1. What is Active Directory?
Active Directory is Microsoft's trademarked directory service. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories.
2. What is X.500 Directory Service?
A standard way to develop an electronic directory of people in an organization so that it can be part of a global directory available to anyone in the world with Internet access. The idea is to be able to look up people in a user-friendly way by name, department, or organization. Many enterprises and institutions have created an X.500 directory. Because these directories are organized as part of a single global directory, you can search for hundreds of thousands of people from a single place on the World Wide Web.,,,
3. What is LDAP?
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" (smaller amount of code) version of X.500. LDAP originated at the University of Michigan and has been endorsed by at least 40 companies.
4. Explain AD’s Logical and Physical Components
The logical structure consists of OUs, domains, trees, and forests. The logical structure helps you design a network hierarchy that suits your organizational needs.
The physical structure consists of sites and domain controllers. The physical structure helps you optimize network traffic by customizing the network configuration.
Domain
The core component of AD’s logical structure is the domain. A domain is a unit of replication—all domain controllers in a domain replicate information to each other and contain a complete copy of directory information for their domain. Domains also act as security boundaries.
Organization Unit (OU)
You use OUs to organize objects within a domain and to delegate authority to individuals or groups who need to manage those objects. For example, if the finance department wants to manage its own resources, you can create an OU container called Finance, create objects (e.g., users, computers, printers) within that container, and assign someone from the finance department to manage these resources (known as delegating the authority).
Tree
Multiple Domains form a Tree. All domains in a tree maintains contiguous name space.
Ex:- Microsoft .com, Support. Microsoft .com, US. Microsoft .com etc
Forest
A forest is one or more trees that don't share a contiguous namespace. We can have two trees in a forest representing two namespaces in one organization. A forest will share a common configuration (e.g., information about domains, computers, and trust relationships), schema (e.g., classes and attributes), and a Global Catalog.
Physical structure - Sites and domain controllers.
Site - is one or more well-connected IP subnets, controls replication traffic between domain controllers and lets users authenticate with a domain controller within their site. This functionality helps you optimize network traffic and logon authentication in large enterprises.
Domain controller - Domain controller, which is a Win2K server running AD, contains a complete replica of the domain database. In Win2K, no single domain controller acts as a master domain controllern. All domain controllers use a multimaster replication model and are peers.
5. What are FSMO Roles?
Though Windows 2K/2K3 domain models are multimaster, there are certain roles performed only by a single server. These are known as Flexible Single Master Operations. There are five FSMO roles: Domain naming Master, Schema Master, RID Master, PDC Emulator and Infrastructure Master. There must be a domain controller that owns each one of those roles.
1.Domain naming Master: The machine which hasDomain Naming mastershould be available for adding and removing a domain the roll is forest wide
2.Schema Master: this is permits the extention of schema. the schema to be extented the schema master should be on line
the roll is forest wide
3.RID Master: Relative ID will alocate the pool of RIDs to domain cotrolers. the roll is Domain wide
4.PDC Emulator: Primary Domain Controler Emulats as a PDC for backword compactability.the roll is Domain wide
5.Infrastructure Master: This will initiate replication of group membership changes .the roll is Domain wide
6. What is Authoritative Restore and how it is performed?
An authoritative restore replicates all objects that are marked authoritative to every domain controller hosting the naming contexts that the objects are in. To perform an authoritative restore on the computer, you must use the Ntdsutil.exe tool to make the necessary USN changes to the Active Directory database.
7. What is the Volume Shadow Copy Service?
The Volume Shadow Copy service, or VSS for short, is a new feature in Windows 2003 server that allows you to maintain multiple views of how files, folders and shares on a Windows 2003 server appeared in the past. Shadow copy will allow you to restore a deleted or modified file.
8. What is DFS?
The Distributed File System is used to build a hierarchical view of multiple file servers and shares on the network. Instead of having to think of a specific machine name for each set of files, the user will only have to remember one name; which will be the 'key' to a list of shares found on multiple servers on the network.
9. What is Kerberos?
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
10. What are the well known ports?
Netstat - 15
FTP – 20 (data) and 21(Control)
SSH -22
Telnet – 23
SMTP -25
Wins - 42
DNS -53
DHCP – server 67 & clint 68
TFTP – 69
HTTP – 80 Secure 81
Kerbros - 88 *
POP3 – 110
NNTP - 119
Net bios - 139
SNMP - 161
IMAP3 – 220
LDAP - 389
SSL - Secuer socket leyar - 443
RIP - 520
MS Sql - 1433
NFS - 2049
RDP - Remote Desk top Protocals - 3389
X Windows - 6000
11. What is network Monitor and which is the protocol used for Network Monitor?
Network Monitor is a protocol analyzer used to capture inbound and outbound frames. The protocol used is SNMP.
12. What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global/domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.
13. I am trying to create a new universal user group. Why can’t I?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
14. What is LSDOU?
It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.
15. Where are group policies stored?
%SystemRoot%System32\GroupPolicy
16. What is GPT and GPC?
Group policy template and group policy container.
17. Where is GPT stored?
%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
18. You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?
The computer settings take priority.
19. How can you restrict running certain applications on a machine?
Via group policy, security settings for the group, then Software Restriction Policies.
20. You need to automatically install an app, but MSI file is not available. What do you do?
A .zap text file can be used to add applications using the Software Installer, rather than the Windows Installer.
21. What’s the difference between Software Installer and Windows Installer?
The former has fewer privileges and will probably require user intervention. Plus, it uses .zap files.
22. What is loop back address and its purpose?
127.0.0.1. The Loop back address is used to check the drivers of the TCP/IP protocol.
23. What can be restricted on Windows Server 2003 that wasn’t there in previous products?
Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters.
24. How frequently is the client policy refreshed?
90 minutes.
25. Where is secedit?
It’s now gpupdate.
26. You want to create a new group policy but do not wish to inherit.
Make sure you check Block inheritance among the options when creating the policy.
27. What does IntelliMirror do?
IntelliMirror intelligently mirror user settings. It helps to reconcile desktop settings, applications, and stored files for users, particularly those who move between workstations or those who must periodically work offline.
28. What are private IP addresses?
The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets (local networks):
10.0.0.1 - 10.255.255.254
172.16.0.1 - 172.31.255.254
192.168.0.1 - 192.168.255.254
29. What are the IP Classes?
Class A 1-126.x.x.x, hosts supported 16777214, with mask 255.0.0.0
Class B 128-191.x.x.x, hosts supported 65534, with mask 255.255.0.0
Class C 192-223.x.x.x, hosts supported 254, with mask 255.255.255.0
Class D 224-239.x.x.x, reserved for multicast addressing
Class E 240-254.x.x.x, reserved for experimental use
30. What is CIDR?
This is a shorthand notation for a subnet mask, classless interdomain routing (CIDR) notation. It counts the number of 1's in the subnet masks binary representation and is displayed after the ip address, for example 192.168.2.12/24 means that the subnet mask is 255.255.255.0 since we have 24 1's in the subnet mask.
31. How many name resolution for windows?
There are Two (1) NetBIOS (2) DNS
32. What is DNS?
Domain Naming System. To resolve Host name to IP Address
33. What’s the difference between forward lookup and reverse lookup in DNS?
Forward lookup is name-to-address, the reverse lookup is address-to-name.
34. Types of Zones
Primary, Secondary and STUB Zone
35. What is Primary Zone?
Primary zones, which store their zone information in a writable text file on the name server.
36. What is Secondary Zone?
Secondary zones, which store their zone information in a read-only text file on the name server.
37. What is Stub Zone?
Stub zone is a new feature in windows 2003. It is like a secondary zone. But there are certain differences. The differences are while secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records:
(1) Copy of the SOA record for the zone.
(2) Copies of NS records for all name servers authoritative for the zone.
(3) Copies of A records for all name servers authoritative for the zone.
38. What are the common Resource Records
A, NS, SOA, MX, SRV, Cname, PTR
39. What is Conditional Forwarding
Conditional forwarding is a new feature of DNS in Windows Server 2003. Conditional forwarding can be used to speed up the DNS name resolution process by directing queries for specific domains to specific name servers.
40. What is LMHOSTS file?
It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.
41. What is HOSTS file?
It’s a file stored on a host machine that is used to resolve Host name to specific IP addresses.
42. What is DHCP?
DHCP stands for "Dynamic Host Configuration Protocol". DHCP allows for dynamic allocation of network addresses and configurations newly attached hosts.
43. Describe how the DHCP lease is obtained.
It’s a four-step process consisting of (a) DHCP Discover, (b) DHCP Offer, © DHCP Request (d) DHCP Acknowledgement.
44. Can a BOOTP client boot from a DHCP server?
Only if the DHCP server is specifically written to also handle BOOTP queries.
45. What is DHCP Scope?
Scope - A range of IP addresses that the DHCP server can assign to clients that are on one subnet.
46. What is Supersocpe?
Superscope is a range of IP addresses that span several subnets. The DHCP server can assign these addresses to clients that are on several subnets.
47. What is Client Reservation?
Client Reservation is used to be sure a computer gets the same IP address all the time. Therefore since DHCP IP address assignments use MAC addresses to control assignments.
48. What is Exclusion range?
Exclusion range is used to reserve a bank of IP addresses so computers with static IP addresses, such as servers may use the assigned addresses in this range. These addresses are not assigned by the DHCP server.
49. Which utility is used to compact DHCP Database?
JETPACK
50. What is Scope Options?
Scope options are IP configuration settings for a particular subnet including the IP address of the router (default gateway), DNS Server, Domain Name, WINS Server etc.
51. Why we need DHCP Relay Agent?
When you have clients on different Subnets, you either need to have multiple DHCP Servers, or a DHCP Relay Agent. All DHCP packets are broadcast packets. When there is a DHCP broadcast the router will not forward the broadcast packets. To allocate IP address for the clients which are on a network other than DHCP server, you need to configure DHCP relay agent on Router. The DHCP Relay Agent allows you to place DHCP Clients and DHCP Servers on different networks.
52. I can’t seem to access to the corporate network and on ipconfig my address is 169.254.X.X. What happened?
The 169.254.x.x netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing)
53. We’ve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP lease for the Server. Reason out why the lease is not available?
The server must be authorized first with the Active Directory.
54. How can you force the client to give up the dhcp lease if you have access to the client PC?
ipconfig /release
55. What are the occasion a client renew IP address from DHCP server
1) Every restart 2) 50% of lease duration 3) ipconfig /renew
56. What authentication options do Windows 2003 Servers have for remote clients?
PAP, SPAP, CHAP, MS-CHAP, MS-CHAP v2 and EAP.
57. What is data link layer in the OSI reference model responsible for?
Data link layer is located above the physical layer, but below the network layer. Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, while the physical layer is responsible for retrieving and sending raw data bits.
58. What is Routing?
Routing is the process of transferring packets from one network to other network. Windows 2003 can be configured as router.
59. What are the features available with Windows 2003 Routing and Remote Access Server (RRAS)?
We can configure a windows 2003 machine as Router, Remote Access Server, NAT Server, Demand Dial Router, and VPN Server.
60. Differentiate Routed Protocol and Routing Protocol
Routed protocol: Any network protocol that provides enough information in its network layer address to allow a packet to be forwarded from one host to another host based on the addressing scheme. x: IP/IPX
Routing protocols: facilitate the exchange of routing information between networks, allowing routers to build routing tables dynamically. Ex: RIP, OSPF
61. Explain Distance Vector and link state protocol
Routing protocols fall into two main categories, Distance Vector or Link State. Distance Vector protocols determine best path by counting number of HOPS. Hops are devices. Link State protocols are capable of using more sophisticated methods taking into consideration link variables, such as bandwidth, delay, reliability and load.
62. Give examples of Distance Vector and Link State Protocol
Distance Vector
RIP, IGRP
Link State
OSPF, EIGRP
63. Which are the routing protocol supported by windows 2003?
RIP and OSPF
64. What is METRIC?
Metrics are values routing protocols use to determine the best path to a destination, when multiple paths exist.
65. What is RADIUS?
Remote Authentication and Dial In Service (RADIUS) is a server for remote user authentication and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations.
66. Which is Microsoft Implementation of RADISU? And when it is required?
MS Implementation of RADIUS is Internet Authentication Service (IAS). IAS need to be configured when the set up needs to centrally manage Authentication, Authorization and Accounting.
67. What is Remote Access Policy?
Remote access policies are an ordered set of rules that define how connections are either authorized or rejected. For each rule, there are one or more conditions, a set of profile settings, and a remote access permission setting.
68. What are the Remote Access Policy Elements and how they are evaluated?
The three policy elements are evaluated in the following order:
Conditions
Permissions
Profile
69. Explain about Routing table?
There are three types of routes that one finds inside a routing table:
Default route - there is a single entry for this route in the table, the address provided is used as a destination for packets whose address doesn't match any other entry in the routing table. This route is indicated by both address and network mask of 0.0.0.0
Host route - provides route to a specific host or a broadcast address, this type of routes is marked by network mask of 255.255.255.255
Network route - provides route to a specific network, this type of routes can have a subnet mask between 0.0.0.0 and 255.255.255.255
70. What is binding order?
The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.
71. What’s the major difference between FAT and NTFS on a local machine?
FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files.
72. How do FAT and NTFS differ in approach to user shares?
They don’t, both have support for sharing.
73. What is CIFS?
The protocol used for File and print sharing in windows network. Common Internet File System (CIFS) is an extension of the SMB protocol that is used with basic file sharing. One of the advantages of CIFS over SMB is the ability to operate directly over DNS without the use of NetBIOS.
74. What are the types of Backup in windows?
There are five types.
Normal – Takes the full backup, Will not see the Archive bit but uncheck the bit after backup
Incremental – Backs up only the files whose archive bit is on and uncheck the bit after backup
Differential - Backs up only the files whose archive bit is on and will not uncheck the bit after backup
Copy – Just like normal. Will not do anything with Archive bit.
Daily - Back up all the files which are created/modified on scheduled date.
75. Explain the List Folder Contents permission on the folder in NTFS.
Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.
76. I have a file to which the user has access, but he has no folder permission to read it. Can he access it?
It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user can’t drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into Run… window.
77. For a user in several groups, are Allow permissions restrictive or permissive?
Permissive, if at least one group has Allow permission for the file/folder, user will have the same permission.
78. For a user in several groups, are Deny permissions restrictive or permissive?
Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access, regardless of other group permissions.
79. What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, print$.
80. What’s the difference between standalone and fault-tolerant DFS (Distributed File System) installations?
The standalone server stores the Dfs directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the Dfs root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the Dfs topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders.
81. We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box.
Use the UNC path, not all client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares.
82. Where exactly do fault-tolerant DFS shares store information in Active Directory?
In Partition Knowledge Table, which is then replicated to other domain controllers.
83. Is Kerberos encryption symmetric or asymmetric?
Symmetric.
84. How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
Time stamp is attached to the initial client request, encrypted with the shared key.
85. What hashing algorithms are used in Windows 2003 Server?
RSA Data Security’s Message Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash.
86. Which are the four domain functional levels in windows 2003?
Mixed, Native, NT Interim and Windows 2003.
87. What’s the number of permitted unsuccessful logons on Administrator account?
Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.
88. What’s the difference between guest accounts in Server 2003 and other editions?
More restrictive in Windows Server 2003.
89. If you uninstall Windows Server 2003, which operating systems can you revert to?
Win ME and Win 98.
90. What is ICF?
Internet Connection Firewall (ICF) is firewall software that is used to set restrictions on what traffic is allowed to enter your network from the Internet. ICF protects your network against external threats by allowing safe network traffic to pass through the firewall into your network, while denying the entrance of unsafe traffic.
91. What are the Windows Server 2003 keyboard shortcuts?
Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.
92. Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003?
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.
93. How long does it take for security changes to be replicated among the domain controllers?
Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).
94. What’s new in Windows Server 2003 regarding the DNS management?
When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.
95. When should you create a forest?
Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.
96. How can you authenticate between forests?
Four types of authentication are used across forests: (1) Kerberos and NTLM network logon for remote access to a server in another forest; (2) Kerberos and NTLM interactive logon for physical logon outside the user’s home forest; (3) Kerberos delegation to N-tier application in another forest; and (4) user principal name (UPN) credentials.
97. What snap-in administrative tools are available for Active Directory?
Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak)
98. What is Global Catalog?
The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.
99. How is user account security established in Windows Server 2003?
When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID. The user and related group SIDs together form the user account’s security token, which determines access levels to objects throughout the system and network. SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access.
100. If I delete a user and then create a new account with the same username and password, would the SID and permissions stay the same?
No. If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different.
101. What remote access options does Windows Server 2003 support?
Dial-in, VPN, dial-in with callback.
102. Where are the documents and settings for the roaming profile stored?
All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is.
103. Where are the settings for all the users stored on a given machine?
Document and Settings\All Users
104. What languages can you use for log-on scripts?
JavaScipt, VBScript, DOS batch files (.com, .bat, or even .exe)
105. What is presentation layer responsible for in the OSI model?
The presentation layer establishes the data format prior to passing it along to the network application’s interface. TCP/IP networks perform this task at the application layer.
106. Does Windows Server 2003 support IPv6?
Yes.
107. What’s the difference between the basic disk and dynamic disk?
The basic type contains partitions, extended partitions, logical drivers, and an assortment of static volumes; the dynamic type does not use partitions but dynamically manages volumes and provides advanced storage options
108. How do you install recovery console?
C:\i386\win32 /cmdcons, assuming that your Win server installation is on drive C.
109. What’s new in Terminal Services for Windows 2003 Server?
Supports audio transmissions as well, although prepare for heavy network load.
110. What’s the name of the user who connects to the Web site anonymously?
IUSR_computername
111. What’s the relation between SSL and TLS?
Transport Layer Security (TLS) extends SSL by providing cryptographic authentication.
112. What’s a heartbeat?
Communication processes between the nodes designed to ensure node’s health.
113. Which service do you use to set up various alerts?
MOM (Microsoft Operations Manager).
114. What is KCC?
115. How AD offline defragmentation carried out?
116. What is Metta data cleener?
117. Networking Moniter protocal? and tools ?
118. Service responsable for SYSVOL relication ?
119. Define the following :
GPT:(Group policy Templet)
GPC:(Group policy Container)
GPO:(Group policy Object)
120.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment