Home | Windows | Network | Interview Questions | Database | Virtualization | Knowledge Base | Contact Us

Quick Links
Windows 2003 KB

Windows 2008 KB

Windows 2012 KB

MS Cluster FAQ's

Virtualization

 

Command reference

Exchange Q&A

Linux Interview Q&A

VM Interview Q&A

DNS FAQ's

DHCP FAQ's

 

Active Directory FAQ's

AD History

Configuring New Domain

Deleted Object Recovery in AD

Global Catalog Server

 

NetDom Command

Replmon Command

NTDS Utility Guide

FSMO Guide

FSMO Failure

Network Interview Questions

SQL Interview Questions

Active Directory Trust

Group Policy Guide

IIS 6.0

 

RAID Levels

RPC Guide

Domain & Forest Functional Levels

SQL Failover Cluster

Planning Trust

Creating Trust

Top Active directory Interview Questions


>Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003?
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.

>What is Global Catalog?
The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.

>How long does it take for security changes to be replicated among the domain controllers?
Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).

>When should you create a forest?
Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.

>Describe the process of working with an external domain name ?
If it is not possible for you to configure your internal domain as a subdomain of your external domain, use a stand-alone internal domain. This way, your internal and external domain names are unrelated. For example, an organization that uses the domain name contoso.com for their external namespace uses the name corp.internal for their internal namespace.

The advantage to this approach is that it provides you with a unique internal domain name. The disadvantage is that this configuration requires you to manage two separate namespaces. Also, using a stand-alone internal domain that is unrelated to your external domain might create confusion for users because the namespaces do not reflect a relationship between resources within and outside of your network.

In addition, you might have to register two DNS names with an Internet name authority if you want to make the internal domain publicly accessible.

> Difference between KCC and ISTG?
KCC (Knowledge consistency checker) is responsible for generating site replication toplolgies between domain controllers. KCC runs in each DC of a domain and creates a connection object for each DC in AD. It is responsible for all intra-site replication.

In case of an inter-site scenario, there will be a bridge-head server to manage site-site replication. Here, the connection objects for the bridge-head servers are created in a seperate way. ISTG (Inter-Site Topology Generator) is responsible for creating connection objects in bridge-head servers. ISTG is nothing but a KCC server(DC), which is responsible for reviewing the inter-site topology and creating inbound replication connection objects as necessary for bridgehead servers in the site in which it resides.The domain controller holding this role may not necessarily also be a bridgehead server.

> What is lingering objects in active directory ?
Lingering objects can occur if a domain controller does not replicate for an interval of time that is longer than the tombstone lifetime (TSL). The domain controller then reconnects to the replication topology. Objects that are deleted from the Active Directory directory service when the domain controller is offline can remain on the domain controller as lingering objects.

> What is KDC in Active Directory ?
The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each
domain controller as part of Active Directory Domain Services.

Continue Next Questions           Previous Questions

      Windows Server 2008 Articles        Windows Server 2012 Articles      Virtualization Articles

HTML Comment Box is loading comments...

Home | Windows | Network | Interview Q&A | Database| Knowledge Base | Contact Us

Designed by TechieBird