Active Directory Interview Questions – Part 7

By | October 27, 2019

61. I want to look at the RID allocation table for a DC. What do I do?
dcdiag /test:ridmanager /s:servername /v (servername is the name of our DC)

62. What is BridgeHead Server in AD?
A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.

63. What is Site Link Bridges in AD DS?
When more than two sites are linked for replication and use the same transport, all of the site links are “bridged” in terms of cost by default, assuming that the site links have common sites. When site links are bridged, they are transitive. That is, all site links for a specific transport implicitly belong to a single site link bridge for that transport. So in the common case of a fully routed IP network (in which all sites can communicate with each other by IP), administrators do not have to configure any site link bridges.

If the IP network is not fully routed, the transitive site link feature can be turned off for the IP transport (the Bridge all site links option on the General tab in the IP transport object property sheet or SMTP transport object property sheet). In this case, all IP site links are considered intransitive, and site link bridges are configured. A site link bridge is the equivalent of a disjoint network; all site links within the bridge can route transitively, but they do not route outside the bridge.

64. What is subnets in AD DS?
Computers on TCP/IP networks are assigned to sites based on their location in a subnet or a set of subnets. Subnets group computers in a way that identifies their physical proximity on the network. Subnet information is used during the process of domain controller location to find a domain controller in the same site as the computer that is logging on. This information also is used during Active Directory replication to determine the best routes between domain controllers.

65. What FSMO placement considerations do you know of?
Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory.

In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process.

However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC. Windows Server 2003 Active Directory is a bit different than the Windows 2000 version when dealing with FSMO placement.

In this article I will only deal with Windows Server 2003 Active Directory, but you should bear in mind that most considerations are also true when planning Windows 2000 AD FSMO roles

66. What is OU?
Organization Unit is a container object in which you can keep objects such as user accounts, groups, computer, printer. applications and other (OU). In organization unit you can assign specific permission to the users. organization unit can also be used to create departmental limitation.

67. Name some OU design considerations?
OU design requires balancing requirements for delegating administrative rights – independent of Group Policy needs – and the need to scope the application of Group Policy.

The following OU design recommendations address delegation and scope issues:
Applying Group Policy an OU is the lowest-level Active Directory container to which you can assign Group Policy settings. Delegating administrative authority usually don’t go more than 3 OU levels.

68. What is sites? What are they used for?
One or more well-connected (highly reliable and fast) TCP/IP subnets.
A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.

A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets.

Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.
Sites can be linked to other Sites. Site-linked objects may be assigned a cost value that represents the speed, reliability, availability, or other real property of a physical resource. Site Links may also be assigned a schedule.

69. Trying to look at the Schema, how can I do that?

register schmmgmt.dll using this command
c:\windows\system32>regsvr32 schmmgmt.dll
Open mmc –> add snapin –> add Active directory schema
name it as schema.msc
Open administrative tool –> schema.msc

70. What is the port no of Kerberos?


Leave a Reply

Your email address will not be published. Required fields are marked *