>What is Active Directory ?
Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user information, computer information and also other network object info. It has capabilities to manage and administor the complite Network which connect with AD.
> What is Active Directory Domain Services ?
In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to AD DS, but the information is also applicable to Active Directory.
>What is domain ?
A domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The 'domain' is simply your computer address not to confused with an URL. A domain address might look something like 211.170.469.
>What is domain controller ?
A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.
>What is LDAP ?
Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.
>What is KCC ?
KCC ( knowledge consistency checker ) - It generates the replication topology by specifying what domain controllers will replicate to which other domain controllers in the site. The KCC maintains a list of connections, called a replication topology, to other domain controllers in the site. The KCC ensures that changes to any object are replicated to all site domain controllers and updates go through no more than three connections. Also an administrator can configure connection objects..
>Where is the AD database held ? What other folders are related to AD?
By default AD data base is stored in c:\windows\ntds\NTDS.DIT. SYSVOL & NETLOGON are other folders related to AD DS.
>What is the SYSVOL folder?
System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS). Network clients access the contents of the SYSVOL tree by using the NETLOGON and SYSVOL shared folders. Sysvol uses junction points-a physical location on a hard disk that points to data that is located elsewhere on your disk or other storage device-to manage a single instance store.
> What is the Netlogon folder in AD DS and What is it used for?
The NETLOGON share is pointing to %SystemRoot%\sysvol\sysvol\{DOMAIN}\scripts folder on DC, and it's main purpose is for storing logon scripts.
By default %SystemRoot%\sysvol\sysvol\{DOMAIN}\scripts is empty. When we are deployed any script via GPO that is the default location for storing the script.
By default sysvol includes 2 folders, the scripts folder is shared with the name NETLOGON
>What are the difference between Enterprise Admins and Domain Admins groups in AD ? Enterprise Admins : Members of this group have full control of all domains in the forest. By default, this group is a member of the Administrators group on all domain controllers in the forest. By default, the Administrator account is a member of this group. Because this group has full control of the forest, add users with caution.
Domain Admins : Members of this group have full control of the domain. By default, this group is a member of the Administrators group on all domain controllers, all domain workstations, and all domain member servers at the time they are joined to the domain. By default, the Administrator account is a member of this group. Because the group has full control in the domain, add users with caution.
>Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003 ? The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.
>I am trying to create a new universal user group. Why can’t I ? Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
>What is LSDOU ? It’s group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units.
>Why doesn’t LSDOU work under Windows NT ? If the NTConfig.pol file exist, it has the highest priority among the numerous policies.
>What’s the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.
> What’s the difference between guest accounts in Server 2003 and other editions? More restrictive in Windows Server 2003.
> How many passwords by default are remembered when you check "Enforce Password History Remembered"? User’s last 6 passwords.
> Can GC Server and Infrastructure place in single server If not explain why ?
As a general rule, the infrastructure master should be located on a nonglobal catalog domain controller that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold.
But there are exceptions to this “general rule”.
Two exceptions to the "do not place the infrastructure master on a global catalog server" rule are: Single domain forest:
In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
Multidomain forest where every domain controller in a domain holds the global catalog:
If every domain controller in a domain that is part of a multidomain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain.
> What Intrasite and Intersite Replication ?
Intrasite is the replication with in the same site & intersite the replication between sites.
> What is lost & found folder in ADS ?
It’s the folder where you can find the objects missed due to conflict.
Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find the OU then it will put that in Lost & Found Folder.
> What is Garbage collection ?
Garbage collection is a housekeeping process that is designed to free space within the Active Directory database. In Windows 2000 and in the original release version of Windows Server 2003, this process runs on every domain controller in the enterprise with a default lifetime interval of 12 hours. You can change this interval by modifying the garbageCollPeriod attribute in the enterprise-wide DS configuration object (NTDS).
> What System State data contains ?
Contains Startup files,
Registry
Com + Registration Database
Memory Page file
System files
AD information
Cluster Service information
SYSVOL Folder