25 Basic Things About 2k3 AD Prepared by : Venkat Rajaiah EMP:801943 1)What are different Editions of Windows 2003 server?

i)Standard Edition ii)Web Edition iii)Enterprise Edition iv)Datacenter Edition 2)What is active directory? Active Directory is the directory service included in the Windows Server 2003 fa mily. Active Directory includes the directory, which stores information about ne twork resources, as well as all the services that make the information available and useful. Active Directory is also the directory service included in Windows 2000. 3)What is the active directory database name and where it is located? Name : NTDS.Dit located in c:\windows\ntds\ 4)What is the expantion of .Dit ? Scalable size of NTDS in 2k3? .Dit Directory Information Tree. It is scalable up to 70 TB.

5)What is schema in AD? The Active Directory schema defines objects that can be stored in Active Directo ry. The schema is a list of definitions that determines the kinds of objects and the types of information about those objects that can be stored in Active Direc tory. Because the schema definitions themselves are stored as objects, they can be administered in the same manner as the rest of the objects in Active Director y. Normally called schema object or metadata . 6)Structure of AD in 2kX? 1)Physical structure Sites ,Domain Controllers 2)Logical structures Forest, Tree, Domain, OU 7)What are the domain functional levels in 2k3? 1)Mixed mode 2)Native mode 3)Interim mode 8)What is Global catalog and GC server? The global catalog is the central repository of information about objects in a t ree or forest. By default, a global catalog is created automatically on the init ial domain controller in the first domain in the forest. A domain controller tha t holds a copy of the global catalog is called a global catalog server. 9)What are the functions of GC? A)It enables a user to log on to a network by providing universal group membersh ip information to a domain controller when a logon process is initiated. B)It enables finding directory information regardless of which domain in the for est actually contains the data.

10)What is the active directory database engine name? ESE (Extensible Storage Engine) 11)What are the partitions available in AD? i)Schema partition ii) Configuration Partition iii) Domain Partition iv)Application Partition 12)What are the two types of replications? Inter-site(Site to site) and Intra-site(With in site) replications. 13)What is KCC ? What is the function of the KCC? The KCC is a built-in process that runs on all domain controllers. The KCC confi gures connection objects between domain controllers. Within a site, each KCC gen erates its own connections. For replication between sites, a single KCC per site generates all connections between sites. 14)What are the two trust protocols 2k3 using ? Kerberos V5 and NTLM 15)What are the trust relations available in 2k3? Tree-Root , Parent- Child , Shortcut, Realm, Forest trust , External trust 16)What is the hierarchy of applying Gpo in 2k3? It is applied from parent level to child level in AD. i) Local GPO ii) GPOs linked to sites iii) GPOs linked to domains iv) GPOs linked to OUs 17)What are the protocols used on replication? RPC over IP (Used for synchronies transfer) , SMTP over IP (Asynchronies transfe r) 18)What is the default time delay on replication? Intra site 15 min ( KCC automatically create the topology for Replication) Inter-site 1 hrs. Security related changes replicated immediately across sites. 19)What Different tables available in NTDS database? i)Schema table ii)Link Table iii)Data table iv)Configuration Table 19)Where is the FRS logs stored in and what is the database engine name? c:\windows\ntfrs\jet\log ,The engine used is jet database engine. Ntfrs.jdb.

20)What is tombstone object in AD? What is it s life time? Any objects deleted from Active directory will not removed from Database immedia tely. That object is called tombstone object. The default life time for that obj ect is 60 days.For win 2k3 SP1 180 days 21) What are the FSMO roles in AD and what are the functionalities of those role s? Every Active Directory forest must have the following roles: 1) Schema master 2) Domain naming master These roles must be unique in the forest. This means that throughout the entire forest there can be only one schema master and one domain naming master. Schema Master Role The domain controller assigned the schema master role controls all updates and m odifications to the schema. To update the schema of a forest, you must have acce ss to the schema master. At any time, there can be only one schema master in the entire forest. Domain Naming Master Role The domain controller holding the domain naming master role controls the additio n or removal of domains in the forest. There can be only one domain naming maste r in the entire forest at any time. Domain-Wide Operations Master Roles Every domain in the forest must have the following roles: 3)Relative identifier (RID), or relative ID, master 4) Primary domain controller (PDC) emulator 5) Infrastructure master These roles must be unique in each domain. This means that each domain in the fo rest can have only one RID master, PDC emulator master, and infrastructure maste r. RID Master Role The domain controller assigned the RID master role allocates sequences of relati ve IDs to each of the various domain controllers in its domain. At any time, the re can be only one domain controller acting as the RID master in each domain in the forest. Whenever a domain controller creates a user, group, or computer object, it assig ns the object a unique security ID. The security ID consists of a domain securit y ID (that is the same for all security IDs created in the domain) and a relativ e ID that is unique for each security ID created in the domain. To move an object between domains (using Movetree.exe: Active Directory Object M anager), you must initiate the move on the domain controller acting as the RID m aster of the domain that currently contains the object. PDC Emulator DNS is a distributed file system stands 4 domain naming system. Resolves name to IP address n vice versa. There are three types of queries that a client can make to a DNS server. 1. Recursive 2. Iterative 3. Inverse. There r two types of lookup 1. Forward lookup- resolves name to IP address. 2. Reverse lookup- resolves address to name. There r three types of zones

1. AD integrated zone 2. Standard primary zone 3. Standard secondary zone Zone Database Transfer Type : 1. AXFR --All zone database trans 2. IXFR -- Incremental database trans It is always inititated by client side In ACtive Directory Integrated Zones , DNS zonefiles are stored in the ACtive di rectory database, So zone files replicate when replication happens between Domai n Controllers. An Active Directory-integrated zone is an available option when the DNS server is installed on an Active Directory domain controller. When a DNS zone is instal led as an Active Directory zone, the DNS information is automatically updated on other server AD domain controllers with DNS by using Active Directory s multimast er update techniques. Zone information stored in the Active Directory allows DNS zone transfers to be part of the Active Directory replication process secured b y Kerberos authentication A Standard primary DNS holds a master copy of a zone and can replicate it to all configured secondary zones in standard text format. Any changes that must be ma de to the zone are made on the copy stored on the primary.On the Other hand , A standard secondary zone holds a read-only copy of the zone information in standa rd text format. Secondary zones are created to increase performance and resilien ce of the DNS configuration. Information is transferred from the primary zone to the secondary zones. STUB ZONE A stub zone is a read-only copy of a zone that contains only those resource reco rds necessary to identify the authoritative DNS servers for the actual zone. A s tub zone is used to keep a parent zone aware of the authoritative DNS servers fo r a delegated zone and thereby maintain DNS name resolution efficiency. For example, a customer who is running Windows 2000 (that has both a parent and child domain) will typically create a delegation record in the parent zone for t he child domain, thus enabling the child DNS server to host the primary zone for the child domain. As new DNS servers are added to the child domain, the delegat ion record must be updated manually on the parent DNS server to reflect those ne w child DNS servers. Alternatively, with stub zones, the parent DNS server can host a stub zone for t he child domain and become aware of new child DNS servers automatically when the stub zone is loaded or reloaded. Stub zones are not limited to use in a parent-child domain topology; they also c an be used to resolve resource records in other domains in the forest and, theor etically, for other forests as well. The administrator cannot modify a stub zone's resource records. Any changes the administrator wants to make to the resource records in a stub zone must be made in the original, primary zone from which the stub zone is derived. Unlike second ary zones, stub zones can be stored in Active Directory. A stub zone is composed of: The start-of-authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub

zone. The primary restriction for a stub zone is that it may not be hosted on a DNS se rver that is authoritative for the same zone. For example, the stub zone for chi ld.widgets.microsoft.com cannot be hosted on a DNS server that already contains a primary zone for child.widgets.microsoft.com. If the zone widgets.mi In short about stub zone 1) Allow a parent domain to automatically identify the DNS servers in a child do main. 2)Only contain the SOA, NS, and A records. 3)The DNS server is able to query NS directly instead of through recursion with root hints. 4)Changes to zones are made when the master zone is updated or loaded. The local list of master zones define physically local servers from which to tra nsfer. ored in Active Directory. A stub zone is composed of: The start-of-authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub zone. The primary restriction for a stub zone is that it may not be hosted on a DNS se rver that is authoritative for the same zone. For example, the stub zone for chi ld.widgets.microsoft.com cannot be hosted on a DNS server that already contains a primary zone for child.widgets.microsoft.com. If the zone widgets.mi In short about stub zone 1) Allow a parent domain to automatically identify the DNS servers in a child do main. 2)O