Windows 2003 Server Active directory Interview Questions !
>How do you view replication properties for AD partitions and DCs?
By using replication monitor
go to start > run > type repadmin
go to start > run > type replmon
>Why can't you restore a DC that was backed up 4 months ago?
Because of the tombstone life which is set to only 60 days.
>Different modes of AD restore ?
A nonauthoritative restore is the default method for restoring Active Directory. To perform a nonauthoritative restore, you must be able to start the domain controller in Directory Services Restore Mode. After you restore the domain controller from backup, replication partners use the standard replication protocols to update Active Directory and associated information on the restored domain controller.
An authoritative restore brings a domain or a container back to the state it was in at the time of backup and overwrites all changes made since the backup. If you do not want to replicate the changes that have been made subsequent to the last backup operation, you must perform an authoritative restore. In this one needs to stop the inbound replication first before performing the An authoritative restore.
>How do you configure a stand-by operation master for any of the roles?
# Open Active Directory Sites and Services.
# Expand the site name in which the standby operations master is located to display the Servers folder.
# Expand the Servers folder to see a list of the servers in that site.
# Expand the name of the server that you want to be the standby operations master to display its NTDS Settings.
# Right-click NTDS Settings, click New, and then click Connection.
# In the Find Domain Controllers dialog box, select the name of the current role holder, and then click OK.
# In the New Object-Connection dialog box, enter an appropriate name for the Connection object or accept the default name, and click OK.
>What's the difference between transferring a FSMO role and seizing ?
Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available.
If you perform a seizure of the FSMO roles from a DC, you need to ensure two things:
the current holder is actually dead and offline, and that the old DC will NEVER return to the network.
If you do an FSMO role Seize and then bring the previous holder back online, you'll have a problem.
An FSMO role TRANSFER is the graceful movement of the roles from a live, working DC to another live DC During the process,
the current DC holding the role(s) is updated, so it becomes aware it is no longer the role holder
>I want to look at the RID allocation table for a DC. What do I do?
dcdiag /test:ridmanager /s:servername /v (servername is the name of our DC)
>What is BridgeHead Server in AD ? A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.
> What are the data partitions in AD DS ?
Each Domain Controller has a copy of the Active Directory database store in a file called NTDS.DIT. The
data in this file is divided into partitions. The partition type determines how it will be replicated
throughout the forest.
> What is Site Link Bridges in AD DS ?
When more than two sites are linked for replication and use the same transport, all of the site links
are "bridged" in terms of cost by default, assuming that the site links have common sites. When site
links are bridged, they are transitive. That is, all site links for a specific transport implicitly
belong to a single site link bridge for that transport. So in the common case of a fully routed IP
network (in which all sites can communicate with each other by IP), administrators do not have to
configure any site link bridges.
If the IP network is not fully routed, the transitive site link feature can be turned off for the IP
transport (the Bridge all site links option on the General tab in the IP transport object property
sheet or SMTP transport object property sheet). In this case, all IP site links are considered
intransitive, and site link bridges are configured. A site link bridge is the equivalent of a disjoint
network; all site links within the bridge can route transitively, but they do not route outside the
> What is subnets in AD DS ?
Computers on TCP/IP networks are assigned to sites based on their location in a subnet or a set of
subnets. Subnets group computers in a way that identifies their physical proximity on the network.
Subnet information is used during the process of domain controller location to find a domain controller
in the same site as the computer that is logging on. This information also is used during Active
Directory replication to determine the best routes between domain controllers.