>Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003?
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.
>What is Global Catalog?
The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.
>How long does it take for security changes to be replicated among the domain controllers? Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).
>When should you create a forest? Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.
>Describe the process of working with an external domain name ? If it is not possible for you to configure your internal domain as a subdomain of your external domain, use a stand-alone internal domain. This way, your internal and external domain names are unrelated. For example, an organization that uses the domain name contoso.com for their external namespace uses the name corp.internal for their internal namespace.
The advantage to this approach is that it provides you with a unique internal domain name. The disadvantage is that this configuration requires you to manage two separate namespaces. Also, using a stand-alone internal domain that is unrelated to your external domain might create confusion for users because the namespaces do not reflect a relationship between resources within and outside of your network.
In addition, you might have to register two DNS names with an Internet name authority if you want to make the internal domain publicly accessible.
> Difference between KCC and ISTG?
KCC (Knowledge consistency checker) is responsible for generating site replication toplolgies between
domain controllers. KCC runs in each DC of a domain and creates a connection object for each DC in AD.
It is responsible for all intra-site replication.
In case of an inter-site scenario, there will be a bridge-head server to manage site-site replication.
Here, the connection objects for the bridge-head servers are created in a seperate way. ISTG
(Inter-Site Topology Generator) is responsible for creating connection objects in bridge-head servers.
ISTG is nothing but a KCC server(DC), which is responsible for reviewing the inter-site topology and
creating inbound replication connection objects as necessary for bridgehead servers in the site in
which it resides.The domain controller holding this role may not necessarily also be a bridgehead
> What is lingering objects in active directory ?
Lingering objects can occur if a domain controller does not replicate for an interval of time that is
longer than the tombstone lifetime (TSL). The domain controller then reconnects to the replication
topology. Objects that are deleted from the Active Directory directory service when the domain
controller is offline can remain on the domain controller as lingering objects.
> What is KDC in Active Directory ?
The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and
temporary session keys to users and computers within an Active Directory domain. The KDC runs on each
domain controller as part of Active Directory Domain Services.