Active Directory Interview Questions – Part 8

By | October 27, 2019

71. What is Kerberos & Kerberos Authentication?Kerberos provides secure user authentication with an industry standard that permits interoperability. The Active Directory domain controller maintains user account and log-in information to support the Kerberos service.

The Kerberos version 5 authentication protocol provides a mechanism for authentication — and mutual authentication — between a client and a server, or between one server and another server.

72. What is the port no of Global Catalog?3268

73. What Is the Global Catalog?The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.

74. What are the roles of global catalog?
1. Finds objects
2. Supplies user principal name authentication
3. Supplies universal group membership information in a multiple domain environment
4. Validates object references within a forest:- validate references to objects of other domains in the forest.

75. What is the port no of LDAP?389

 76. What is LDAP?The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

77. Explain Active Directory Schema?
Windows Active Directory uses a database set of rules called “Schema”. The Schema is defines as the formal definition of all object classes, and the attributes that make up those object classes, that can be stored in the directory. As mentioned earlier, the Active Directory database includes a default Schema, which defines many object classes, such as users, groups, computers, domains, organizational units, and so on.

These objects are also known as “Classes”. The Active Directory Schema can be dynamically extensible, meaning that you can modify the schema by defining new object types and their attributes and by defining new attributes for existing objects. You can do this either with the Schema Manager snap-in tool included with Windows 2000/2003 Server, or programmatically.

78. What is domain tree?
Domain Trees: A domain tree comprises several domains that share a common schema and configuration, forming a contiguous namespace. Domains in a tree are also linked together by trust relationships. Active Directory is a set of one or more trees.  Trees can be viewed two ways. One view is the trust relationships between domains. The other view is the namespace of the domain tree.

79. What is forests?
A collection of one or more domain trees with a common schema and implicit trust relationships between them. This arrangement would be used if you have multiple root DNS addresses.

80. Difference between KCC and ISTG?
KCC (Knowledge consistency checker) is responsible for generating site replication topologies between domain controllers. KCC runs in each DC of a domain and creates a connection object for each DC in AD. It is responsible for all intra-site replication.

In case of an inter-site scenario, there will be a bridge-head server to manage site-site replication. Here, the connection objects for the bridge-head servers are created in a separate way. ISTG (Inter-Site Topology Generator) is responsible for creating connection objects in bridge-head servers. ISTG is nothing but a KCC server (DC), which is responsible for reviewing the inter-site topology and creating inbound replication connection objects as necessary for bridgehead servers in the site in which it resides. The domain controller holding this role may not necessarily also be a bridgehead server.

81. What is lingering objects in active directory?
Lingering objects can occur if a domain controller does not replicate for an interval of time that is longer than the tombstone lifetime (TSL). The domain controller then reconnects to the replication topology. Objects that are deleted from the Active Directory service when the domain controller is offline can remain on the domain controller as lingering objects.

82. What is KDC in Active Directory?
The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services.

83. What are the physical components of Active Directory?

Domain controllers and Sites. Domain controllers are physical computers which is running Windows Server operating system and Active Directory data base. Sites are a network segment based on geographical location and which contains multiple domain controllers in each site.

84. What are the logical components of Active Directory?

Domains, Organizational Units, trees and forests are logical components of Active Directory.

85. What are the Active Directory Partitions?

Active Directory database is divided into different partitions such as Schema partition, Domain partition, and Configuration partition. Apart from these partitions, we can create Application partition based on the requirement.

Leave a Reply

Your email address will not be published. Required fields are marked *