e o%erations are co$%(ete' Je!ore yo can add AD DS to a server that is r nnin) Windo"s Server -..K in an e=istin) Active Directory environ$ent2 yo $ st %re%are the environ$ent #y r nnin) Ad%re%'e=e' For $ore in!or$ation a#o t r nnin) Ad%re%'e=eVeri!y that a DNS in!rastr ct re is in %(ace' Je!ore yo add AD DS to create a do$ain or !orest2 #e s re that a DNS in!rastr ct re is in %(ace on yo r net"or&' When yo insta(( AD DS2 yo can inc( de DNS server insta((ation2 i! it is needed' When yo create a ne" do$ain2 a DNS de(e)ation is created a to$atica((y d rin) the insta((ation %rocess ' Q: 6o" can yo !orci#(y re$ove AD !ro$ a server? A: De$ote the D7 #y r nnin) D75ro$o "ith the C!orcere$ova( s"itch

INTERVIEW QUESTIONS FOR WINDOWS DOMAIN Q: What are the FSMO ro(es? A: In a !orest2 there are !ive FSMO ro(es that are assi)ned to one or $ore do$ain contro((ers' The !ive FSMO ro(es are: Sche$a Master: The sche$a $aster do$ain contro((er contro(s a(( %dates and $odi!ications to the sche$a' Do$ain na$in) $aster:

The do$ain na$in) $aster do$ain contro((er contro(s the addition or re$ova( o! do$ains in the !orest' In!rastr ct re Master: When an o#1ect in one do$ain is re!erenced #y another o#1ect in another do$ain2 it re%resents the re!erence #y the ;UID2 the SID /!or re!erences to sec rity %rinci%a(s02 and the DN o! the o#1ect #ein) re!erenced' Re(ative ID /RID0 Master: The RID $aster is res%onsi#(e !or %rocessin) RID %oo( re: ests !ro$ a(( do$ain contro((ers in a %artic (ar do$ain' 5D7 E$ (ator: The 5D7 e$ (ator is necessary to synchroni3e ti$e in an enter%rise' Windo"s -...C-..D inc( des the WD-Ti$e /Windo"s Ti$e0 ti$e service that is re: ired #y the Ber#eros a thentication %rotoco( Q: 6o" to #ac& % Active Directory? L A: Ta&e the syste$ state data #ac& %' This "i(( #ac& % the active directory data#ase' Microso!t reco$$end on(y F (( #ac& % o! syste$ state data#ase Q: What hidden shares e=ist on Windo"s Server -..D insta((ation? A: Ad$inM2 DriveM2 I57M2 NET4O;ON2 %rintM and S@SVO4' Q: WhatNs the di!!erence #et"een standa(one and !a (t>to(erant DFS /Distri# ted Fi(e Syste$0 insta((ations? A: The standa(one server stores the D!s directory tree str ct re or to%o(o)y (oca((y' Th s2 i! a shared !o(der is inaccessi#(e or i! the D!s root server is do"n2 sers are (e!t "ith no (in& to the shared reso rces' A !a (t>to(erant root node stores the D!s to%o(o)y in the Active Directory2 "hich is re%(icated to other do$ain contro((ers' Th s2 red ndant root nodes $ay inc( de $ (ti%(e connections to the sa$e data residin) in di!!erent shared !o(ders' WeNre sin) the DFS !a (t>

to(erant insta((ation2 # t cannot access it !ro$ a Win+K #o=' Use the UN7 %ath2 not c(ient2 on(y -... and -..D c(ients can access Server -..D !a (t>to(erant shares' Q: Where e=act(y do !a (t>to(erant DFS shares store in!or$ation in Active Directory? A: In 5artition Bno"(ed)e Ta#(e2 this is then re%(icated to other do$ain contro((ers' Q: Is Ber#eros encry%tion sy$$etric or asy$$etric? A: Sy$$etric' Q: 6o" does Windo"s -..D Server try to %revent a $idd(e>$an attac& on encry%ted (ine? A: Ti$e sta$% is attached to the initia( c(ient re: est2 encry%ted "ith the shared &ey' Q: What hashin) a()orith$s are sed in Windo"s -..D Server? A: RSA Data Sec rityNs Messa)e Di)est 8 /MD802 %rod ces a *-K>#it hash2 and the Sec re 6ash A()orith$ * /S6A>*02 %rod ces a *,.>#it hash' Q: What third>%arty certi!icate e=chan)e %rotoco(s are sed #y Windo"s -..D Server? A: Windo"s Server -..D ses the ind stry standard 5B7S>*. certi!icate re: est and 5B7S>O certi!icate res%onse to e=chan)e 7A certi!icates "ith third>%arty certi!icate a thorities' Q: WhatNs the n $#er o! %er$itted ns ccess! ( (o)ons on Ad$inistrator acco nt? A:

Un(i$ited' Re$e$#er2 tho )h2 that itNs the Ad$inistrator acco nt2 not any acco nt thatNs %art o! the Ad$inistrators )ro %' Q: I! hashin) is one>"ay ! nction and Windo"s Server ses hashin) !or storin) %ass"ords2 ho" is it %ossi#(e to attac& the %ass"ord (ists2 s%eci!ica((y the ones sin) NT4Mv*? A: A crac&er "o (d (a nch a dictionary attac& #y hashin) every i$a)ina#(e ter$ sed !or %ass"ord and then co$%are the hashes' Q: WhatNs the di!!erence #et"een ) est acco nts in Server -..D and other editions? A: More restrictive in Windo"s Server -..D' Q: 6o" $any %ass"ords #y de!a (t are re$e$#ered "hen yo chec& <En!orce 5ass"ord 6istory Re$e$#ered<

INTERVIEW QUESTIONS FOR WINDOWS DOMAIN A: UserNs (ast , %ass"ords' Q: WhatNs ne" in Windo"s Server -..D re)ardin) the DNS $ana)e$ent? A: When D7 %ro$otion occ rs "ith an e=istin) !orest2 the Active Directory Insta((ation Wi3ard contacts an e=istin) D7 to %date the directory and re%(icate !ro$ the D7 the re: ired %ortions o! the directory' I! the "i3ard !ai(s to (ocate a D72 it %er!or$s de# ))in) and re%orts "hat ca sed the !ai( re and ho" to !i= the %ro#(e$' In order to #e (ocated on a net"or&2 every D7 $ st re)ister in DNS D7 (ocator DNS records' The Active Directory Insta((ation Wi3ard veri!ies a %ro%er con!i) ration o! the DNS in!rastr ct re' A(( DNS con!i) ration de# ))in) and re%ortin) activity is done "ith the Active Directory Insta((ation Wi3ard' Q: When sho (d yo create a !orest?

A: Or)ani3ations that o%erate on radica((y di!!erent #ases $ay re: ire se%arate trees "ith distinct na$es%aces' Uni: e trade or #rand na$es o!ten )ive rise to se%arate DNS identities' Or)ani3ations $er)e or are ac: ired and na$in) contin ity is desired' Or)ani3ations !or$ %artnershi%s and 1oint vent res' Whi(e access to co$$on reso rces is desired2 a se%arate(y de!ined tree can en!orce $ore direct ad$inistrative and sec rity restrictions' Q: I! I de(ete a ser and then create a ne" acco nt "ith the sa$e serna$e and %ass"ord2 "o (d the SID and %er$issions stay the sa$e? A: No' I! yo de(ete a ser acco nt and atte$%t to recreate it "ith the sa$e ser na$e and %ass"ord2 the SID "i(( #e di!!erent' Q: WhatNs the di!!erence #et"een the #asic dis& and dyna$ic dis&? A: The #asic ty%e contains %artitions2 e=tended %artitions2 (o)ica( drivers2 and an assort$ent o! static vo( $esP the dyna$ic ty%e does not se %artitions # t dyna$ica((y $ana)es vo( $es and %rovides advanced stora)e o%tions Q: 6o" do yo insta(( recovery conso(e? A: 7:QiDK,Q"inD- Cc$dcons2 ass $in) that yo r Win server insta((ation is on drive 7' Q: WhatNs ne" in Ter$ina( Services !or Windo"s -..D Server? A: S %%orts a dio trans$issions as "e((2 a(tho )h %re%are !or heavy net"or& (oad' Q: Why %a)in) is sed? A:

5a)in) is so( tion to e=terna( !ra)$entation %ro#(e$ "hich is to %er$it the (o)ica( address s%ace o! a %rocess to #e nonconti) o s2 th s a((o"in) a %rocess to #e a((ocatin) %hysica( $e$ory "herever the (atter is avai(a#(e' Q: What is virt a( $e$ory? A: Virt a( $e$ory is hard"are techni: e "here the syste$ a%%ears to have $ore $e$ory that it act a((y does' This is done #y ti$e>sharin)2 the %hysica( $e$ory and stora)e %arts o! the $e$ory one dis& "hen they are not active(y #ein) sed' Q: What is 7onte=t S"itch? A: S"itchin) the 75U to another %rocess re: ires savin) the state o! the o(d %rocess and (oadin) the saved state !or the ne" %rocess' This tas& is &no"n as a conte=t s"itch' 7onte=t>s"itch ti$e is % re overhead2 #eca se the syste$ does no se! ( "or& "hi(e s"itchin)' Its s%eed varies !ro$ $achine to $achine2 de%endin) on the $e$ory s%eed2 the n $#er o! re)isters "hich $ st #e co%ied2 the e=isted o! s%ecia( instr ctions/s ch as a sin)(e instr ction to (oad or store a(( re)isters0' Q: What is cache $e$ory? A: 7ache $e$ory is rando$ access $e$ory /RAM0 that a co$% ter $icro%rocessor can access $ore : ic&(y than it can access re) (ar RAM' As the $icro%rocessor %rocesses data2 it (oo&s !irst in the cache $e$ory and i! it !inds the data there /!ro$ a %revio s readin) o! data02 it does not have to do the $ore ti$e>cons $in) readin) o! data !ro$ (ar)er $e$ory' Q: 7an I chan)e %ass"ord i! $y $achineNs connectivity to D7 "ho ho(ds 5D7 e$ (ator ro(e has #een !ai(s? INTERVIEW QUESTIONS FOR WINDOWS DOMAIN A: No yo canNt chan)e the %ass"ord' Q:

What are the standard %ort n $#ers !or SMT52 5O5D2 IMA5A2 R572 4DA5 and ;(o#a( 7ata(o)? A: SMT5 L -82 5O5D L **.2 IMA5A L *AD2 R57 L *D82 4DA5 L DK+2 ;(o#a( 7ata(o) > D-,K Q: I have #een as&ed i! there is set o! D. hard dis& con!i) red !or raid 8 i! t"o hard dis&s !ai(ed "hat a#o t data? A: It de%ends ho" yo had con!i) red yo r RAID2 its on(y Raid8 or "ith s%are' I! itNs on(y raid 8 then in raid8 i! yo r - 6DD )oes then yo r raid is )one Q: 6o" can I De%(oy the 4atest 5atched in 5c thro )h ;'5' "itho t havin) the Ad$in Ri)ht in 5c? A: @o can % #(ish or assi)n MSI %ac&a)es or Ra% !i(es' They are the on(y t"o va(id !i(e !or$ats a((o"a#(e "hen sin) Finte((i$irrorG in active directory' Q: 6o" 7an I Reso(ve the Server na$e thro )h Ns(oo& %? A: Ns(oo& % co$$and "i(( (et yo &no" thro )h "hich server yo are )ettin) ro ted' Q: D675 re(ay a)ent "here to %(ace it? A: D675 Re(ay a)ent Q: What is !orest? A: Forest is a co((ection o! trees' Tree is nothin) # t co((ection do$ains "hich is havin) sa$e na$e s%ace' need to %(ace in So!t"are Ro ter'

Q: What are the chronic(e records o! DNS 3ones? A: In Windo"s -... there are $ain(y D 3ones /i0 Standard 5ri$ary S 3one in!or$ation "rites in T=t !i(e /ii0 Standard Secondary S co%y o! 5ri$ary /iii0 Active Directory Inte)ratedL In!or$ation stores in Active Directory' In "in-&D one $ore 3one is added that is St # 3one > LSt # is (i&e secondary # t it contains on(y co%y o! SOA records2 co%y o! NS records2 co%y o! A records !or that 3one' No co%y o! MT2 SRV records etc'2 "ith this St # 3one DNS tra!!ic "i(( #e (o" Q: What are the contents o! Syste$ State #ac& %? A: The contents are /a0 Joot !i(es2 syste$ !i(es /#0 Active directory /i! its done on D70 /c0 Sysvo( !o(der/i! it done on D70 /d0 7erti!icate service / on a 7A server0 /e0 7( ster data#ase /on a c( ster server0 re)istry /!0 5er!or$ance co nter con!i) ration in!or$ation /)0 7o$%onent services c(ass re)istration data#ase Q: 6o" can I de(ete a !ai(ed Do$ain 7ontro((er o#1ect !ro$ Active Directory? A: @o "i(( need the !o((o"in) too(: Ntds ti('e=e2 Active Directory Sites and Services2 Active Directory Users and 7o$% ter' A(so2 $a&e s re that yo se an acco nt that is a $e$#er o! the Enter%rise Ad$ins niversa( )ro % Q: A 7o$%any decides to enter into a 1oint vent re "ith one o! the vendors' This vent re "i(( res (t in the creation o! a third co$%any that "i(( re: ire its o"n Internet %resence' Syste$s ad$inistration d ties !or the ne" co$%any "i(( #e shared e: a((y #y a %arent co$%any and vendor' 5arent 7o$%any and vender c rrent(y have se%arate Active Directory !orests' Which $odi!ications sho (d yo $a&e to Active Directory to s %%ort the 1oint vent re re: ire$ents?

A: 7reate a ne" tree !or the ne" co$%any' 7reate this tree in %arent co$%anyNs !orest Q: 6o" do yo create a 5rinters 7ontainer in Active Directory?

A: To create a 5rinters container in "hich to (ist yo r %rinters in Active Directory:*'7(ic& Start2 %oint to 5ro)ra$s2 %oint to Windo"s -... S %%ort Too(s2 %oint to Too(s2 and then c(ic& ADSI Edit-'E=%and Do$ain N7 HDo$ain Na$eI2 and then c(ic& D7UDo$ain2 D7Uco$D'On the Action $en 2 %oint to Ne"2 and then c(ic& O#1ectA'In the Se(ect a c(ass #o=2 c(ic& container2 and then c(ic& Ne=t'8'In the Va( e #o=2 ty%e 5rinters2 and then c(ic& Ne=t','7(ic& Finish'A 7NU5rinters container a%%ears in the ri)ht %ane o! ADSI Edit'O'Ri)ht>c(ic& 7NU5rinters2 and then c(ic& 5ro%erties'K'7(ic& the Attri# tes ta#'

INTERVIEW QUESTIONS FOR WINDOWS DOMAIN +'In the Se(ect a %ro%erty to vie" #o=2 c(ic& sho"InAdvancedVie"On(y2 and then c(ic& 7(ear'*.'In the Edit Attri# te #o=2 ty%e !a(se2 c(ic& Set2 and then c(ic& OB'**'Q it ADSI Edit'*-'7(ic& Start2 %oint to 5ro)ra$s2 %oint to Ad$inistrative Too(s2 and then c(ic& Active Directory Users and 7o$% ters' The 5rinters container that yo created a%%ears in the (ist o! directory o#1ects*D'On the Vie" $en 2 c(ic& Advanced Feat res*A'On the Vie" $en 2 c(ic& Users2 ;ro %s2 and 7o$% ters as containers*8'Move the %rinters that yo "ant to the 5rinters container'*,'Q it Active Directory Users and 7o$% ters

Q: 6o" $any sers are (o))ed onCconnected to a server? A: The server9s conso(e itse(!2 "ith native co$$ands on(y: NET SESSION V FIND C7 <QQ<Re$ote(y2 "ith the he(% o! SysInterna(s9 5SToo(s: 5SETE7 QQserverna$e NET SESSION V FIND C7 <QQ< Q: When did so$eone (ast chan)e his %ass"ord? A: With the native NET co$$and: NET USER (o)inna$e CDOMAINVFIND CI <5ass"ord (ast set< Q: <I need an %>to>date (ist o! dis& s%ace sa)e !or a(( servers2 on $y des& in 8 $in tes< A:

With Windo"s Server -..D co$$ands: FOR CF WWA IN /servers't=t0 DO /WMI7 CNode:WWA 4o)ica(Dis& Where DriveTy%eU<D< ;et DeviceID2Fi(eSyste$2FreeS%ace2Si3e CFor$at: 7SV V MORE CE X- YY SRVS5A7E'7SV 0 Q: Di!!erence #et"een Windo"s -..D Standard Edition and Windo"s -..D Enter%rise Edition' Windo"s -..D Feat resStandard Ed Enter%rise Ed7( sterin) EE Server c( sters EE Active Directory Federation Services EE ADFS 5ro=y EE Microso!t Identity Inte)ration Server -..D /MIIS0 s %%ort EE K>"ay sy$$etric $ (ti%rocessin) /SM50 s %%ort EE S %%ort !or D- ;J o! RAM EE S %%ort !or ,A ;J o! RAM EE 6ot Add Me$ory EE Microso!t Identity Inte)ration Server -..D /MIIS0 s %%ort EE Ter$ina( Server Session Directory EE

Virt a(i3ed OS instances "ith (icense: Enter%rise Edition EE Non>Uni!or$ Me$ory Access /NUMA0 EE Q:

@o are the ad$inistrator o! yo r co$%anyNs net"or&' @o r co$%any has its $ain o!!ice in Seatt(e and #ranch o!!ices in 4ondon2 5aris2 and Rio de Zaneiro' The (oca( ad$in at each #ranch o!!ice $ st #e a#(e to contro( sers and (oca( reso rces' @o "ant to %revent the (oca( ad$inistrators !ro$ contro((in) reso rces in #ranch o!!ices other than their o"n' @o "ant to create an Active Directory str ct re to acco$%(ish these )oa(s' What sho (d yo do? A:

7reate chi(d OUs !or each o!!ice' De(e)ate contro( o! each OU to the (oca( ad$inistrators at each o!!ice' INTERVIEW QUESTIONS FOR WINDOWS DOMAIN Q: @o are insta((in) a ne" Windo"s -... Server co$% ter on yo r e=istin) Windo"s NT net"or&' @o r n D75ro$o'e=e to %ro$ote the server to a do$ain contro((er in a do$ain na$ed do$ain'(oca(' @o receive the !o((o"in) error $essa)e: FThe do$ain na$e s%eci!ied is a(ready in se on the net"or&G' There are no other Windo"s -... do$ains on yo r net"or&' What sho (d yo do? A: 7han)e the do"n (eve( do$ain na$e to do$ain*' Q: @o are the ad$inistrator o! yo r co$%anyNs net"or&' The co$%any has t"o native>$ode do$ains in si= sites' Each site has one or $ore do$ain contro((ers' Users re%ort that at ti$es o! hi)h net"or& sa)e2 a thentication and directory searches are e=tre$e(y s(o"' @o "ant to i$%rove net"or& %er!or$ance' What sho (d yo do? A: Desi)nate a do$ain contro((er in each site as a )(o#a( cata(o) server'

Q: @o are the ad$inistrator o! a Windo"s -... net"or&' The net"or& is co$%osed o! !o r do$ains na$ed ar#orshoes'co$2 na'ar#orshoes'co$2 sa'ar#orshoes'co$2 and !a#ri&a$'co$' the root o! the !orest is ar#orshoes'co$' There are t"o Windo"s NT JD7s in each do$ain' ;ra%hic artists %(ace !inished art"or& !or Fa#ri&a$2 Inc'2 in a shared !o(der (ocated on a do$ain contro((er na$ed #na.*'!a#ri&a$'co$' Read and Write %er$issions are )ranted to the Artists Do$ain 4oca( )ro % in the !a#ri&a$'co$ do$ain' Sharon is a $e$#er o! the ;ra%hic Artists )(o#a( distri# tion )ro % in the na'ar#orshoes'co$ do$ain' She is na#(e to )ain access to the shared !o(der' @o "ant to a((o" Sharon access to the shared !o(der' What sho (d yo do? A: 7han)e the ;ra%hic Artists )ro % ty%e to Sec rity and add it to the Artists Do$ain 4oca( )ro %' Q: @o are the ad$inistrator o! a Windo"s -... do$ain' The do$ain is in native $ode' The do$ain contains *8 Windo"s -... Server co$% ters that are ! nctionin) as do$ain contro((ers and *28.. Windo"s NT Wor&station c(ient co$% ters D rin) a %o"er o ta)e2 the !irst do$ain contro((er that yo insta((ed s !!ers a catastro%hic hard"are !ai( re and "i(( not restart' A!ter the %o"er o ta)e2 sers re%ort that %ass"ord chan)es do not ta&e e!!ect !or severa( ho rs' In addition2 sers are not a#(e to (o) on or connect to reso rces #y sin) their ne" %ass"ords' What sho (d yo do to correct this %ro#(e$? A: Usin) the Ntds ti( ti(ity2 connect to another do$ain contro((er and sei3e the 5D7 e$ (ator ro(e' Q: Which FSMO ro(e

ta&es care o! ser to )ro % re!erences in a Do$ain 7ontro((er? A: In!rastr ct re Master Q: At "hich d rin) the start %C(o)on se: ence is the )ro % %o(icy !or the ser %rocessed? A: The )ro % %o(icy !or the ser a%%(ied a!ter the ser (o)s on # t the #e!ore the ser9s des&to% a%%ears'

Q: A

do$ain (oca( )ro % can contain one o! the !o((o"in): A: Users !ro$ any do$ain in the !orest Q: What reso rces are % #(ished to the Active Directory #y de!a (t? A: Users2 ;ro %s2 7o$% ters Q: Which is the reso rce to #e $an a((y % #(ished in the Active Directory? A: Shared Fo(der Q: @o are the ad$inistrator o! a do$ain na$ed "i%ro'co$' The do$ain contains OU na$e Sa(es that has -. sers' In the Active directory ser and co$% ters conso(e on a do$ain contro((er co$% ter conso(e on a do$ain contro((er na$e D7*' @o inadvertent(y de(ete the sa(es OU' @o "ant to reinstate the sa(es OU' What sho (d yo do? A: 5er!or$ a thoritative restore o! the Sa(es OU !ro$ the (ast #ac& % Q: Which FSMO ro(e ta&es care o! $odi!ication to the sche$a on a Do$ain 7ontro((er? A: Sche$a Master Q: 6o" $any n $#er o! )(o#a( cata(o) servers yo can have in a !orest? A:

Any n $#er

INTERVIEW QUESTIONS FOR WINDOWS DOMAIN Q: @o have accidenta((y de(eted an or)ani3ationa( nit !ro$ yo r Windo"s -..D do$ain and "ish to %er!or$ a a thoritative restore !or the or)ani3ationa( nit' Which too( do yo se to $ar& the de(eted or)ani3ationa( nit as a thoritative d rin) the restore %rocess? A: NTDSUTI4 Q: What is the 7riteria !or i$%(e$entin) $ (ti%(e Sites in Windo"s -..D A: Jand"idth Avai(a#i(ity Q: Which FSMO ro(e ta&es care o! 7reation o! RID 5OO4S? A: RID Master Q: When yo r n D75ro$o'e=e to insta(( the ne" chi(d do$ain2 yo receive an error $essa)e statin) that the e=istin) do$ain cannot #e contacted' Insta((ation o! the ne" chi(d do$ain "i(( not %roceed' What sho (d yo do to correct this %ro#(e$? A: 7on!i) re the ne" do$ain contro((er "ith the address o! an a thoritative DNS server !or the e=istin) do$ain' Q: What is the $ini$ $ Dis& S%ace re: ired to insta(( Active Directory? A:

-.. MJ !or ADX8. MJ !or 4o) Fi(es Q: @o are the ad$inistrator o! yo r co$%any' @o r co$%any has its $ain o!!ice in Jan)a(ore and #ranch o!!ices in De(hi2 and M $#ai' The (oca( ad$in at each #ranch o!!ice $ st #e a#(e to contro( sers and (oca( reso rces' @o "ant to %revent the (oca( ad$inistrators !ro$ contro((in) reso rces in #ranch o!!ices other than their o"n' @o "ant to create an Active Directory str ct re to acco$%(ish these )oa(s' What sho (d yo do? A: 7reate chi(d OUs !or each o!!ice' De(e)ate contro( o! each OU to the (oca( ad$inistrators at each o!!ice' Q: @o are the ad$inistrator o! yo r co$%anyNs net"or&' The co$%any has t"o native>$ode do$ains in si= sites' Each site has one or $ore do$ain contro((ers' Users re%ort that at ti$es o! hi)h net"or& sa)e2 a thentication and directory searches are e=tre$e(y s(o"' @o "ant to i$%rove net"or& %er!or$ance' What sho (d yo do? A: Desi)nate a do$ain contro((er in each site as a )(o#a( cata(o) server' Q: @o are insta((in) a ne" Windo" -..D Server co$% ter on yo r e=istin) Windo"s -... net"or&' @o r n D75ro$o'e=e to %ro$ote the server to a do$ain contro((er in a do$ain na$ed do$ain'(oca(' @o receive the !o((o"in) error $essa)e: FThe do$ain na$e s%eci!ied is a(ready in se on the net"or&G' There are no other Windo"s -... do$ains on yo r net"or&' What sho (d yo do? A: 7han)e the do"n (eve( do$ain na$e to do$ain*'