1. What is Active Directory schema?

The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest it also contains formal definitions of every attribute that can exist in an Active Directory object. Active Directory stores and retrieves information from a wide variety of applications and services. So that it can store and replicate data from a potentially infinite variety of sources, Active Directory standardizes how data is stored in the directory. By standardizing how data is stored, the directory service can retrieve, update, and replicate data while ensuring that the integrity of the data is maintained. 2. What is the domain functional level in Windows Server 2003? If there are many organizational units and to implement policy on all OUs we use level policy. 3. What is the forest functional level in Windows Server 2003? Windows 2003 Native Mode is the forest functional level in Windows Server 2003 4. What is global catalog server? Global Catalog Server maintains full information about its own domain and partial information about other domains. It is a forest wide role. Port no:3268, 3269 it is also taking part of AD replication. 5. How we can raise domain functional & forest functional level in Windows Server 2003? When ever changes done in DC (domain Controllers) will effect at A.D we can call it as multimaster. 6. Which is the default protocol used in directory services? Light wait directory Access Protocol (ldap) is the default protocol used in directory services. 7. What is IPv6? Internet Protocol version 6 (IPv6) is a network layer IP standard used by electronic devices to exchange data across a packet-switched internet work. It follows IPv4 as the second version of the Internet Protocol to be formally adopted for general use. 8. What is the default domain functional level in Windows Server 2003? The Default domain functional level in Windows Server 2003 is Windows 2003 Mixed cause when you configure a new Windows Server 2003 domain, the default domain functional level is Windows 2000 mixed. Under this domain functional level, Windows NT, 2000, and 2003 domain controllers are supported. However, certain features such as group nesting, universal groups, and so on are not available. 9. What are the physical & logical components of ADS? Domain

Physical components of ADS are computers,sites,dc. Logical components of ADS are user, ou 10. in which domain functional level, we can rename domain name? All domain controllers must be running Windows Server 2003, and the Active Directory functional level must be at the Windows Server 2003. Yes u can rename the domain in windows server 2003 11. What is multimaster replication? Multi-master replication is a method of replication data or changes to data across multiple computers within a group. Multi-master replication can be contrasted with a master-slave method (also known as single-master replication). 12. What is a site? One or more well-connected highly reliable and fast TCP/IP subnets. A site allows administrator to configure active directory access and replication topology to take advantage of the physical network. 13. Which is the command used to remove active directory from a domain controller? DCPROMO to add/remove active directory but first ADC should be removed before DC if we want to remove DC first then check this server is last domain controller in domain. 14. How we can create console, which contain schema? We have to open the register to see the schema master fsmo role regser 32 schmmgmt. 15. What is trust? To allow users in one domain to access resources in another, AD uses trust. Trust is automatically produced when domains are created. The forest sets the default boundaries of trust, not the domain, and implicit trust is automatic. As well as two-way transitive trust, AD trusts can be shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order to connect to other forests or non-AD domains. AD uses the Kerberos V5 protocol, although NTLM is also supported and web clients use SSL/TLS. 12. What is the file thats responsible for keep all Active Directory database? NTDS.dit is the file thats responsible for keep all Active Directory database 13. What is Resultant set of policy? Resultant set of policy is provide to make policy modification and trouble shooting easier. Resultant set of policy is the query object it has two mode 1.logging modes: Polls existing

policies and the reports the result of the query. 2. Planning mode: The questions ask about the planned policy and the report the result of the query. 14. What is the concept for authoritative and nonauthoritative restoration? Non-authoritative restore: which accept the entries from other domain controller after the restoed data? Authoritative: Not accept the entries from other domain controller. 15.What is the ntds.dit file default size? The ntds.dit file default size is 40 mb. 16. What is HUB and SWITCH? Switch is expensive than hub. If more then one user try to send packet at a time collision will occurred but in switch we can send. Switch is full duplex. Maximum bandwidth is 100 MHz and that bandwidth is shared by all of the PCs connected to the hub. Data can be sent in both directions simultaneously, the maximum available bandwidth is 200 Mbps, 100 Mbps each way, and there are no other PCs with which the bandwidth must be shared. 17. What is DNS? DNS is Domain Name Service. Its mainly used to resolve from host name(FQDN-Fully Qualified Domain Name) to IP address and IP address to host name.DNS mainly used in Internet. DNS divide in form of hierarchical. 18. What is DHCP? DHCP is Dynamic Host Configuration Protocol. It is use to provide IP address dynamically to client machine. If that client not able to find DHCP server then client machine will go for APIPA (We have range for APIPA which is 169.254.0.1-169.254.255.254). 19. What is Windows Server 2003 Interim Functional Level? Windows Server 2003 Interim is used when upgrading from Windows NT to Windows Server 2003. Upgrading to this domain functional level provides support for Windows NT and Windows Server 2003 domain controllers. However, like Windows 2000 Mixed, it does not provide new features. 20. What is mean by loop back id? It is local host address using this we can check the TCP/IP protocol stack ,special to check the network card (127.0.0.1). 21.What is Sysvol? Sysvol folder on a Windows 2003 domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the Sysvol folder structure,

Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows 2000 distributed file system (DFS) forest. 22. What is AD Naming Context? There is 3 AD Naming Context 1) Domain Partition 2) Configuration Partition 3) Schema Partition 23. Why are sites used for? Site is used to create geographical partitions. 24. What are the Support Tools? Why do I need them? Support tools are the Pack of tools which are used to diagnose the AD components. They are used to troubleshoot analyze for resource specific diagnostics. 25. What is tombstone? Tombstone is the time period object for any deleted object to be removed from Active directory 26. What are the FSMO roles? Explain in brief? PDC Emulator It provided Backward compatibility to PDC in Pre Windows 2000 Domains and also use for Time Server Syncronization.The main use of PDC Emulator is also for user authentication when user account is lockout or athenticating DC is not avilable. RID Master RID Master role is responsible for tracking and for assigning unique relative IDs to domain controllers whenever new objects are created such as users or computers. For example DC one is given RIDs 1-4999 and DC two is given RIDs 5000 9999. Infrastructure Master It is responsible for updating users and group information by checking with Global Catalog Server.The failure only impacts Administrators that are attempting to move user accounts, or rename them. Domain Naming Master -It is responsible for tracking all the domains within the entire Active Directory forest to ensure that duplicate domain names are not created. It is contacted when new domain is created or deleted from Tree or Forest. My point is its worth the price to confine joining and leaving the domain operations to one machine, and save the tiny risk of getting duplicate names or orphaned domains. Schema Master It controls which objects are added, changed, or removed from the schema. 27. What is Forest? A forest is a group of one or more domain trees that do not form a contiguous namespace but may share a common schema and global catalog. There is always at least one forest on a network, and it is created when the first Active Directoryenabled computer (domain controller) on a network is installed.

28. What does the physical structure of active directory contain? Physical structures include domain controllers and sites. 29. What is Distributed File System (DFS)? Distributed File System (DFS) is a server component that provides a unified naming convention for folders and files stored on different servers on a network. DFS lets you create a single logical hierarchy for folders and files that is consistent on a network, regardless of where on the network those items are actually stored. Files represented in the DFS might be stored in multiple locations on the network, so it makes sense that Active Directory should be able to direct users to the closest physical location of the data they need. To this end, DFS uses site information to direct a client to the server that is hosting the requested data within the site. If DFS does not find a copy of the data within the same site as the client, DFS uses the site information in Active Directory to determine which file server that has DFS shared data is closest to the client. 30. What is File Replication Service (FRS) ? Every domain controller has a built-in collection of folders named SYSVOL (for System Volume). The SYSVOL folders provide a default Active Directory location for files that must be replicated throughout a domain. You can use SYSVOL to replicate Group Policy Objects, startup and shutdown scripts, and logon and logoff scripts. A Windows Server 2003 service named File Replication Service (FRS) is responsible for replicating files in the SYSVOL folders between domain controllers. FRS uses site boundaries to govern the replication of items in the SYSVOL folders. What is AD ? Its a centeralised database that contains information on users, groups, computers, servers and security policies Domain, Organizational Unit, User, Computer, Contact, Group, Shared Folder and Shared Printer What is Domain ? Domains are the main logical structure in Active Directory because they contain Active Directory objects. What is OU ? OU is a container that enables you to organize objects such as users, computers and even other OUs in a domain to form a logical administrative group. What is Tree ? When you group multiple domains into a hierarchical structure by adding child domains to a parent domain, you are basically forming a domain tree. What is Forest ? A forest is the grouping of multiple domain trees into a hierarchical structure. Domain trees in a forest have a common schema, configuration, and global catalog. What is Site ? Site is a group of computers or server in a same or different subnets connected with highly reliable, fast and not very expensive connection.

What is Site Link ? It represent a set of sites that can communicated at uniform cost trough the intersite transport. What is Global Catalog Server ? The Global Catalog server stores a full replica of all objects in its host domain, and a partial replica of objects for the remainder of the domains in the forest. What are Active Directory Database files ? NTDS.dit edb.log edb.chk res1.log and res2.log Schema Partition Schema partition data include information on the objects that can be created in Active Directory and is replicated to each domain controller in domains/forests. Configuration Partition Objects stored in the configuration partition relate to the domain structure and replication topology, and is replicated to each domain controller in each domain, and in a forest. Domain Partition All objects that are stored in a domain exist in the domain partition. Domain partition data is replicated to the domain controllers within a domain. A domain partition contains information about users, groups, computers and organizational units. It is replicated to all domain controllers of that domain. Application Partition Application partitions store information about application in Active Directory. As an example of application partition, if you use a Domain Name System (DNS) that is integrated with Active Directory you have two application partitions for DNS zones ForestDNSZones and DomainDNSZones: What is Propogation Dampening in Active Directory Replication Process ? It is the machanism by which the sending DC decides the update it has for recieving DC is already resent in the recieving DC or not using UP-to-Dateness vector (UTDV) table, which is send from Recieving DC before the replication starts.

What is Group A group can be defined as a collection of accounts that are grouped together so that Administrators can assign permissions and rights to the group as a single entity. Types of Groups Security groups: A security group is a collection of users who have the same permissions to resources, and the same rights to perform certain system tasks.

Distribution groups: Distribution groups are created to share information with a group of users through e-mail messages. Types of Group Scope ? Global groups: Global groups are containers for user accounts and computers accounts in the domain, and are used to assign permissions to objects that reside in any domain in a tree or forest. Domain Local groups: Domain local groups can have user accounts, computer accounts, global groups, and universal groups from any domain as group members. Universal groups: User accounts, computers accounts, global groups, and universal groups from any domain. dsget group -scope [To Manage Groups from AD] How to Seize a Role ? To seize any OM roles using the Ntdsutil tool, Click Start, Command Prompt. Enter the following at the command prompt: ntdsutil. Press Enter Enter the following at the ntdsutil prompt: roles. Press Enter Enter the following at the fsmo maintenance prompt: connections. Press Enter Enter the following at the server connections prompt: connect to server, and the fully qualified domain name (FQDN). Press Enter Enter the following at the server connections prompt: quit. Press Enter. Enter one of the following at the fsmo maintenance prompt: * seize schema master. Press Enter Enter quit at the fsmo maintenance prompt. Press Enter Enter quit at the ntdsutil prompt. How to perorm a metadata cleanup The class objects and attribute objects of the schema are referred to as metadata. A metadata cleanup is usually performed when you are unable to restore a failed domain controller. The cleanup removes any references to the failed domain controller in Active Directory. 1. From the command prompt, enter ntdsutil and press Enter. 2. Enter the following at the ntdsutil prompt: metadata cleanup. Press Enter 3. Enter the following at the metadata cleanup prompt: connections. Press Enter 4. Enter the following at the server connections prompt: connect to server, followed by the server name. Press Enter 5. Enter quit, and press Enter 6. Enter the following at the metadata cleanup prompt: select operation target. Press Enter 7. Enter list domains. Press Enter 8. Enter select domain, followed by the number of the domain that holds the server that you want to remove. Press Enter 9. Enter list sites. Press Enter 10. Enter select site, followed by the number of the site that holds the server that you want to remove. Press Enter 11. Enter list servers in site. Press Enter 12. Enter select server, followed by the number of the server that you want to remove. Press Enter. 13. Enter quit and press Enter to return to the metadata cleanup prompt.

14. Enter remove selected server, and press Enter. 15. When a message box appears prompting you to verify whether the server should be removed, click Yes 16. Quit from Ntdsutil. Intrasite Replication: Intrasite replication takes place between domain controllers within the same site. It uses RPC to replicate data over fast, reliable network connections. Replication data within a site is not compressed. Intersite Replication: Intersite replication takes place between sites. Intersite replication can utilize either RPC over Glossary Link IP or SMTP to convey replication data. In this packets are compressed before trasfering to other site. Knowledge Consistency Checker (KCC) is used to create a replication topology of the forest, to ensure that the changes are replicated efficiently to the domain controllers. Troubleshooting Active Directory Replication * Active Directory Replication Monitor (Replmon.exe) * Replication Diagnostics Tool (Repadmin.exe) * The Dsastat.exe command-line tool * You can also configure Active Directory event logging Back Up System state data The Windows Registry The contents of the SYSVOL directory Files which are protected by the Windows File Protection system Boot and system files: Ntdetect.com, Ntldr and Bootsect.dat. The COM+ Class Registration database The Active Directory database (Ntds.dit), including all log files and checkpoint files Cluster service files Certificate service files The Internet Information Server (IIS) metabase We have 2 restore mode : Authoritative Restore Non- Authoritative Non Authoritative mode :In this we have to run Backup utility Directory Services Restore Mode. After the domain controller is rebooted, normal replication occurs with replication partners. A normal restore is typically performed when the following conditions exist: A domain has multiple domain controllers, and only one domain controller is operational. You can use a Normal restore to restore all other domain controllers in the domain. A domain has a single domain controller, and that domain controller has to be restored. You can also choose to alternatively perform a Primary restore of Active Directory. Authoritative restore of Active Directory has to be performed in cases where a Normal restore would not be able to return Active Directory to the correct state. For instance, if an

organizational unit was deleted in error, a Normal restore would only result in the particular OU being deleted once again, after replication. This is basically due to the replication partners having a higher version number for the particular OU. An Authoritative restore has a similar process to that of a Normal restore, the difference being that after system data is restored, you define certain Active Directory objects as being authoritative. When Active Directory objects are defined as authoritative, the particular objects have the higher version numbers. This results in these objects being replicated to the other domain controllers copies of the Active Directory database. Types of Backup Normal: All specified files and components are backed up. The archive attribute is however reset. Copy: All specified files and components are backed up. The archive attribute is not reset. Incremental: This type of backup references the archive attribute, to isolate those files which have changed since the time when the last backup was performed, and then only backs up the changed files. The archive attribute is then cleared to enable the next backup process to determine only those files that have changed from this current backup, to the next. Only these files are then backed up in the following back up process. Differential: A differential backup also only backs up files which have changed since the previous backup. The difference between this backup type and the Incremental backup type, is that a Differential backup does not clear the archive attribute. Daily: The Daily backup type references the files timestamps, and then backs up files which have been created or changed on the particular day. - DNS What are the different types of DNS records? Different types of information can be associated with a domain name by creating different resource records for the name. Each resource record provides a specific type of information. Below is a listing and brief description of the DNS resource records supported by DPT. Start of Authority (SOA): Designates the start of a zone. Address (A):Designates an IP address for the domain name. Mail Exchange (MX): Designates a mail server that will accept mail for the domain name. Pointer (PTR):Specifies the domain name associated with an IP address. Name Server (NS):Specifies the name servers the domain. Canonical Name (CNAME):Maps one domain name to another domain name (aliasing). Host Information (HINFO):Specifies host machine type and host operating system. What is a zone transfer? The process of copying these records from the primary DNS server to Secondary DNS providers is called a zone transfer. Primary Zone : Where DNS server can host and load the master copy of the zone and also only one server is allowed to accept dynamic updates. Secondary Zone : Its the DNS Server which gets the data for its zones from another name server Directory-integrated Zone : Zones stored this way are located in the Active Directory tree under the domain objec container. Each directory-integrated zone is stored in a dnsZone

container. Active Directory integrated zones will replicate this information to other domain controllers in that domain. What is DDNS and why do I need it? Dynamic DNS allows servers to dynamically update and create records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange Servers for things like message routing.