Windows Server 2003 Active Directory Interview Questions
>What is the difference between Windows 2000 Active Directory and Windows 2003 Active Directory? Is there any difference in 2000 Group Polices and 2003 Group Polices? What is meant by ADS and ADS services in Windows 2003? Windows 2003 Active Directory introduced a number of new security features, as well as convenience features such as the ability to rename a domain controller and even an entire domain.
Windows Server 2003 also introduced numerous changes to the default settings that can be affected by Group Policy - you can see a detailed list of each available setting and which OS is required to support it by downloading the Group Policy Settings Reference.
ADS stands for Automated Deployment Services, and is used to quickly roll out identically-configured servers in large-scale enterprise environments. You can get more information from the ADS homepage.
>I want to setup a DNS server and Active Directory domain. What do I do first? If I install the DNS service first and name the zone 'name.org' can I name the AD domain 'name.org' too?
Not only can you have a DNS zone and an Active Directory domain with the same name, it's actually the preferred way to go if at all possible. You can install and configure DNS before installing Active Directory, or you can allow the Active Directory Installation Wizard (dcpromo) itself install DNS on your server in the background.
>How do I determine if user accounts have local administrative access?
You can use the net localgroup administrators command on each workstation (probably in a login script so that it records its information to a central file for later review). This command will enumerate the members of the Administrators group on each machine you run it on. Alternately, you can use the Restricted Groups feature of Group Policy to restrict the membership of Administrators to only those users you want to belong.
>What is the ISTG? Who has that role by default?
The Domain controllers each create Active Directory Replication connection objects representing inbound replication from intra-site replication partners. For inter-site replication, one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG).
Simply the Intersite Topology Generator (ISTG) is the domain controller in each site that is responsible for generating the intersite topology.
>What is difference between Server 2003 vs 2008?
1. Virtualization. (Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit versions. More and more companies are seeing this as a way of reducing hardware costs by running several 'virtual' servers on one physical machine.)
2. Server Core (provides the minimum installation required to carry out a specific server role, such as for a DHCP, DNS or print server)
3. Better security.
4. Role-based installation.
5. Read Only Domain Controllers (RODC).
6. Enhanced terminal services.
7. Network Access Protection - Microsoft's system for ensuring that clients connecting to Server 2008 are patched, running a firewall and in compliance with corporate security policies.
8. PowerShell - Microsoft's command line shell and scripting language has proved popular with some server administrators.
9. IIS 7 .
10. Bitlocker - System drive encryption can be a sensible security measure for servers located in remote branch offices. >br>
The main difference between 2003 and 2008 is Virtualization, management.
2008 has more in-build components and updated third party drivers.
11. Windows Aero.
>What are the requirements for installing AD on a new server?
1 The Domain structure.
2 The Domain Name .
3 storage location of the database and log file.
4 Location of the shared system volume folder.
5 DNS config Methode.
6 DNS configuration.
>What are the default Active Directory Built in groups ? Groups in the Builtin container
- Account Operators
- Backup Operators
- Incoming Forest Trust Builders
- Network Configuration Operators
- Performance Monitor Users
- Performance Log Users
- Pre-Windows 2000 Compatible Access
- Print Operators
- Remote Desktop Users
- Server Operators
Groups in the Users container
- Cert Publishers
- DnsAdmins (If installed with DNS)
- DnsUpdateProxy (If installed with DNS)
- Domain Admins
- Domain Computers
- Domain Controllers
- Domain Guests
- Domain Users
- Enterprise Admins (only appears in the forest root domain)
- Group Policy Creator Owners
- IIS_WPG (installed with IIS)
- RAS and IAS Servers
- Schema Admins (only appears in the forest root domain)
>What is LDP?
LDP : Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network.