Sie sind auf Seite 1von 6

Question 1: What is Active Directory (AD)? Answer: Active Directory provides centralized control over your network. It's store all the object like users, computers, printers and other information in active directory database, so it's easy to maintain all the objects from a single location.

Question 2: Which one is the default protocol used in directory services? Answer: The default protocol is used in directory services is LDAP; which is stand for Lightweight Directory Access Protocol.

Question 3: What is LDAP? Answer: When we are talking about LDAP in Windows Server, It is a protocol which is used for access Active Directory objects, user authentication and authorization. LDAP is also used to store credential in a network Security system and retrieve it with your password and decrypted key giving you access to the services. (Note: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.)

Question 4: What is the Logical and Physical structure in Active Directory? OR What are the components of AD? Answer: For this answer please click on below link. (What is forest, domain, trees, OUs)

Question 5: What is Domain Controller? Answer: Domain Controller is the server which holds the AD database, All AD changes get replicated to other DC and vice-versa.

Question 6: How can we install Active Directory Domain Service(ADDS) on Windows server 2008 R2? Answer: We can install ADDS from Server Manager. Server Manager > Add Roles > Select Active Directory Domain Services > Next > Install.

After Adding ADDS role, you need to promote your server. To promote Server 2008 R2, You can click on the message from server manager or you can open CMD as administrator and type dcpromo.exe command and hit enter a new window will pop-up just follow that screen and provide appropriate information and that's it.

Question 7: How can you install ADDS manager tool on windows 8.1 computer? OR how can you manage a AD from your windows 8.1 computer? Answer: To manage the AD from a windows 8.1 computer, you need to install RSAT (Remote Server Administrator Tool). RSAT is a tool to manage AD from a client computer. To download this tool, you can click on below link from Microsoft website.

To read more about this tool like how does it work on windows 7 and windows 10, go through below link.

(Note: Remote Server Administration Tools for Windows 8.1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server 2012 or Windows Server 2012 R2 from a remote computer that is running Windows 8.1 Pro or Windows 8.1 Enterprise. Remote Server Administration Tools for Windows 8.1 can be installed ONLY on computers that are running full releases of Windows 8.1 Pro or Windows 8.1 Enterprise.)

Question 8: What is Schema? Answer: The schema is the Active Directory component that defines all the objects and attributes that the directory service uses to store data. The physical structure of the schema consists of the object definitions. The schema itself is stored in the directory.

Object Class = User

Attributes = first name, last name, email, and others

Question 9: What is the FSMO roles? OR tell me something about FSMO roles? Answer: Flexible Single Master Operation Roles (FSMO); Active Directory has five special roles which are vital for the smooth running of AD as a multi-master system. Some functions of AD require there is an authoritative master to which all Domain Controllers can refer to.

Here are five roles, these roles are Forest based and Domain based.

Forest Based Roles

Schema Master Domain Naming Master

Domain Based Roles PDC emulator RID Master Infrastructure Master

Question 10: How to check which server holds which FSMO role? Answer: To check the FSMO roles, type below command on CMD. netdom query fsmo

FSMO roles, type below command on CMD. netdom query fsmo Question 11: Can you define FSMO

Question 11: Can you define FSMO roles? Answer: For this answer please click on below link.

(Here you get answer like, What is Schema Master? What is Domain Naming Master? What is PDC emulator? What is RID Master? What is Infrastructure Master?)

Question 12: Explain where does the AD database is held? What other folders are related to AD? OR Tell me about Active Directory Database and list the Active Directory Database files?

Answer:

%SystemRoot%\NTDS\Ntds.dit

This file stores the database that is in use on the domain controller. It contains the values for the domain and a replica of the values for the forest (the Configuration container data).

%SystemRoot%\NTDS\EDB.Log

EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB Num.log where num is the increasing number starting from 1, like EDB1.Log

%SystemRoot%\NTDS\EDB.Che

EDB.Che is the checkpoint file used to trace the data not yet written to database file this indicate the starting point from which data is to be recovered from the log file in case if failure

Res1.log and Res2.log

Res is reserved transaction log file which provide the transaction log file enough time to shutdown if the disk didn’t have enough space

Question 13: What is SYSVOL? Answer: The System Volume (SYSVOL) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The SYSVOL folder on a domain controller contains the following items:

- Net Logon shares. These typically host logon scripts and policy objects for

network client computers.

- User logon scripts for domains where the administrator uses Active Directory

Users and Computers.

- Windows Group Policy.

- File replication service (FRS) staging folder and files that must be available and synchronized between domain controllers.

- File system junctions.

File system junctions are used extensively in the SYSVOL structure and are a feature of NTFS file system 3.0. You must be aware of the existence of junction points and how they operate so that you can avoid data loss or corruption that may occur if you modify the SYSVOL structure.

Question 14: What is TOMBSTONE lifetime?

Answer: When an Active Directory (AD) object, such as a user or computer account, is deleted, the object actually remains in the directory for a period of time known as the tombstone lifetime. The default time for Tombstone is 60 days but Microsoft suggest to put it 180 days.

Question 15: what is the difference between domain admins and enterprise admins in AD? Answer:

Domain Admins Group

- Members of this group have complete control of the domain

- By default, this group is a member of the administrators group on all domain

controllers, workstations and member servers at the time they are linked to the

domain

- As such the group has full control in the domain, add users with caution

Enterprise Admins Group

- Members of this group have complete control of all domains in the forest.

- By default, this group belongs to the administrators group on all domain controllers in the forest.

- As such this group has full control of the forest, add users with caution.

Question 16: What is Active Directory Partitions? Answer: Active Directory partition is how and where the Active Directory information logically stored.

Question 17: How many types of Active Directory Partitions? Answer: Every domain controller contains the following three directory partitions:

Schema Partition Configuration Partition Domain Partition

Question 18: What is use of Active Directory Partitions? And How to find the Active Directory Partitions and there location? Answer:

Schema Partition, It store details about objects and attributes. Replicates to all domain controllers in the Forest

DN location is CN=Schema,CN=Configuration,DC=Domainname, DC=com

Configuration Partition, It store details about the AD configuration information like, Site, site-link, subnet and other replication topology information. Replicates to all domain controllers in the Forest

DN Location is CN=Configuration,DC=Domainname,DC=com

Domain Partitions, object information for a domain like user, computer, group, printer and other Domain specific information. Replicates to all domain controllers within a domain

DN Location is DC=Domainname,DC=com

Question 19: What Is Kerberos? Answer: Kerberos is an authentication protocol for network. It is built to offer strong authentication for server/client applications by using secret-key cryptography.

Question 20: Explain What Is A Child Dc? Answer: CDC or child DC is a sub domain controller under root domain controller which share name space.

Writer: Sahil Hasan Website: www.techiescure.com