Active Directory Interview Questions – Part 2

By | June 7, 2020

17. Active Directory Replication Topology Options
The Active Directory replication typologies typically utilized are:

Ring Topology: With intrasite replication, the KCC creates a ring topology that defines the replication paths within a site. In a ring topology, each domain controller in a site has two inbound and outbound replication partners. The KCC creates the ring so that there is no greater than three hops between domain controllers in a site.
Full Mesh Topology: This topology is typically utilized in small organizations where redundancy is extremely important, and the number of sites is quite small. A full mesh topology is quite expensive to manage and is not scalable.
Hub and Spoke Topology: This topology is typically implemented in large organizations where scalability is important, and redundancy is less important. In this topology, one or multiple hub sites exist that have slower WAN connections to multiple spoke sites. The hub sites are usually connected to each other through high speed WAN connections.
Hybrid Topology: The hybrid topology is a combination of any of the above topologies.

18. What is SPN?
A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. services.

19. What is AD Certificate Services?
Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies.

20. What is Active Directory Federation Services?
Active Directory Federation Services (AD FS) simplifies access to systems and applications using a claims-based access (CBA) authorization mechanism to maintain application security. AD FS supports Web single-sign-on (SSO) technologies that help information technology (IT) organizations collaborate across organizational boundaries.

AD FS 2.0 is a downloadable Windows Server 2008 update that is the successor to AD FS 1.0, which was first delivered in Windows Server 2003 R2, and AD FS 1.1, which was made available as a server role in Windows Server 2008 and Windows Server 2008 R2. Previous versions of AD FS are referred to collectively as AD FS 1.x.

21. What is the Active Directory Management Gateway Service?
Windows Server 2008 R2 introduces a web service interface for application accessibility to Active Directory (AD), and the Windows Server 2008 R2 AD PowerShell cmdlets use this service.

ADMGS provides this web service interface for Windows Server 2003 SP2 and Windows Server 2008 domain controllers (DCs). The service lets Server 2008 R2 AD PowerShell cmdlets and other applications work against the DCs with ADMGS installed.

22. What is Offline Domain Join?
Windows Server 2008 R2 domain controllers include a new feature named Offline Domain Join. A new utility named Djoin.exe lets you join a computer to a domain, without contacting a domain controller while completing the domain join operation, by obtaining a blob from a Windows Server 2008 R2 domain controller at an earlier point in time. The computer is domain-joined when it first starts, so no restart is needed as with a normal domain join.

23. What is AD Administrative Center?
Active Directory Administrative Center provides network administrators with an enhanced Active Directory data management experience and a rich graphical user interface (GUI). Administrators can use Active Directory Administrative Center to perform common Active Directory object management tasks (such as user, computer, group, and organization unit’s management) through both data-driven and task-oriented navigation.

Administrators can use the enhanced Active Directory Administrative Center GUI to customize Active Directory Administrative Center to suite their particular directory service administering requirements.

24. What is AD DS Best Practices Analyzer?
Active Directory Domain Services (AD DS) Best Practices Analyzer (BPA) is a server management tool that can help you implement best practices in the configuration of your Active Directory environment. AD DS BPA scans the AD DS server role as it is installed on your Windows Server 2008 R2 domain controllers, and it reports best practice violations.

You can filter or exclude results from AD DS BPA reports that you do not need to see. You can also perform AD DS BPA tasks by using either the Server Manager graphical user interface (GUI) or cmdlets in the Windows PowerShell command-line interface.

25. What is the ISTG? Who has that role by default?
The Domain controllers each create Active Directory Replication connection objects representing inbound replication from intra-site replication partners. For inter-site replication, one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG).

26. What are the default Active Directory Built in groups?
Groups in the Builtin container
– Account Operators
– Administrators
– Backup Operators
– Guests
– Incoming Forest Trust Builders
– Network Configuration Operators
– Performance Monitor Users
– Performance Log Users
– Pre-Windows 2000 Compatible Access
– Print Operators
– Remote Desktop Users
– Replicator
– Server Operators
– Users

Groups in the Users container
– Cert Publishers
– DnsAdmins (If installed with DNS)
– DnsUpdateProxy (If installed with DNS)
– Domain Admins
– Domain Computers
– Domain Controllers
– Domain Guests
– Domain Users
– Enterprise Admins (only appears in the forest root domain)
– Group Policy Creator Owners
– IIS_WPG (installed with IIS)
– RAS and IAS Servers
– Schema Admins (only appears in the forest root domain)

Leave a Reply

Your email address will not be published. Required fields are marked *