Windows 2008 R2 Active directory Interview Questions and Answers
>Explain about Trust in AD ?
To allow users in one domain to access resources in another, Active Directory uses trusts. Trusts inside a forest are automatically created when domains are created.
Communication between domains occurs through trusts. Trusts are authentication pipelines that must be
present in order for users in one domain to access resources in another domain. Two default trusts are
created when using the Active Directory Installation Wizard. There are four other types of trusts that
can be created using the New Trust Wizard or the Netdom command-line tool.
> Explain types of trust in AD ?
- Default trusts:
By default, two-way, transitive trusts are automatically created when a new domain is added to a domain
tree or forest root domain using the Active Directory Installation Wizard.
1. Parent and child
- Other trusts:
Four other types of trusts can be created using the New Trust Wizard or the Netdom command-line tool:
>Difference between LDIFDE and CSVDE?
CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info.
LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor, however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects.
> What is metadata cleanup in AD DS ?
Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD
DS). You perform metadata cleanup on a domain controller in the domain of the domain controller that
you forcibly removed.
>What is tombstone lifetime attribute ?
The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and preventing restores from reintroducing a deleted object.
Its default value depends on the server OS version of the first DC in the forest and is either 60 or 180 days. For domain controllers upgraded to Windows Server 2008 that use a tombstone lifetime of 60 days, Microsoft recommends manually setting the value to 180 days.
>What are application partitions? When do I use them ?
AN application diretcory partition is a directory partition that is replicated only to specific domain controller.Only domain controller running windows Server 2003 can host a replica of application directory partition. Using an application directory partition provides redundany,availability or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest.
>How do you create a new application partition ?
Use the DnsCmd command to create an application directory partition. To do this, use the following syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
>How do you view all the GCs in the forest?
DSQUERY server can be used to locate global catalogs.
To search the entire forest dsquery server -forest -isgc
To locate global catalogs in your current (logon) domain dsquery server –isgc
To locate global catalogs in a specific domain dsquery server -domain tech.techiebird.com -isgc
Here, you search for global catalog servers in the tech.techiebird.com domain.
You can also search for global catalog servers by site, but to do this, you must know the full site name, and cannot use wildcards. For example, if you wanted to find all the global catalog servers for Default-First-Site-Name, you would have to type
dsquery server –site Default-First-Site-Name
The resulting output is a list of DNs for global catalogs, such as
>Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Yes, you can use dirXML or LDAP to connect to other directories.
In Novell you can use E-directory.
>What is IPSec Policy ?
IPSec provides secure gateway-to-gateway connections across outsourced private wide area network (WAN) or Internet-based connections using L2TP/IPSec tunnels or pure IPSec tunnel mode.
IPSec Policy can be deployed via Group policy to the Windows Domain controllers.
>What is RsOP ?
One challenge of Group Policy administration is to understand the cumulative effect of a number of Group Policy objects (GPOs) on any given computer or user, or how changes to Group Policy, such as reordering the precedence of GPOs or moving a computer or user to a different organizational unit (OU) in the directory, might affect the network.
The Resultant Set of Policy (RSoP) snap-in offers administrators one solution. Administrators use the RSoP snap-in to see how multiple Group Policy objects affect various combinations of users and computers, or to predict the effect of Group Policy settings on the network.
>What is the System Startup process ?
Windows 2K boot process on a Intel architecture.
1. Power-On Self Tests (POST) are run.
2. The boot device is found, the Master Boot Record (MBR) is loaded into memory, and its program is run.
3. The active partition is located, and the boot sector is loaded.
4. The Windows 2000 loader (NTLDR) is then loaded.
The boot sequence executes the following steps:
1. The Windows 2000 loader switches the processor to the 32-bit flat memory model.
2. The Windows 2000 loader starts a mini-file system.
3. The Windows 2000 loader reads the BOOT.INI file and displays the operating system selections (boot loader menu).
4. The Windows 2000 loader loads the operating system selected by the user. If Windows 2000 is selected, NTLDR runs NTDETECT.COM. For other operating systems, NTLDR loads BOOTSECT.DOS and gives it control.
5. NTDETECT.COM scans the hardware installed in the computer, and reports the list to NTLDR for inclusion in the Registry under the HKEY_LOCAL_MACHINE_HARDWARE hive.
6. NTLDR then loads the NTOSKRNL.EXE, and gives it the hardware information collected by NTDETECT.COM. Windows NT enters the Windows load phases.