Home | Windows | Network | Interview Questions | Database | Virtualization | Knowledge Base | Contact Us

Quick Links

Windows 2003 KB

Windows 2008 KB

Windows 2012 KB

Exchange Q&A


Command reference

Linux Interview Q&A

VM Interview Q&A

MS Cluster FAQ's


Network Interview Questions

SQL Interview Questions

Windows Admin Interview Q&A

Windows Forum

Other Links



Active Directory FAQ's

AD History

Configuring New Domain

Deleted Object Recovery in AD


Global Catalog Server

NetDom Command

Replmon Command

NTDS Utility Guide

FSMO Guide

FSMO Failure


Network KB

Knowledge Base Home

Active Directory Trust

Group Policy Guide

IIS 6.0

RAID Levels


RPC Guide

Domain & Forest Functional Levels

SQL Failover Cluster


Print Server




Planning Trust

Creating Trust

Latest Windows Active Directory Interview Questions !

>How do you change the DS Restore admin password ?

In Windows 2000 Server, you used to have to boot the computer whose password you wanted to change in Directory Restore mode, then use either the Microsoft Management Console (MMC) Local User and Groups snap-in or the command net user administrator * to change the Administrator password.
Win2K Server Service Pack 2 (SP2) introduced the Setpwd utility, which lets you reset the Directory Service Restore Mode password without having to reboot the computer. (Microsoft refreshed Setpwd in SP4 to improve the utility?s scripting options.)

In Windows Server 2003, you use the Ntdsutil utility to modify the Directory Service Restore Mode Administrator password.

To do so, follow these steps:
1. Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe).
2. Start the Directory Service Restore Mode Administrator password-reset utility by entering the argument ?set dsrm password? at the ntdsutil prompt: ntdsutil: set dsrm password.
3. Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine.
For example, to reset the password on server testing, enter the following argument at the Reset DSRM Administrator Password prompt: Reset DSRM Administrator Password: reset password on server testing

To reset the password on the local machine, specify null as the server name:
Reset DSRM Administrator Password: reset password on server null

4. You?ll be prompted twice to enter the new password. You?ll see the following messages:
5. Please type password for DS Restore Mode Administrator Account:
6. Please confirm new password:
Password has been set successfully.
7. Exit the password-reset utility by typing ?quit? at the following prompts:
8. Reset DSRM Administrator Password: quit
ntdsutil: quit


 >I am upgrading from NT to 2003. The only things that are NT are the PDC and BDCs; everything else is 2000 or 2003 member servers. My question is, when I upgrade my NT domain controllers to 2003, will I need to do anything else to my Windows 2000/2003 member servers that were in the NT domain?
Your existing member servers, regardless of operating system, will simply become member servers in your upgraded AD domain. If you will be using Organizational Units and Group Policy (and I hope you are), you'll probably want to move them to a specific OU for administration and policy application, since they'll be in the default "Computers" container immediately following the upgrade.

>How do I use Registry keys to remove a user from a group?
In Windows Server 2003, you can use the dsmod command-line utility with the -delmbr switch to remove a group member from the command line. You should also look into the freeware utilities available from www.joeware.net . ADFind and ADMod are indispensable tools in my arsenal when it comes to searching and modifying Active Directory.

>Difference between KCC and ISTG?
KCC (Knowledge consistency checker) is responsible for generating site replication toplolgies between domain controllers. KCC runs in each DC of a domain and creates a connection object for each DC in AD. It is responsible for all intra-site replication.

In case of an inter-site scenario, there will be a bridge-head server to manage site-site replication. Here, the connection objects for the bridge-head servers are created in a seperate way. ISTG (Inter-Site Topology Generator) is responsible for creating connection objects in bridge-head servers. ISTG is nothing but a KCC server(DC), which is responsible for reviewing the inter-site topology and creating inbound replication connection objects as necessary for bridgehead servers in the site in which it resides.The domain controller holding this role may not necessarily also be a bridgehead server.

> What Are Active Directory Functional Levels?
In Active Directory Domain Services (AD DS), domain controllers can run different versions of Windows Server operating systems. The functional level of a domain or forest depends on which versions of Windows Server operating systems are running on the domain controllers in the domain or forest. The functional level of a domain or forest controls which advanced features are available in the domain or forest.

Ideally, all servers in an organization could run the latest version of Windows and take advantage of all the advanced features that are available with the newest software. But organizations often have a mixture of systems, generally running different versions of operating systems, which are migrated to the latest version only as organizational requirements demand additional functionality, either for the entire organization or for a specific area of the organization.

AD DS supports phased implementation of new versions of Windows Server and advanced features on domain controllers by providing multiple functional levels, each of which is specific to the versions of Windows Server operating systems that are running on the domain controllers in the environment. These functional levels provide configuration support for the AD DS features and ensure compatibility with domain controllers running earlier versions of Windows Server.

AD DS does not automatically enable advanced features, even if all domain controllers within a forest are running the same version of Windows Server. Instead, an administrator raises a domain or forest to a specific functional level to safely enable advanced features when all domain controllers in the domain or forest are running an appropriate version of Windows Server. When an administrator attempts to raise the functional level, AD DS checks whether all domain controllers are running an appropriate Windows Server operating system to ensure the proper environment for enabling new Active Directory features.

> Domain functional level.
Six domain functional levels are available:
- Windows 2000 native
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2

> Forest functional level.
Six forest functional levels are available:
- Windows 2000
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2

> What Is FRS ?
File Replication service (FRS) is a technology that replicates files and folders stored in the SYSVOL shared folder on domain controllers and Distributed File System (DFS) shared folders. When FRS detects that a change has been made to a file or folder within a replicated shared folder, FRS replicates the updated file or folder to other servers. Because FRS is a multimaster replication service, any server that participates in replication can generate changes. In addition, FRS can resolve file and folder conflicts to make data consistent among servers.

> What is DFS-R ?
The Distributed File System Replication (DFSR) service is a state-based, multimaster replication engine that supports replication scheduling and bandwidth throttling. DFSR uses a compression algorithm known as remote differential compression (RDC). RDC is a "diff-over-the wire" client/server protocol that can be used to efficiently update files over a limited-bandwidth network. RDC detects insertions, removals, and rearrangements of data in files, enabling DFSR to replicate only the changed file blocks when files are updated.

Continue Next Questions Previous Questions

      Windows Server 2008 Articles        Windows Server 2012 Articles      Virtualization Articles

HTML Comment Box is loading comments...


Designed by TechieBird