Windows Server 2008 Active directory Interview Questions and Answers
QUESTION NO: 4
Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD LDS). You need to create new organizational units in the AD LDS application directory partition. What should you do?
A. Use the dsmod OU <OrganizationalUnitDN> command to create the organizational units.
B. Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.
C. Use the dsadd OU <OrganizationalUnitDN> command to create the organizational units.
D. Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition.
To create new OUs in the AD LDS application directory partition, you should use ADSI Edit snap-in. ADSI Edit is a snap-in that runs in a Microsoft Management Console (MMC). The default console containing ADSI Edit is AdsiEdit.msc. If this snap-in is not added in your MMC, you can do it by adding through Add/Remove Snap-in menu option in the MMC or you can open AdsiEdit.msc from a Windows Explorer.
QUESTION NO: 5
Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role.
DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role.
You need to ensure that DC2 holds the Schema Master role.
What should you do?
A. Configure DC2 as a bridgehead server.
B. On DC2, seize the Schema Master role.
C. Log off and log on again to Active Directory by using an account that is a member of the Schema Administrators group. Start the Active Directory Schema snap-in.
D. Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.
To ensure that DC2 holds the Schema Master role, you should seize the Schema Master role on DC2. Seizing the schema master role is a drastic step that should be considered only if the current operations master will never be available again. So to transfer the schema master operations role, you have to seize it on DC2.
QUESTION NO: 6
Your company has an Active Directory forest that runs at the functional level of Windows Server 2008.
You implement Active Directory Rights Management Services (AD RMS).
You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied."
You need to open the AD RMS administration Web site.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A. Restart IIS.
B. Manually delete the Service Connection Point in AD DS and restart AD RMS.
C. Install Message Queuing.
D. Start the MSSQLSVC service.
To rectify the SQL server problem, you have to restart the internet information server (IIS). The IIS server will be refreshed. Then you start the MSSQULSVC service to start the SQL server. This will enable you to access the database from AD RMS administration website.
QUESTION NO: 7
Your network consists of an Active Directory forest that contains one domain named contoso.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You have two Active Directory-integrated zones: contoso.com and nwtraders.com. You need to ensure a user is able to modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the nwtraders.com zone. What should you do?
A. From the Active Directory Users and Computers console, run the Delegation of Control Wizard.
B. From the Active Directory Users and Computers console, modify the permissions of the Domain Controllers organizational unit (OU).
C. From the DNS Manager console, modify the permissions of the contoso.com zone.
D. From the DNS Manager console, modify the permissions of the nwtraders.com zone.
To allow the user to modify records in contoso.com and prevent him/her from modifying the SOA record in contoso.com zone, you should set the permissions of contoso.com through DNS Manager Console. You set the permissions for the users to modify the records in contoso.com. By setting permission on one Active directory-integrated zone, you will be preventing the users from modifying anything else on the other zones.