What is ADS? A: Active Directory is the directory service used by Windows 2000.

A directory service consists of two parts a centralized, hierarchical database that contains information about users and resources on a network, and a service that manages the database and enables users of computers on the network to access the database. In Windows 2000, the database is called the Active Directory data store, or sometimes just the directory. The Active Directory data store contains information about various types of network objects, including printers, shared folders, user accounts, groups, and computers. The three primary purposes of Active Directory are: To provide user logon and authentication services To enable administrators to organize and manage user accounts, groups, and network resources. To enable authorized users to easily locate network resources, regardless of where they are located on the network.

What is the command to install/remove ADS? A: Dcpromo

How do we know that ADS is install on the system? A: Server Side 1. Using Event Viewer Event Viewer -> Directory Service -> Event Type: Information, Event Source: NTDS General, Event Category: Service Control, Event ID: 1000, Description: Microsoft Directory startup complete, version 5.00.2160.1 2. Using the Active Directory Administrative Tools Active Directory Domains and Trusts Active Directory Sites and Services Active Directory Users and Computers 3. Go to Active Directory Users and Computers -> Domain name 4. Go to Active Directory Users and Computers -> Domain Controllers -> Computer Name

Client Side 1. Verifying Client Connectivity through My Network Places icon. 2. Joining a Domain

How to you check ADS is installed without errors? A: Check the Evenetlog for errors Check for dclogerr file in windows folder

How to check system uptime (since when server is online)? A: By systeminfo command we can find, from when & what time the system is up and running. Check event viewer in system log -> find: Event ID 6005 (The Event log service was started) when system is rebooted and came back online. Event ID 6006 (The Event log service was stopped) when system is shutdown.

How do you know windows are installed without any errors? A: See the Eventlog & Setuperr.log file in windows folder

How to troubleshoot ADS problems? A: DCDiag.exe (DC Diagnostic) command from resource kit

What is the full form of NTDS? A: New Technology Directory Service

Where the NTDS file located? A: %systemroot%/NTDS folder -> NTDS.dit

What is the database of ADS? A: NTDS.DIT file (New technology directory service. Directory Information Tree)

What does SYSVOL folder contains? A: The SYSVOL folder is critical because it contains the domains public files. This directory is shared out (as SYSVOL), and any files kept in the SYSVOL folder are replicated to all other domain controllers in the domain using the File Replication Service (FRS). The SYSVOL folder also contains the following items: The NETLOGON share, which is the location where domain logon requests are submitted for

processing, and where logon scripts can be stored for client processing at logon time. Windows Group Policies FRS folders and files that must be available and synchronized between domain controllers if the FRS is in use. Distributed Files System (DFS), for example, uses the FRS to keep shared data consistent between replicas.

What is Global Catalog Server? A: It is a Master Searchable Index that contains information about every object in every domain in a forest.

What is the function of Global Catalog Server? A: The global catalog contains a complete replica of all objects in Active Directory of its host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest. A global catalog server performs two important functions: Provides group membership information during logon and authentication. Helps users locate resources in Active Directory If a global catalog server is not available, the user will not be able to log on to the domain unless that user is a member of the Domain Admins group. Each domain maintains its own global catalog server. And, by default, there is only one global catalog server in each domain. The Global Catalog stores the following Active Directory information: Schema information for the forest. Configuration information for all domains in the forest A subset of domain data for all domains in the forest All domain data for the domain of which the Global Catalog server is a member.

What is the port of Global Catalog Server? A: 3268

What is LDAP & what it does? A: In order to insert, update, and query information from within the Active Directory, Microsoft has chosen to employ the worldwide Internet Engineering Task Force (IETF) standard protocol called the Lightweight Directory Access Protocol (LDAP)

What is the port of LDAP? A: 389

What is FSMO role? A: FSMO Roles (Flexible Single Master Operations) Forest-Wide Operations Master Roles 1. Scheme Master The Schema Master is unique in the entire forest. New Classes or Attributes can only be created by the Schema Master. Updates are then replicated to all domains in the forest. 2. Domain Naming Master The Domain Naming Master manages the names of every domain in the forest. It is unique in the forest. Only the Domain Naming Master can add and remove domains in the tree or forest to avoid that naming conflicts occur.

Domain-Wide Operations Master Roles 1. PDC Emulator The PDC Emulator is unique in the Domain and provides backward compatibility to downlevel clients and servers in the following ways: Provides downlevel clients support for password updates Performs replication to downlevel BDCs It acts as the Master Domain Browser, if the Windows NT Browser service is enabled 2. RID Master The RID Master is unique in the Domain. When a Security Principal (e.g. User, Group) is created, it receives a domain wide Security ID (SID), and a domain-wide unique Relative ID (RID). Every Windows 2000 DC receives a pool of RIDs it can use. The RID Master ensures that these ID remain unique on every DC by assigning different pools.

3. Infrastructure Master It is unique in the Domain.

Whenever a user is added to or removed from a group, all of the other domain controllers should be made aware of this change. The role of the domain controller that acts as an Infrastructure Master is to ensure that group membership information stays synchronized within an Active Directory domain.

What is RID Master, PDC Emulator & Infrastructure Master? A: Domain-Wide Operations Master Roles 1. PDC Emulator The PDC Emulator is unique in the Domain and provides backward compatibility to downlevel clients and servers in the following ways: Provides downlevel clients support for password updates Performs replication to downlevel BDCs It acts as the Master Domain Browser, if the Windows NT Browser service is enabled 2. RID Master The RID Master is unique in the Domain. When a Security Principal (e.g. User, Group) is created, it receives a domain wide Security ID (SID), and a domain-wide unique Relative ID (RID). Every Windows 2000 DC receives a pool of RIDs it can use. The RID Master ensures that these ID remain unique on every DC by assigning different pools.

3. Infrastructure Master It is unique in the Domain. Whenever a user is added to or removed from a group, all of the other domain controllers should be made aware of this change. The role of the domain controller that acts as an Infrastructure Master is to ensure that group membership information stays synchronized within an Active Directory domain.

Where we can apply the Group Policy? A: We can apply the GP on 3 objects 1. OU (Organizational Units)

2. Domain 3. Sites

What is the command to refresh group policy? A: Gpupdate in 2003 & secedit /refreshpolicy machine_policy in 2000

How to see the output for the GP (how many ways we can see it)? A: RSOP GPMC Gpresult Command

What are the Sites? A: A collection of one or more well-connected IP subnets. When Active Directory is installed, Windows 2000 created a single, original site named DefaultFirst-Site-Name.

What is site to site replication? A: Intersite Replication Intersite replication is Active Directory replication that takes place between sites. Unlike intrasite replication, intersite replication is not automatically configured and performed by Windows 2000. An Administrator must manually create and configure sites and other Active Directory components before intersite replication will occur. All intersite replication is sent in a compressed format to save network bandwidth. Two different Windows 2000 protocols can be used for intersite replication: 1. Remote Procedure Call (RPC) over IP 2. Simple Mail Transfer Protocol (SMTP) RPC over IP is the preferred protocol and requires the use of fully routed TCP/IP connections between sites. RPC over IP is faster than SMTP. SMTP is not recommended is because it can only be used to replicate the schema and

configuration partitions. You cant use SMTP to replicate the domain partition. You should be familiar with the following key information about intersite replication: Replication between sites uses compression. The compression of Active Directory increases the processing load on domain controllers. It also cuts back on bandwidth use. It uses scheduling. Replication between sites occurs only during scheduled hours. It uses a replication interval. The replication is available only during a set schedule; even then, it happens only periodically during those set hours.

What is the default time for replication of Sites? A: Default Replication time 180 Minutes

What is the command to restore the deleted user accounts? A: NTDSUTIL

Which command is used to defrag the ADS? A: NTDSUTIL

What is the difference between Authoritative and Non-Authoritative restore? A: The term authoritative is used to describe a restore in which the domain controller being restored has the master, or authoritative, copy of Active Directory. A non-authoritative restore is a domain controller being restored that does not have an authoritative copy of Active Directory. When a domain controller is started, replication occurs during the boot phase, and Active Directory is synchronized. Whether the restore is authoritative or non-authoritative then specifies the direction of replication. An authoritative restore pushes Active Directory out to other domain controllers, and a non-authoritative restore synchronizes changes to the domain controller being booted. To explain further, lets suppose that a domain controller fails due to hardware failure. It takes several days to obtain a replacement part for the machine and to repair the domain controller. During this time, other domain controllers have continued to function normally, and various changes in the network and Active Directory have taken place. When the failed domain controller is started for the first time after completing the recovery process, replication occurs and the changes in Active Directory are replicated to the previously failed computer. The domain controller is brought up to date with the rest of the network. This a non-authoritative restore. Now lets suppose that the failure you suffered was due to human error, and an administrator

deletes significant portions of Active Directory. If you follow the normal procedure of restoring Active Directory from yesterdays backup and rebooting the server, replication will occur, and all the changes and deletions made by the administrator will be replicated back to the domain controller. Performing a normal restore would not bring back the deleted objects. To recover your lost users and OUs, you must perform an authoritative restore and specify the objects that you want to replicate to the rest of the network.

Performing a Non-authoritative Restore A non-authoritative restore is the simpler of the two types to perform. After the restore process is complete, the domain controller will replicate with other domain controllers upon reboot and synchronize Active Directory. When the domain controller finishes booting, it will contain the most up-to-date version of Active Directory. To perform a non-authoritative restore, follow these steps: 1. Boot the domain controller into Directory Service restore mode. 2. Enter the restore password that was created when the domain controller was created. This password may be different than the administrative password. 3. After logging on, start Backup Utility for Windows by typing ntbackup from the Run command. 4. At the welcome screen, choose the Restore Wizard. 5. Follow the prompts, selecting to restore the system state data. 6. When the restore process completes, verify that it was completed without errors and restart the domain controller.

Performing an Authoritative Restore There are situations when simply restoring Active Directory from a backup tape is not enough. Remember, when a domain controller boots, it replicates with other domain controller. If an adverse operation was performed (think user or OU deletion) and replication has occurred, the change will be replicated back to the domain controller on reboot, even though a backup was restored. In this situation, you can use the ntds utility, to mark the restore as authoritative and replicate the restored Active Directory to the other domain controllers. To perform an authoritative restore, perform a system state restore and then perform the following steps: 1. Before rebooting the server, open a command prompt and type ntdsutil. Press ENTER. 2. From the ntdsutil prompt, type authoritative restore and press ENTER. 3. From the authoritative restore prompt, type restore database and press ENTER. 4. After the operation completes, restart the computer.

What is DNS? A: DNS stands for Domain Name System. The primary purpose of DNS, which consists of a set of specified naming rules and implementation standards, is to provide host name resolution. Host Name resolution is the process of resolving a computers user-friendly host name to the numerical IP address of that computer.

What are the different types of Zones in DNS? A: In Windows 2000 1. Forward lookup zone 2. Reverse lookup zone 3. Standard primary zone 4. Active Directory-integrated zone 5. Standard secondary zone In Windows 2003 All above zones and Stub zone also

What is the function of SOA record in DNS? A: SOA (Start of Authority) -> Specifies the authoritative server for a zone.

How to troubleshoot DNS problem? A: By using nslookup command.

Explain the process of DHCP? A: The DHCP lease process consists of a four-packet conversation between the DHCP client and DHCP server. The conversation can be remembered with an mnemonic called DORA: Discover The DHCP client initiates the process by trying to discover any servers in the network. This discover packet is a broadcast packet (technically clients are looking for a server running BOOTP, and most computers getting the request ignore it). Offer Any server running the BOOTP service responds with an offer of an IP address if it receives the packet. This means that if two DHCP servers are running on your network, two IP addresses will be offered to the DHCP clients. This is also broadcast back to the DHCP client, because as of yet the client has no IP address.

 Request The DHCP client is not picky; it will request the first offer it receives. Also broadcast back to the network, this packet contains the server identifier for the DHCP server who made the offer. That way, if another DHCP server made an offer and it was not accepted, it will know that the IP address it offered was not taken, and it can put it back into its pool of available addresses. Acknowledgement The ack packet is sent from the DHCP server to the requesting client and contains the pertinent IP configuration information the IP address, subnet mask, and any other optional information. Also in the content of this packet are the lease duration and the server identifier of the DHCP server that offered the lease. That way, at renewal time, the client does not have to broadcast to re-up its IP address lease.

What is DFS? What is the reason for using DFS? What is the port number? A: The Distributed File System (Dfs) is a file system that enables an administrator to make shares that are stored on various servers on the network appear to users as though they are stored within a single share on a single server. The use of Dfs makes finding network resources easier for users because users dont have to know which server physically contains the shared resource they are trying to access. You should consider implementing Dfs if: Users who access shared folders are distributed across a site or sites. Most users require access to multiple shared folders. Server load balancing could be improved by redistributing shared folders. Users require uninterrupted access to shared folders. Your organization has Web sites for either internal or external use. Port number for DFS is 139

What is the difference between FLZ and RLZ? (Forward Lookup Zone & Reverse Lookup Zone) A: FLZ This type of zone contains host name to IP address mappings. RLZ This type of zone contains IP address to host name mappings