What are the benefits of using DNS Flush?

/flushdns: Flushes and resets the contents of the DNS client resolver cache.
During DNS troubleshooting, you can use this procedure to discard negative
cache entries from the cache, as well as any other entries that have been added
dynamically.
The ipconfig /flushdns command provides you with a means to flush and reset
the contents of the DNS client resolver cache. During DNS troubleshooting, if
necessary, you can use this procedure to discard negative cache entries from
the cache, as well as, any other dynamically added entries.
Flushdns: Flushes and resets the contents of the DNS client resolver cache.
During DNS troubleshooting, you can use this procedure to discard negative
cache entries from the cache, as well as any other entries that have been added
dynamically.
Ipconfig /flushdns
net stop dnscache
net start dnscache

What is Active Directory Partitions?

In simple words a directory partition is where the AD information is segregated
and logically stored.
What is use Active Directory Partitions?
There are three native partitions Schema/Configuration/Domain and additionally
there is also the Application partition.

Schema information contains - definitional details about objects and

attributes that one CAN store in the AD. Replicates to all domain
controllers. Static in nature.
Configuration information contains - configuration data about forest
and trees. Replicates to all domain controllers. Static as your forest is.
Domain information contains - object information for a domain.
Replicates to all domain controllers within a domain. The object portion
becomes part of Global Catalog.
Application Partition contains - information about applications in Active
Directory. E.g. when AD integrated DNS is used there are two application
partitions for DNS zones ForestDNSZones and DomainDNSZones.

To view the Group Policy operational log

Start the Event Viewer.

Click the arrow next to Applications and Services Logs.
Click the arrow next to Microsoft, and then Windows, and then Group Policy.
Click Operational
The way in which policies are applied is L.S.D.OU
what does LSDOU mean?
L=Local
S=Site
D=Domain
OU=Organizational Unit

Distribution groups not receiving emails from nonExchange systems?

Go to the group properties in the EMC > Mail flow settings > clear the checkbox
on Require that all senders are authenticated.
Set-DistributionGroup -Identity <DistributionGroupIdParameter>
How can you restrict running certain applications on a machine?
Via group policy, security settings for the group, then Software Restriction Policies

Describe the lease process of the DHCP server.

DHCP Server leases the IP addresses to

the clients as follows:
DORA
D (Discover): DHCP Client sends broadcast packets to identify the dhcp server; this
packet will contain the source MAC.
O (Offer): Once the packet is received by the DHCP server, the server will send the
packet containing Source IP and Source MAC.
R (Request): Client will now contact the DHCP server directly and request for the IP
address.
A (Acknowledge): DHCP server will send an ack packet which contains the IP
address.

How is it different than BOOTP or RARP?

DHCP is based on BOOTP and maintains some backward compatibility. The main
difference is
That BOOTP was designed for manual pre-configuration of the host information in a
server
Database, while DHCP allows for dynamic allocation of network addresses and
configurations to newly attached hosts. Additionally, DHCP allows for recovery and
reallocation of network

Address through a leasing mechanism.

RARP is a protocol used by Sun and other vendors that allows a computer to find out
its own IP
Number, which is one of the protocol parameters typically passed to the client
system by DHCP
or BOOTP. RARP doesn't support other parameters and using it, a server can only
serve a single LAN. DHCP and BOOTP are designed so they can be routed.

Active Directory recovery

Domain controller is lost, other domain controllers are available.
All domain controllers are lost (or there was only one).
Active Directory database is corrupted and AD service doesnt start.
Certain information is accidentally deleted from the Active Directory.

Domain Controller restores

When one of the domain controllers is lost, the AD service is still available.

Active Directory database restore

Dcpromo.exe tool

What is a super scope?

Superscopes are not generally used on modern networks. The preferred method is to VLAN
your segments and use DHCP relay agents to get the traffic to the DHCP server.

Types of AD restore?
Non-Authoritative Restoration
Used most commonly in cases when a DC because of a hardware or software
related reasons, this is the default directory services restore mode selection. In
this mode, the operating system restores the domain controllers contents from
the backup. After this, the domain controller then through replication receives all
directory changes that have been made since the backup from the other domain
controllers in the network.
Authoritative Restoration
An authoritative restore is most commonly used in cases in which a change was
made within the directory that must be reversed, such as deleting an
organization unit by mistake. This process restores the DC from the backup and
then replicates to and overwrites all other domain controllers in the network to
match the restored DC. The especially valuable thing about this is that you can
choose to only make certain objects within the directory authoritative. For
example, if you delete an OU by mistake you can choose to make it
authoritative. This will replicate the deleted OU back to all of the other DCs in
the network and then use all of the other information from these other DCs to
update the newly restored server back up to date.

My main intention of this post is to prepare guys who are willing to attend job interviews
real soon, specially as Windows Administrators. Just want to help them with what are
major areas that needs extra concentration.

1. New features in Windows 2008

64bit OS

Hyper-V

Roles Based Administration

Active Directory comes as service

Read Only Domain Controller

IP v6

UAC (User access control) based administration

MMC 3.0

2. Active Directory Files

There are few files associated with Active Directory, which are mandatory for AD
operations

NTDS.DIT - Main database file for active directory, which stores every
piece of information.
EDB.LOG - All the AD transactions will be first written to this file and later
they will be committed to NTDS.DIT during off peak hours.
RES1.LOG - Its a 10MB file created when we run dcpromo and used as
reserved space for AD transactions when drive is filled up
RES2.LOG - Its another 10MB file created when we run dcpromo and used
as reserved space for AD transactions when drive is filled up
EDB.CHK - This file maintains integrity of AD transactions during
abnormal shutdown like power failures or BSOD, AD checks EDB.CHK file for un
committed transactions after power up and commits them to the NTDS.DIT
TEMP.EDB Stores information about in progress transactions

3. Active Directory Replication

Replication is a technology which ensures all the domains and domain
controllers are in sync with each other in multi domain/site environment
Replication will be initiated automatically at specified schedule and runs in
specified intervals
KCC (Knowledge Consistency Checker) handles inter site(different sites)
replication where as ISTG handles intra site (same site) replication
Replication of the objects happens based on their USN number, if one
object needs to be replicated from primary to secondary where a change of
object detected this USN number will be updated after the change, when
replication initiated it compares the USN of the object on primary and secondary,
then syncs the object to latest change.

4. Active Directory Partitions

There are three partitions present in AD

Schema Partition

Contains information about forest wide schema and will be replicated to all
domains in the forest
Configuration Partition
Contains information about active directory configuration and will be
replicated to all domains in the forest
Domain Partition
Contains information about the specific domain and will be replicated to
domain controllers in that domain.

5. Active Directory Schema

Active Directory Schema is a combination of objects and their attributes.
For example user account is an object and first name, last name, address etc are
the attributes belongs to that object. So schema can be defined as each and every
object in the forest and their attributes.

6. Active Directory Up gradation from 2003 to 2008

Just remember the prerequisites to do this tasks, that makes more of our
work easy.

1. Take a backup of active directory using ntbackup (system state)

2. Transfer the FSMO roles to secondary domain controller if you have one.

3. Keep your windows 2008 CD handy

4. Make a note of hardware architecture on 2003 machine, if its 64bit you

can directly proceed to next steps, other wise proceed to 7
5. Run adprep /forestprep, adprep /domainprep and adprep /gpoprep in
sequential order to extend 2003 schema to support 2008 architecture. Run these
commands on windows 2003 machine from windows 2008 CD.
6. Once the schema is extended upgrade the OS using the CD.
7. If windows 2003 machine is 32bit, build a new windows 2008 machine
and promote it as secondary domain controller. Transfer all FSMO roles from
windows 2003 to windows 2008 and raise the forest and domain functional levels
to windows 2008 native.
8. Demote the windows 2003 server from the network.

7. Active Directory Command line utilities

NTDSUTIL Very useful to manage active directory related important tasks
- try to practice each and every command

By installing Windows 2003 Support Tools, other tools get installed

REPLMON A GUI tool for monitoring AD replication at partition level, you
can troubleshoot replication related issues using this tool.
REPADMIN A CUI tool for troubleshooting AD replication related issues,

repadmin /syncall initiates replication

repadmin /showreps displays replication partners

repadmin /kcc re-creates replication topology automatically

DCDIAG a very good tool to run diagnostics against domain controller

issues. there are so many tests involved in this operation and based on the result
you can identify and troubleshoot the issues.

8. Active Directory Backup and Restore

To take backup of active directory we will use NTBACKUP and choose

system state backup, specify a location to save that file and BOOM!!!

9. DNS

Get a good idea about DNS records, how many records are there and what
are they

Get an idea about different zones

Primay zone

Forward lookup zone

Reverse lookup zone

Secondary zone

Forward lookup zone

Reverse lookup zone

Stub zone

AD integrated DNS

Forwarders

Roothint Files

10. Basic network troubleshooting steps

Check the physical connectivity between machines

Ping the ips

nslookup to check dns is working

tracert the destination ip to verify where the request is dropping out

route print

most of the problems are associated with DNS configuration

verify the machine is able to resolve hostnames to ip

verify the machine has pointer record on dns

right click on network connection and repair/diagnose

reset the tcpip stack using netsh

command : netsh> interface > ip> reset reset.txt (go to google if you need
more info

Active Directory KCC Architecture and

Processes
The replication topology is generated by the Knowledge Consistency Checker (KCC), a
replication component that runs as an application on every domain controller and
communicates through the distributed Active Directory database. The KCC functions locally
by reading, creating, and deleting Active Directory data. Specifically, the KCC reads
configuration data and reads and writes connection objects. The KCC also writes local, non
replicated attribute values that indicate the replication partners from which to request
replication.
Knowledge Consistency Checker (KCC)
The application running on each domain controller that communicates directly with the
Ntdsa.dll to read and write replication objects.
Directory System Agent (DSA)
The directory service component that runs as Ntdsa.dll on each domain controller, providing
the interfaces through which services and processes such as the KCC gain access to the
directory database
Extensible Storage Engine (ESE
The directory service component that runs as Esent.dll ESE manages the tables of records,
each with one or more columns. The tables of records comprise the directory database.
Remote procedure call (RPC)
The Directory Replication Service (Drsuapi) RPC protocol, used to communicate replication
status and topology to a domain controller. The KCC also uses this protocol to communicate
with other KCCs to request error information when building the replication topology.
Inter site Topology Generator (ISTG)
The single KCC in a site that manages inter site connection objects for the site.

What are the two protocols that are used in replication?

RPC over IP and SMTP over IP
Replication
1.

Go to Start > Programs > Administrative Tools > and

open the Active Directory Sites and Services MMC.

2.

Expand the Sites container in the left pane by

clicking the plus (+) to the left of it.

3.

Expand the container that represents the name of the

site containing the server that needs to be synchronized.

4.

Expand the Servers container and then expand the

target server to display the NTDS settings object.

5.

Click the NTDS Settings option. In the right pane

should now be a list of the target servers replication partners.

6.

Right click a connection object in the right pane and

click Replicate Now.

DORA in simple words is the process through which a DHCP client acquires an IP address from a DHCP server in the
network
D- Discover: When a machine boots up in lan and it doesnt have an IP address configured , it would send a DHCP
discover broadcast to the network. It will have a destination IP of 25.255.255.255. It also includes it mac address
encapsculated in the package. The layer 2 destination would be ff:ff:ff:ff:ff:ff, ie to add devices in the network. The
switch port which received the package would then forward it to all other ports in the switch except on the one from
which the request is received.
O- Offer: If there is a dhcp server listening on the network, it will respond back to the DHCPrequest package with an
offer package. The offer package is again a broadcast to 255.255.255.255, but it will have the destination mac
address set to the DHCP client's mac address. The source mac address will be that of the DHCP server. The offer
package will contain the IP address,DNS,gateway etc as well
R- Request: The dhcp client will get similar offers from all dhcp servers in the network and it will typically accept the
first one that it receives.It will then send a request to the DHCP for the offered IP address.
A-Acknowledge: When DHCP received the DHCp Request from the client for the IP address, it will send back a
DHCP aknowledge, thereby allocating that IP address to the client