Home | Windows | Network | Interview Questions | Database | Virtualization | Knowledge Base | Contact Us

Quick Links

Windows 2003 KB

Windows 2008 KB

Windows 2012 KB

MS Cluster FAQ's

Virtualization

 

Command reference

Exchange Q&A

Linux Interview Q&A

VM Interview Q&A

 

Network Interview Questions

SQL Interview Questions

Windows Admin Interview Q&A

Windows Forum

Other Links

DNS FAQ's

DHCP FAQ's

Active Directory FAQ's

AD History

Configuring New Domain

Deleted Object Recovery in AD

Global Catalog Server

NetDom Command

Replmon Command

NTDS Utility Guide

FSMO Guide

FSMO Failure

 

Network KB

Knowledge Base Home

Active Directory Trust

Group Policy Guide

IIS 6.0

RAID Levels

 

RPC Guide

Domain & Forest Functional Levels

SQL Failover Cluster

Hyper-V

Print Server

BitLocker

PowerShell

Planning Trust

Creating Trust

Windows Server 2008 Active directory Interview Questions and Answers


>What is Realm trust ?
Use realm trusts to form a trust relationship between a non-Windows Kerberos realm and an Active Directory domain.

> Name few Active Directory Built in groups

  • SID: S-1-5-32-544 - Name: Administrators - Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group.
  • SID: S-1-5-32-548 - Name: Account Operators - Description: A built-in group that exists only on domain controllers. By default, the group has no members. By default, Account Operators have permission to create, modify, and delete accounts for users, groups, and computers in all containers and organizational units of Active Directory except the Builtin container and the Domain Controllers OU. Account Operators do not have permission to modify the Administrators and Domain Admins groups, nor do they have permission to modify the accounts for members of those groups.
  • SID: S-1-5-32-549 - Name: Server Operators - Description: A built-in group that exists only on domain controllers. By default, the group has no members. Server Operators can log on to a server interactively; create and delete network shares; start and stop services; back up and restore files; format the hard disk of the computer; and shut down the computer.
  • SID: S-1-5-32-550 - Name: Print Operators - Description: A built-in group that exists only on domain controllers. By default, the only member is the Domain Users group. Print Operators can manage printers and document queues.
  • SID: S-1-5-32-551 - Name: Backup Operators - Description: A built-in group. By default, the group has no members. Backup Operators can back up and restore all files on a computer, regardless of the permissions that protect those files. Backup Operators also can log on to the computer and shut it down.

In a domain environment these groups are present, and are used for administrative purposes.

  • SID: S-1-5-21domain-512 - Name: Domain Admins - Description: A global group whose members are authorized to administer the domain. By default, the Domain Admins group is a member of the Administrators group on all computers that have joined a domain, including the domain controllers. Domain Admins is the default owner of any object that is created by any member of the group.
  • SID: S-1-5-21root domain-518 - Name: Schema Admins - Description: A universal group in a native-mode domain; a global group in a mixed-mode domain. The group is authorized to make schema changes in Active Directory. By default, the only member of the group is the Administrator account for the forest root domain.
    • SID: S-1-5-21root domain-519 - Name: Enterprise Admins - Description: A universal group in a native-mode domain; a global group in a mixed-mode domain. The group is authorized to make forest-wide changes in Active Directory, such as adding child domains. By default, the only member of the group is the Administrator account for the forest root domain.
    • SID: S-1-5-21domain-520 - Name: Group Policy Creator Owners - Description: A global group that is authorized to create new Group Policy objects in Active Directory. By default, the only member of the group is Administrator.

 

 

Continue Next Questions Previous Questions

      Windows Server 2008 Articles        Windows Server 2012 Articles      Virtualization Articles

HTML Comment Box is loading comments...

 
Home | Windows | Network | Interview FAQs | Database| Knowledge Base | Contact Us

 

Designed by TechieBird