Information Technology Question Answer
How to join win7 computer in domain.
Click on Start > then
right click on Computer and click on Properties
The basic system
information page will open, under Computer name, domain, and workgroup
settings, click on Change Settings
On the System Properties page, click on Change.
Under Member of, select the radio button beside Domain: , type
the name of the domain you want your Windows 7 to join and then click OK
A pop up box requesting to enter credentials
of an account with rights to join the domain (with rights to create computer
accounts), example of such user is one that is member of the Domain Admin
Active Directory group. Once the username and password are typed, click on OK
A confirmation pop up box will welcome you to
the domain. Clicking on OK, will result in having another message
informing that a reboot for the machine is required to apply the changes. Click
on OK
What is IP config and ipconfig/all.
Ipconfig - ipconfig
displays the IP address, subnet mask, and default gateway for all adapters
Ipconfig/all
- Displays the full TCP/IP configuration
for all adapters. Without this parameter
Ipconfig/ renew - Renews DHCP configuration for all adapters.
This parameter is available only on computers with adapters that are configured
to obtain an IP address automatically.
Ipconfig/ /release - Sends a DHCPRELEASE message to the DHCP server
to release the current DHCP configuration and discard the IP address
configuration for either all adapters.
Ipconfig /flushdns - Flushes and resets the contents of the DNS
client resolver cache. During DNS troubleshooting, you can use this procedure
to discard negative cache entries from the cache, as well as any other entries
that have been added dynamically.
Ipconfig/ /displaydns - Displays the contents of the DNS client
resolver cache, which includes both entries preloaded from the local Hosts file
and any recently obtained resource records for name queries resolved by the
computer. The DNS Client service uses this information to resolve frequently
queried names quickly, before querying its configured DNS servers.
Ipconfig /registerdns - Initiates manual dynamic registration for the
DNS names and IP addresses that are configured at a computer. You can use this
parameter to troubleshoot a failed DNS name registration or resolve a dynamic
update problem between a client and the DNS server without rebooting the client
computer. The DNS settings in the advanced properties of the TCP/IP protocol
determine which names are registered in DNS.
Ipconfig /showclassid Adapter- Displays the DHCP class ID for a specified
adapter. This parameter is available only on computers with adapters that are
configured to obtain an IP address automatically.
How many OSI
layer with correct series.
The Open Systems Interconnect (OSI) model has
seven layers.
Application
Presentation
Session
Transport
Network
Data Link
Physical
Physical
Layer- The physical layer, the lowest layer
of the OSI model, is concerned with the transmission and reception of the
unstructured raw bit stream over a physical medium. It describes the
electrical/optical, mechanical, and functional interfaces to the physical
medium, and carries the signals for all of the higher layers. It provides: Data encoding: modifies the simple
digital signal pattern (1s and 0s) used by the PC to better accommodate the
characteristics of the physical medium.
Data Link Layer - The data link layer provides error-free transfer of data frames from one
node to another over the physical layer. Link establishment and termination: establishes and
terminates the logical link between two nodes. Frame sequencing: transmits/receives frames
sequentially. Frame traffic control: tells the transmitting node to
"back-off" when no frame buffers are available. Frame sequencing: transmits/receives frames sequentially. Frame error
checking: checks received frames for integrity. Media access management: determines when the node
"has the right" to use the physical medium.
Network Layer - The network layer controls the operation of the subnet, deciding which
physical path the data should take based on network conditions, priority of
service, and other factors. It provides: Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can
instruct a sending station to "throttle back" its frame transmission
when the router's buffer fills up. Frame fragmentation: if it determines that a
downstream router's maximum transmission unit (MTU) size is less than the frame
size, a router can fragment a frame for transmission and re-assembly at the
destination station. Logical-physical
address mapping: translates logical addresses, or names, into physical
addresses.
Transport Layer - The transport layer ensures that messages are delivered error-free, in
sequence, and with no losses or duplications. It relieves the higher layer
protocols from any concern with the transfer of data between them and their
peers. Message
segmentation: accepts a message from the (session) layer above it, splits the
message into smaller units (if not already small enough), and passes the
smaller units down to the network layer. The transport layer at the destination
station reassembles the message. Message acknowledgment: provides reliable
end-to-end message delivery with acknowledgments.
Session Layer - This layer establishes, manages and terminates connections between
applications. The session layer sets up, coordinates, and terminates
conversations, exchanges, and dialogues between the applications at each end.
It deals with session and connection coordination.
Presentation Layer - This layer provides independence from differences in data representation
(e.g., encryption) by translating from application to network format, and vice
versa. The presentation layer works to transform data into the form that the
application layer can accept. This layer formats and encrypts data to be sent
across a network, providing freedom from compatibility problems. It is
sometimes called the syntax layer.
Application Layer - OSI Model, Layer 7, supports application and end-user processes.
Communication partners are identified, quality of service is identified, user
authentication and privacy are considered, and any constraints on data syntax
are identified. Everything at this layer is application-specific. This layer
provides application services for file transfers, e-mail, and other network
software services. Telnet and FTP are applications that exist entirely in the
application level. Tiered application architectures are part of this layer.
Router comes
under which OSI layer.
Router Comes under the Network Layer
What is DORA
process in DHCP?
This process of assigning the IP
addresses by the DHCP server also known as DORA (Discover, Offer, Request, and
Acknowledgement).
Your computer
sends a "Discovery” request asking for it's IP information from any
listening DHCP servers
Any listening
DHCP servers will "Offer” their configuration information to your
workstation.
You workstation
chooses the best lease then "Requests” that lease from the corresponding DHCP server.
The DHCP server
you requested the IP configuration information from then Acknowledges"
your request and leases you the IP configuration information.
What is DHCP Relay Agent?
The DHCP Relay Agent makes it
possible for DHCP broadcast messages to be sent over routers that do not
support forwarding of these types of messages. The DHCP Relay Agent is
therefore the routing protocol that enables DHCP clients to
obtain IP addresses from a DHCP server on a remote subnet, or which
is not located on the local subnet. If you have no configured DHCP Relay Agent,
your clients would only be able to obtain IP addresses from the DHCP server
which is on the same subnet. To enable clients to obtain IP addresses from a
DHCP server on a remote subnet, you have to configure the DHCP Relay Agent on
the subnet that contains the remote clients, so that it can relay DHCP
broadcast messages to your DHCP server
Configuring the DHCP Relay Agent
The process for configuring the DHCP Relay Agent is outlined below:- Enable Routing and Remote Access Server (RRAS).
- Install the DHCP Relay Agent routing protocol.
- Configure DHCP Relay Agent properties.
- Configure/enable the DHCP Relay Agent on the router interface to forward DHCP broadcast messages.
- View statistical information on the operation of the DHCP Relay Agent.
- Click Start, All Programs, and Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console.
- Right-click the node of your server, and then choose Configure and Enable Routing and Remote Access from the shortcut menu.
- The Routing and Remote Access Server Setup Wizard launches.
- Click next on the initial page of the wizard.
- On the Configuration page, select the Custom Configuration option. Click Next.
- On the Custom Configuration page, enable the LAN Routing checkbox. Click Next.
- Verify your configuration settings on the Summary page.
- Click Finish.
- Click yes when prompted to start the RRAS service.
- Open the Routing and Remote Access console.
- Expand the IP Routing node in the console tree.
- Right-click the General node and then select New Routing Protocol from the shortcut menu.
- The New Routing Protocol dialog box opens.
- Select DHCP Relay Agent.
- Click OK.
- Click Start, All Programs, and Administrative Tools and then click Routing and Remote Access to open the Routing and Remote Access console.
- Expand the IP Routing node in the console tree.
- Right-click the DHCP Relay Agent node, and then select Properties from the shortcut menu.
- On the General tab, enter the IP address of the DHCP server in the Server Address text box, and click Add.
- Repeat the above step for each DHCP server that you have to add.
- Click OK.
- Click Start, All Programs, and Administrative Tools and then click Routing and Remote Access to open the Routing and Remote Access console.
- Expand the IP Routing node in the console tree.
- Right-click the DHCP Relay Agent node and then select New Interface from the shortcut menu.
- Select the interface that is on the same subnet as the DHCP clients.
- Click OK.
- In the DHCP Relay Properties dialog box, ensure that the Relay DHCP Packets checkbox is selected on the General tab.
- You can change the Hop-Count Threshold and Boot Threshold values.
- Click OK.
- Click Start, All Programs, and Administrative Tools and then click Routing and Remote Access to open the Routing and Remote Access console.
- Select the DHCP Relay Agent node, and view the statistical information that is displayed in the details pane of the Routing And Remote Access console:
- Received requests
- Received replies
- Discarded requests
- Discarded replies
How
many Active Directory partition?
The AD LDS directory store is
organized into logical directory partitions. There are three different types of
directory partitions: configuration, schema, and application. Each AD LDS
directory store must contain a single configuration directory partition and a
single schema directory partition, and it can contain zero or more application
directory partitions
There
are three native partitions Schema/Configuration/Domain and additionally there
is also the Application partition.
Schema information contains - definitional details about objects and
attributes that one CAN store in the AD. Replicates to all domain controllers.
Static in nature.
Configuration information contains - configuration data about forest and
trees. Replicates to all domain controllers. Static as your forest is.
Domain information contains - object information for a domain. Replicates to
all domain controllers within a domain. The object portion becomes part of
Global Catalog.
Application Partition contains - information about applications in Active
Directory. E.g. when AD integrated DNS is used there are two application
partitions for DNS zones – Forest DNS Zones and Domain DNS Zones.
How many FSMO
roles?
There are five FSMO roles:
Schema master
Domain naming
master
RID master
PDC emulator
Infrastructure
master
Schema Master FSMO Role- The schema master FSMO role holder is the DC responsible for performing updates to the directory schema. This DC is the only one that can process updates to the directory schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. There is only one schema master per directory.
Domain Naming Master FSMO Role - The domain naming master FSMO role holder is the DC responsible for making changes to the forest-wide domain name space of the directory. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories
RID Master FSMO ROLE- The RID master FSMO role holder is
the single DC responsible for processing RID Pool requests from all DCs within
a given domain. It is also responsible for removing an object from its domain
and putting it in another domain during an object move.
PDC Emulator FSMO Role- The PDC emulator is necessary to synchronize time in an enterprise. Windows includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.
Password changes
performed by other DCs in the domain are replicated preferentially to the PDC
emulator.
Authentication
failures that occur at a given DC in a domain because of an incorrect password
are forwarded to the PDC emulator before a bad password failure message is
reported to the user.
Account lockout
is processed on the PDC emulator.
The PDC emulator
performs all of the functionality that a Microsoft Windows NT 4.0 Server-based
PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.
Infrastructure FSMO Role - The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log.
Tell About
The service and Port Number?
FTP -20
TELNET-23
SMTP-25
RAP – 56
DHCP Server-67
DHCP Client -68
Trivial file transfer protocol(TFTP)-69
Hypertext transfer protocol-80
SQL Service-156
IMAP -22
HTTPS-443
RIP-520
VM Ware server-902
VM Ware Client-901
LDAP-389
MS Exchange -110
What is
forward lookup zone and reverse lookup zone?
A forward
lookup zone is a DNS zone in which hostname to IP address relations are stored.
When a computer requests the IP address of a specific hostname, the forward
lookup zone is queried and the result is returned.
A reverse lookup zone does just the opposite. When a computer requests the hostname of an IP address, the reverse lookup zone is queried and the result is returned.
A reverse lookup zone does just the opposite. When a computer requests the hostname of an IP address, the reverse lookup zone is queried and the result is returned.
DCPROMO works
in 2008 server ?
Yes IT works in 2008
Does DCPROMO
work in 2012 server?
Yes it works in 2012
Full form of
PING?
Packet Internet Groper
which protocol use in PING?
which protocol use in PING?
Ping operates by sending Internet
Control Message Protocol (ICMP) Echo
Request packets to the target host and waiting for an ICMP Echo Reply
Full Form of
ICMP?
Internet Control Message Protocol
What is loop
back adaptor and how to test this adaptor?
The networking capabilities of
Virtual Server can be extended with Microsoft Loopback Adapter. Using
Microsoft Loopback Adapter. The Microsoft Loopback adapter is a groovy little tool originally
designed for testing network configurations. Over time however, many
other uses have been found for it such as networking two computers together
without using a cross-over Ethernet cable, and connecting virtual machines to
the internet.
The Virtual Adapter can be test Ping
127.0.0.1 if the Reply is responding then your virtual adapter is working
How to check
server is Global Catalog server?
Open Active Directory Sites and Services: On the Start menu, point
to Administrative
Tools, and then click Active Directory Sites and Services. If the User Account
Control dialog box appears, provide credentials, if required, and then
click Continue.
In the console tree, expand the Sites container,
expand the site of the domain controller that you want to check, expand the Servers container,
and then expand the Server object.
Right-click the NTDS Settings object, and
then click Properties.
On the General tab, if the Global
Catalog box is selected, the domain controller is designated as a global
catalog server.
What is OU (organizational unit)?
An organizational unit (OU) is a
container within a Microsoft Active Directory domain which can hold users,
groups and computers. It is the smallest unit to which an administrator can
assign Group Policy settings or account permissions. An organizational unit can
have multiple OUs within it, but all attributes within the containing OU must
be unique. Active Directory organizational units cannot contain objects from
other domains.
What is groups in AD?
·
Service administrators Responsible for maintaining and delivering
Active Directory Domain Services (AD DS), including managing domain
controllers and configuring the AD DS.
·
Data administrators Responsible for maintaining the data that is
stored in AD DS and on domain member servers and workstations.
Groups are
used to collect user accounts, computer accounts, and other groups into
manageable units. Working with groups instead of with individual users helps
simplify network maintenance and administration.There are two types of groups in Active Directory:
Distribution groups Used to create email distribution lists.
Security groups Used to assign permissions to shared resources.
- Security: Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as email distribution lists.
- Distribution: Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings.
What is DNS?
Domain Name
System (DNS) is one of the industry-standard suites of protocols that comprise
TCP/IP. Microsoft Windows Server 2003. DNS is implemented using two
software components: the DNS server and the DNS client (or resolver). Both
components are run as background service applications. Network resources are identified by numeric IP addresses, but these IP addresses are difficult for network users to remember. The DNS database contains records that map user-friendly alphanumeric names for network resources to the IP address used by those resources for communication. In this way, DNS acts as a mnemonic device, making network resources easier to remember for network users. Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address
What is stub
zone?
A stub zone is a
copy of a zone that contains only those resource records necessary to identify
the authoritative Domain Name System (DNS) servers for that zone. A stub zone
is used to resolve names between separate DNS namespaces. This type of
resolution may be necessary when a corporate merger requires that the DNS
servers for two separate DNS namespaces resolve names for clients in both
namespaces.
A stub zone
consists of:
The start of
authority (SOA) resource record, name server (NS) resource records, and the
glue A resource records for the delegated zone.
The IP address of
one or more master servers that can be used to update the stub zone.
We have 10 disks of 100 GB now we configured raid how
much space we have?
It will show you 500
GB usable Space
1000 users and we need o apply policy on 100 how to do
it?
So should transfer
these user in orginational Unit
How to transfer PDC?
Prerequisites
Before we start make sure the user
your logged in as a domin administrator that is a schema administrator
Transferring the RID Master, PDC
Emulator, and Infrastructure Masters via GUI
To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:
To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:
Open the Active Directory Users and Computers snap-in from the
Administrative Tools folder.
If you are NOT logged onto the target domain controller, in the
snap-in, right-click the icon next to
Active Directory Users and Computers and press Connect to Domain Controller.
Active Directory Users and Computers and press Connect to Domain Controller.
Select the domain controller that will be the new role holder, the
target, and press OK.
Right-click the Active Directory Users and Computers icon again
and press Operation Masters.
Select the appropriate tab for the role you wish to transfer and
press the Change button.
Press OK to confirm the change.
Press OK all the way out.
Transferring the Domain Naming
Master via GUI
To Transfer the Domain Naming Master Role:
To Transfer the Domain Naming Master Role:
Open the Active Directory Domains and Trusts snap-in from the
Administrative Tools folder.
If you are NOT logged onto the target domain controller, in the
snap-in, right-click the icon next to
Active Directory Domains and Trusts and press Connect to Domain Controller.
Active Directory Domains and Trusts and press Connect to Domain Controller.
Select the domain controller that will be the new role holder and
press OK.
Right-click the Active Directory Domains and Trusts icon again and
press Operation Masters.
Press the Change button.
Press OK to confirm the change.
Press OK all the way out.
Transferring the Schema Master via
GUI
To Transfer the Schema Master Role:
To Transfer the Schema Master Role:
Register the Schmmgmt.dll library by pressing Start > RUN and
typing:
regsvr32 schmmgmt.dll
Press OK. You should receive a success confirmation.
From the Run command open an MMC Console by typing MMC.
On the Console menu, press Add/Remove Snap-in.
Press Add. Select Active Directory Schema.
Press Add and press Close. Press OK.
If you are NOT logged onto the target domain controller, in the
snap-in, right-click the Active Directory Schema icon in the Console Root and
press Change Domain Controller.
Press Specify …. and type the name of the new role holder. Press
OK.
Right-click right -click the Active Directory Schema icon again
and press Operation Masters.
Press the Change button.
Press OK all the way out.
How to increase size of hard drive in vm we are
getting greed out?
You would like to expand a hard disk for
a virtual machine so you right-click on the virtual machine and choose edit
settings
The properties of that virtual machine
open, you navigate to the hard disk you would like to expand/increase drive
space but notice that all the fields are grayed out:
One of the reasons why the options are
grayed out is because the virtual machine has snapshots taken of it. To check,
right-click on the virtual machine, select snapshot then snapshot manager.
Once the Snapshot
Manager window opens, you’ll be able to see there are snapshots
for this virtual machine. In the case of the screenshot below, there’s currently
one snapshot named Test created.
Select the snapshot Test and choose Delete to commit the delta to
the virtual machine.
Once you’ve deleted the snapshot, you
will now notice that you can edit the Provisioned Size
fields in the virtual machine settings:
How to take backup of
ad?
You can also access Backup at the command prompt by typing Ntbackup . This tool
is used to back up and restore Active Directory (as well as other services) so
that you can restore data or system components in the event of some unforeseen
or inadvertent failure. Specifically, the Backup tool allows you to back up and
restore the following:
Entire server
Selected files
System State data
The System State data includes Active Directory and all other
system components and services on which Active Directory is dependent. On a
Windows 2000 domain controller, the System State data encompasses the
system startup files, system registry, COM+ class registration database, File
Replication service (the SYSVOL directory), Certificate Services database (if
it is installed), Domain Name System (if it is installed), Cluster service (if
it is installed) and Active Directory. The DNS data includes DNS zone
information that is Active Directory–integrated. The Cluster service data
includes any registry checkpoints and the quorum log, which contains the most
recent cluster database information. Active Directory includes the following
files:
Ntds.dit. The Active Directory database.
Edb.chk. The checkpoint file.
Edb*.log. The transaction logs; each 10 megabytes (MB) in size.
Res1.log and Res2.log. Reserved transaction logs.
To
back up System State data using the Backup Wizard
1.
From the Start menu, click Run , and then
type Ntbackup .
2.
On the Tools menu, click Backup Wizard.
3.
Click Next , click Only back up
the System State data , and then click Next .
4.
Designate where you want to save the System State data, click Next, and then
click Finish.
5.
When you are done setting options, click Finish.
How Many type
of Backup?
Full backups
A full backup is exactly what the name implies. It is a full copy
of your entire data set. Although full backups arguably provide the best
protection, most organizations only use them on a periodic basis because they
are time consuming, and often require a large number of tapes or disk.
Incremental backup
Because full backups are so time consuming, incremental backups
were introduced as a way of decreasing the amount of time that it takes to do a
backup. Incremental backups only backup the data that has changed since the
previous backup.
Differential backups
A differential backup is similar to an incremental backup in that
it starts with a full backup, and subsequent backups only contain data that has
changed. The difference is that while an incremental backup only includes the
data that has changed since the previous backup, a differential backup contains
all of the data that has changed since the last full backup.
Synthetic full backup
A synthetic full backup is a variation of an incremental backup.
Like any other incremental backup, the actual backup process involves taking a
full backup, followed by a series of incremental backups. But synthetic backups
take things one step further.
How
to Check Health monitoring of ad and DNS?
You can
check by cmd. Check the command dcdiag?
How to monitor DNS replication?
Open Replication
Monitor by selecting Start | Run and entering replmon in the Run
dialog box.
To add a server
to the Replication Monitor window, right-click Monitored Servers
and select Add Monitored Server from the pop-up menu.
The Add
Monitored Server Wizard appears. Select either Add The Server Explicitly
By Name or Search The Directory For The Server To Add. If you chose
the latter option, you must specify a domain to search in the list of domains.
Click Next when you are done.
Depending on the
option you chose in the previous step, you will be prompted to either enter a
server name or choose a server from a list. In either case, enter or choose the
server to monitor, then click Finish.
To search for
replication errors, click the Action menu and select Domain | Search
Domain Controllers For Replication Errors.
The Search
Domain Controllers For Replication Failures window appears. Click the Run
Search button and enter the name of the domain to search. After a few
moments, Replication Monitor should list any failures in the Search Domain
Controllers For Replication Failures window. Click Close.
You can manually
synchronize either the entire Active Directory or just individual pieces. To
synchronize the domain DNS zones only, right click the DC=DomainDNS-Zones,
DC=domain, DC=suffix item under the monitored server and select Synchronize
This Directory Partition With All Servers from the pop-up menu.
Depending on how
your domain is configured, you can choose the Disable Transitive Replication,
Push Mode, or Cross Site Boundaries checkboxes. In this case,
leave them blank and click OK.
You will be prompted to confirm the
replication. Click Yes.
Click OK at the success
notification.
What is Group Policy ?
Group Policy is a feature of
the Microsoft Windows NT family of operating systems that controls the working
environment of user accounts and computer accounts. Group Policy provides the
centralized management and configuration of operating systems, applications,
and users' settings in an Active Directory environment. A version of
Group Policy called Local Group Policy ("LGPO" or
"LocalGPO") also allows Group Policy Object management on standalone
and non-domain computers. Group Policy settings are stored in a Group Policy
Object (GPO). The types of Group Policy settings which can be stored in a GPO
are listed below:
Computer configuration settings are located in the Computer
Configuration node.
User configuration settings are located in the User Configuration
node.
Group Policy
Objects are processed in the following order (from top to bottom):[4]- Local - Any settings in the computer's local policy. Prior to Windows Vista, there was only one local group policy stored per computer. Windows Vista and later Windows versions allow individual group policies per user accounts.[5]
- Site - Any Group Policies associated with the Active Directory site in which the computer resides. (An Active Directory site is a logical grouping of computers, intended to facilitate management of those computers based on their physical proximity.) If multiple policies are linked to a site, they are processed in the order set by the administrator.
- Domain - Any Group Policies associated with the Windows domain in which the computer resides. If multiple policies are linked to a domain, they are processed in the order set by the administrator.
- Organizational Unit - Group policies assigned to the Active Directory organizational unit (OU) in which the computer or user are placed. (OUs are logical units that help organizing and managing a group of users, computers or other Active Directory objects.) If multiple policies are linked to an OU, they are processed in the order set by the administrator.
Disk expansion ?
Expansion
portable drive is compact and perfect for taking with you
on the go. Add
more storage space to your computer instantly and take large files
with you when you
travel.
Set-up is
straightforward: simply connect a single USB cable and you are ready to go.
The drive is
powered from the USB cable, so there is no need for an external power
supply. Also, it
is automatically recognized by the Windows operating system, so
there is no
software to install and nothing to configure. Saving files is easy — simply
drag and drop.
Take advantage of
the fast data transfer speeds with the USB 3.0 interface by
connecting to a Super
Speed USB 3.0 port. USB 3.0 is backward compatible with
USB 2.0 for
additional system compatibility.
What is Page file and virtual memory?
A page file is a reserved portion of
a hard disk that is used as an extension of random access memory (RAM) for data
in RAM that hasn't been used recently. A page file can be read from the hard
disk as one contiguous chunk of data and thus faster than re-reading data from
many different original locations. Windows NT administrators or users can reset
the system-provided default size value of the page file to meet their
particular needs. the page file is used by Windows to hold temporary data which
is swapped in and out of physical memory in order to provide a larger virtual
memory set.
Type of dump?
All Windows systems are configured to attempt to capture
information about the state of the operating system in the event of a system
crash. Remember that we are talking about a total system failure here,
not an individual application failure. There are three different types of dump
that can be captured when a system crashes:
Complete Memory Dump: This
contains the entire contents of the physical memory at the time of the
crash. This type of dump will require that there is a page file at least
the size of physical memory plus 1MB (for the header). Because of the
page file requirement, this is an uncommon setting especially for systems with
large amounts of RAM. Windows NT4 only supported a Complete Memory
Dump. Also, this is the default setting on Windows Server systems.
Kernel Memory Dump: A kernel
dump contains only the kernel-mode read / write pages present in physical
memory at the time of the crash. Since this is a kernel-mode only dump,
there are no pages belonging to user-mode processes. However, it is
unlikely that the user-mode process pages would be required since a system
crash (bugcheck) is usually caused by kernel-mode code. The list of
running processes, state of the current thread and list of loaded drivers are
stored in nonpaged memory that saves in a kernel memory dump. The size of
a kernel memory dump will vary based on the amount of kernel-mode memory
allocated by the Operating System and the drivers that are present on the
system.
Small Memory Dump: A small
memory (aka Mini-dump) is a 64KB dump (128KB on 64-bit systems) that contains
the stop code, parameters, list of loaded device drivers, information about the
current process and thread, and the kernel stack for the thread that caused the
crash.
How to Authorities restore?
The Restore
Authority (RSTAUT) command restores the private authorities to user profiles.
This command restores the same object authority to specified objects in the
user profile that each user profile had when all the profiles were saved by the
Save System (SAVSYS) or the Save Security Data (SAVSECDTA) command. It allows
existing authorities, given after the save, to remain. Authority cannot be
restored to the user profiles until the profiles are first restored to the
system by the Restore User Profile (RSTUSRPRF) command and all the objects (for
which authority is being given) are restored to the same libraries where they
were saved. The objects can be restored by the Restore Library (RSTLIB) or
Restore Object (RSTOBJ) command. Documents and folders can be restored using
the Restore Document Library Object (RSTDLO) command. Device configuration
objects can be restored using the Restore Configuration (RSTCFG) command.
Integrated file system objects can be restored by the Restore Object (RST)
command.
If the whole
system is being restored, the following sequence must be followed. Using the
RSTAUT command must be the last step in the sequence.
Restore the
operating system. This is an alternative method to load the program. This
restores the QSYS library and ensures that the IBM-supplied user profiles are
there.
Restore all the
saved user profiles to the system (*ALL is the default for the USRPRF
parameter) by using the RSTUSRPRF command.
Restore all the
configuration and system resource management (SRM) objects to the system by
using the RSTCFG command.
Restore all the
user libraries by using the RSTLIB command.
Restore all
document library objects to the system by using the RSTDLO command.
Restore all
objects in directories using the RST command.
Restore the
object authority to user profiles by using the RSTAUT command.
Wsus and how to add client to WSUS to accept updates?
Windows Server Update Services
(WSUS) are a “must have” feature in business environments. WSUS dramatically
improve network bandwidth efficiency and allow a granular control of the
updates.
Setting up WSUS is not difficult but involves
several steps, especially if you are configuring the services for an existing Active
Directory Domain.
We have three major steps to complete.
You just have to configure the server folder where the Windows updates will be stored:
You just have to configure the server folder where the Windows updates will be stored:
The system will need some minutes to perform a configuration task
after the installation. Then a WSUS tab will appear in your Server
Manager.
WSUS configuration
Open the Windows Server Update Services configuration from the WSUS
tab
Go to the Options tab and launch the Wizard:
Click Next:
Click Next:
Synchronize from Microsoft Update if it’s your first WSUS
server:
Configure the proxy settings, if you have one:
Click Start and wait some minutes
Select only the necessary languages, it will save disk space and
time:
Select the products you need to maintain up-to-date:
Default settings are fine:
Schedule the synchronization:
The WSUS configuration is finished:
Link the Computers via Group
Policy
If you are installing WSUS in an existing Active Directory Domain, the better solution is to
configure the client PCs to take advantage of the WSUS via Group Policy.
To do so, open the WSUS Options and click Computers:
Use Group Policy:
From the WSUS panel create a new group of Computers
(we used the same name of the AD Group):
Open the Group Policy Editor and create a new Policy:
From the Group Policy Management Editor access the path
Computer Configuration/Administrative Templates/Windows
Components/Windows Update
, then click Configure Automatic Updates
Enable Automatic Updates:
Then open the Specify intranet Microsoft update service location
policy:
Specify the server address and add the 8530 port:
Then Enable client-side targeting:
Specify the Group:
Finalize and enforce the Policy. The members of the Group (Computers inside
WSUS_tutorial) will receive the Windows updates from WSUS.
You will be able to select which updates to dispatch from the WSUS
panel, on the server.
Install Windows Server Update
Services
Launch the Server Manager and click Add Roles and Features.
Select the
Windows Server Update Services role. Default configuration is fine:
What are the differences between static ip address and dynamic ip address?
With static IP addressing, a computer (or other device) is
configured to always use the same IP address. With dynamic addressing, the IP
address can change periodically and it is managed by a centralized network service
What is APIPA?
Automatic private IP addressing
(APIPA) is a feature mainly found in Microsoft operating systems. APIPA enables
clients to still communicate with other computers on the same network segment
until an IP address can be obtained from a DHCP server, allowing the machine to
fully participate on the network. The range of these IP address are the
169.254.0.1 to 169.254.255.254 with a default Class B subnet mask of
255.255.0.0
What are the LMHOSTS files?
The LMHOSTS file is a static
method of resolving NetBIOS names to IP addresses in the same way that the
HOSTS file is a static method of resolving domain names into IP addresses. An
LMHOSTS file is a text file that maps NetBIOS names to IP addresses; it must be
manually configured and updated.
What is DHCP scope?
A scope is a range, or pool, of
IP addresses that can be leased to DHCP clients on a given subnet.
What is FQDN?
An FQDN contains (fully qualified
domain name) both the hostname and a domain name. It uniquely identifies a host
within a DNS hierarchy
What is the DNS forwarder?
DNS servers often must
communicate with DNS servers outside of the local network. A forwarder is an
entry that is used when a DNS server receives DNS queries that it cannot
resolve locally. It then forwards those requests to external DNS servers for
resolution.
What is meshing?
Meshing generically describes how devices are
connected together. It is also the part of topology. There are two types of
meshed topologies: partial and full.
In a partially meshed environment , every device is not connected to every other device. In a fully meshed environment, every device is connected to every other device. Wireless is the good example of meshing. Wan ( internet is also a good example of meshing where a computer have connectivity with all internet network.)
In a partially meshed environment , every device is not connected to every other device. In a fully meshed environment, every device is connected to every other device. Wireless is the good example of meshing. Wan ( internet is also a good example of meshing where a computer have connectivity with all internet network.)
Describe Various Network Type
Local Area Networks Local area
networks (LANs) are used to connect networking devices that are in a very close
geographic area, such as a floor of a building, a building itself, or a campus
environment.
Wide Area Networks Wide area
networks (WANs) are used to connect LANs together. Typically, WANs are used
when the LANs that must be connected are separated by a large distance.
Metropolitan Area Networks A
metropolitan area network (MAN) is a hybrid between a LAN and a WAN.
Content Networks Content networks (CNs) were
developed to ease users’ access to Internet resources. Companies deploy
basically two types of CNs:
1.Caching downloaded Internet information
2.Distributing Internet traffic loads across multiple servers
1.Caching downloaded Internet information
2.Distributing Internet traffic loads across multiple servers
Storage Area Networks Storage area
networks (SANs) provide a high-speed infrastructure to move data between
storage devices and file servers.
What is logical link control?
One of two sub layers of the data
link layer of OSI reference model, as defined by the IEEE 802 standard. This sub
layer is responsible for maintaining the link between computers when they are
sending data across the physical network connection.
What is the difference between TFTP and FTP application layer protocols?
The Trivial File Transfer
Protocol (TFTP) allows a local host to obtain files from a remote host but does
not provide reliability or security. It uses the fundamental packet delivery
services offered by UDP.
The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file from one host to another. It uses the services offered by TCP and so is reliable and secure. It establishes two connections (virtual circuits) between the hosts, one for data transfer and another for control information.
The File Transfer Protocol (FTP) is the standard mechanism provided by TCP / IP for copying a file from one host to another. It uses the services offered by TCP and so is reliable and secure. It establishes two connections (virtual circuits) between the hosts, one for data transfer and another for control information.
What is difference between ARP and RARP?
The address resolution protocol
(ARP) is used to associate the 32 bit IP address with the 48 bit physical
address, used by a host or a router to find the physical address of another
host on its network by sending a ARP query packet that includes the IP address
of the receiver.
The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it knows only its physical address.
The reverse address resolution protocol (RARP) allows a host to discover its Internet address when it knows only its physical address.
What is ICMP?
ICMP is Internet Control Message Protocol, a network layer
protocol of the TCP/IP suite used by hosts and gateways to send notification of
datagram problems back to the sender. It uses the echo test / reply to test
whether a destination is reachable and responding. It also handles both control
and error messages.
What is Bandwidth?
Every
line has an upper limit and a lower limit on the frequency of signals it can
carry. This limited range is called the bandwidth
What is MAC address?
The address for a device as it is
identified at the Media Access
Control (MAC) layer in the network
architecture. MAC address is usually stored in ROM on the network adapter card
and is unique.
What is RAID?
A method for providing fault
tolerance by using multiple hard disk drives.
What is Beaconing?
The process that allows a network
to self-repair networks problems. The stations on the network notify the other
stations on the ring when they are not receiving the transmissions. Beaconing
is used in Token ring and FDDI networks.
What is a DNS resource record?
Resource record is an entry in a
name server's database. There are several types of resource records used,
including name-to-address resolution information. Resource records are maintained
as ASCII files.
What
is MAC address?
It is the 48 bit hardware address of LAN card. MAC address is
usually stored in ROM on the network adapter card and it is unique.
How
will you test LAN card?
Ping 127.0.0.1 If
getting reply its fine
What
are the difference between DOMAIN and WORKGROUP?
Workgroup:-
(i)Every PC is responsible for its security own.
(ii)No centralize administration
(iii)Main aim to save hardware recourse
(iv)Best suite in school, training institute, cyber café
Domain: -
(i)Server is responsible for data safety.
(ii)Centralize administration
(iii)Main aim is to secure data
(iv)Best suite in company environments
(i)Every PC is responsible for its security own.
(ii)No centralize administration
(iii)Main aim to save hardware recourse
(iv)Best suite in school, training institute, cyber café
Domain: -
(i)Server is responsible for data safety.
(ii)Centralize administration
(iii)Main aim is to secure data
(iv)Best suite in company environments
What
are the differences between FAT and NTFS ?
FAT
|
NTFS
|
Doesn't provide
local security
|
Provide local
security
|
Doesn't provide
disk quota
|
Provide disk
quota
|
Doesn't provide
file compression
|
Provide file
compression
|
Doesn't provide
other security feature
|
Provide other
security feature
|
What is the difference between an unspecified passive open and a fully specified passive open?
An unspecified passive open has the
server waiting for a connection request from a client.
A fully specified passive open has the server waiting for a connection from a specific client.
A fully specified passive open has the server waiting for a connection from a specific client.
What is a Management Information Base (MIB)?
A Management Information Base is part of every SNMP-managed
device. Each SNMP agent has the MIB database that contains information about
the device's status, its performance, connections, and configuration. The MIB
is queried by SNMP.
What is anonymous FTP and why would you use it?
Anonymous FTP enables users to connect to a host without using a
valid login and password. Usually, anonymous FTP uses a login called anonymous
or guest, with the password usually requesting the user's ID for tracking
purposes only. Anonymous FTP is used to enable a large number of users to
access files on the host without having to go to the trouble of setting up
logins for them all. Anonymous FTP systems usually have strict controls over
the areas an anonymous user can access.
What are two main types of access
control lists (ACLs)?
There are Standard and Extended ACLs (Access
Control lists).
Differentiate between POP3 and IMAP
Mail server?
POP3 is before using mail server in which all
mail should be downloaded first if signed in with different PC. Whereas IMAP
eliminates this problem and there is no need to download all the emails in
IMAP. Hence identification of new mails is easy in IMAP then POP3.
List out the 7 OSI layers?
Seven OSI layers are:
Physical Layer
Data link Layer
Network Layer
Transport Layer
Session Layer
Presentation
Layer
Application Layer
Give some components name that is used in
Physical Layer?
All physical
components of network are work at Physical layer such like Hub, Router, Switch,
Communication Cables, etc.
What is multicasting?
Multicasting
gives the facility to send single message different recipients such like email,
teleconferencing. In this some standards are used and network infrastructure
What is the
use of IGMP Protocol?
Internet Group Management Protocol:- It allow internet
host to participate in multicasting. The IGMP messages are used to learn which
hosts is part of which multicast groups. The mechanism also allows a host to
inform its local router that it wants to receive messages
What are Ping
and tracert?
Ping Particularly used to check the system is in network
or not. It also gives packets lost information. Trace route traces the path the
packet takes from the computer where the command is given until the
destination.
What is NAT?
Network address translation translates an IP address used
in a network to another IP address knows within another network. A NAT table is
maintained for global to local and local to Global ip mapping.
What is IP
spoofing and how can it be prevented?
IP spoofing is a mechanism used by attacker to gain
unauthorized access to a system here the intruder sends message to a computer
with IP address indicating that the message is coming from a trusted host.
What is an
application gateway?
An application gateway is a program that runs on firewall
between to network. An application gateway is used to establishing connection
between client program and destination services. The client negotiates with the
gateway to communication with the services of destination. Here gateway can be called
a proxy other between proxy and destination service.
Difference
between DDR, DDR2,DDR3?
DRAM Type ||
Transfer Rate(MT/s) || Voltage
DDR􀀀 || 200􀂱400􀀀 || 2.5/2.6
DDR2 || 667 || 1.8
DDR3 || 800􀂱1333 || 1.5
What
is an Operating System?
OS, is a
software program that enables the computer Hardware to communicate and operate
with the computer software. Mode are in operating system is GUI
What
is Last Known Good Configuration?
The "Last Known Good" configuration is one of the available startup options in Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003. It starts the computer by using the registry information and drivers that Windows saved at the last shutdown. The Last Known Good Configuration startup option allows you to recover from a problem by reversing driver and registry changes made since you last started Windows XP/2000/2003
The "Last Known Good" configuration is one of the available startup options in Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003. It starts the computer by using the registry information and drivers that Windows saved at the last shutdown. The Last Known Good Configuration startup option allows you to recover from a problem by reversing driver and registry changes made since you last started Windows XP/2000/2003
what
is MSconfig?
System
Configuration Utility is a system. Configuration utility Bundled with all
Microsoft Windows. This tool modifies which programs run at startup, edits
certain configuration files, and simplifies controls over Windows services.
What is the Blue Screen of Death and what could be it's
causes?
The 'blue
screen of death' is very simply a critical system error which prevents the
system from
turning on to restrain further damage. Blue screens on NT-based Windows systems
can be caused by poorly written device drivers or Malfunctioning hardware. ,
incompatible DLLs or bugs in the kernel of the operating system could also
cause blue screens. Blue screens can also be caused by physical faults. such as
faulty memory, power supply issues, overheating of components, or hardware
running beyond its specification limits. however this can be only done in safe
mode and even then it is hard to find. However, it is not physically strained
then the following has always been proven successful; rebooting from the
Microsoft Windows CD. After booting to the CD, it may be possible to correct
the problem by performing a repair install or by using the Recovery Console
(with CHKDSK
What
is Cold Boot and Warm Boot?
Cold boot is the process of starting a computer
from shutdown or a powerless state and setting it to normal working condition.
A cold boot refers to the general process of starting the hardware components
of a computer, laptop or server to the point that its operating system and all
startup applications and services are launched.
Warm
Boot-Refers to restarting a computer that is already turned on via the
operating system.
Restarting it
returns the computer to its initial state. A warm boot is sometimes necessary
when a program encounters an error from which it cannot recover. On PCs, you
can perform a warm
Boot by pressing
the Control, Alt, and Delete keys simultaneously. On Macs, you can perform a
warm boot by pressing the Restart button.
What
is Disk Cleanup?
Disk
Cleanup (cleanmgr.exe) is a computer maintenance utility included
in Microsoft Windows designed to free up
disk space on a computer's hard drive. The utility first Searches and analyzes
the hard drive for files that are no longer of any use, and then removes the
Unnecessary files. There are a number of different file categories that Disk Cleanup
targets when Performing the initial disk analysis.
· Compression
of old files
· Temporary
Internet files
· Temporary
Windows file
· Downloaded
Program files
· Recycle Bin
· Removal of
unused applications or optional Windows components
· Setup Log
files
· Offline
files
What
is Disk Defragmentation?
Disk
Defragmenter is a utility in Microsoft Windows designed to
increase access Speed by rearranging files stored on a disk to occupy
contiguous storage locations, a technique Called defragmentation. Defragmenting
a disk minimizes head travel, which reduces the time it Takes to read files
from and write files to the disk.
What
is the difference between SATA and PATA Hard-Disk?
PATA is slow,
with max transfer speed of 133 MBps while SATA is currently at 400 or 500 MBps.
SATA means-serial advanced technology attachment PATA-parallel advanced technology attachment. sata will have 7 pin
interface, pata will use IDE interface of 40 pins and ultra IDE will have 80
pins. the main diff is data transferred speed. SATA-600 MBps,1 bit is
transferred at one time..PATA-100 MBps,16 bits are transferred at one time.
What
is LDAP?
Lightweight
Directory - Directories are kind of like a database but not really. A directory
is a
Specialized
database that is optimized for lookups
what
are the new features in Active Directory (AD) of Windows server 2012?
dcpromo
(Domain Controller Promoter) with improved wizard:
It allows you to view all the steps and review the detailed results during the
installation process
Enhanced
Administrative Center:
Compared to the earlier version of active directory, the administrative center
is well designed in Windows 2012. The exchange management console is well
designed
Recycle bin goes
GUI: In windows server
12, there are now many ways to enable the active directory recycle bin through
the GUI in the Active Directory Administrative Center, which was not possible
with the earlier version
Fine grained
password policies (FGPP): In
windows server 12 implementing FGPP is much easier compared to an earlier
It allows you to create different password policies in the same domain
Windows Power Shell History Viewer: You can view the Windows Power Shell
commands that relates to the actions you execute in the Active Directory
Administrative Center UI
Explain what is SYSVOL?
The SysVOL
folder keeps the server’s copy of the domain’s public files. The contents
such as users, group policy, etc. of the sysvol folders are replicated to all
domain controllers in the domain
What is the difference between
domain admin groups and enterprise admins group in AD?
Enterprise Admin Group
Members of this
group have complete control of all domains in the forest By default, this group
belongs to the administrators group on all domain controllers in the forest As
such this group has full control of the forest, add users with caution
Domain Admin Group
Members of this
group have complete control of the domain By default, this group is a member of
the administrators group on all domain controllers, workstations and member
servers at the time they are linked to the domain
What system state data contains?
- Contains startup files
- Registry
- Com + Registration Database
- Memory page file
- System files
- AD information
- SYSVOL Folder
- Cluster service information
What is Kerberos?
Kerberos is an authentication protocol for network. It is
built to offer strong authentication for server/client applications by using
secret-key cryptography.
where does the AD database is held? What other folders are related
to AD?
- AD database is saved in %systemroot%/ntds. In the same folder, you can also see other files; these are the main files controlling the AD structures they are dit
- log
- res 1.log
- log
- chk
What is PDC emulator and how would one know whether PDC emulator
is working or not?
There is one PDC
emulator per domain, and when there is a failed authentication attempt, it is
forwarded to PDC emulator. It acts as a “tie-breaker” and it controls the
time sync across the domain.
These are the
parameters through which we can know whether PDC emulator is working or not.
- Time is not syncing
- User’s accounts are not locked out
- Windows NT BDCs are not getting updates
- If pre-windows 2000 computers are unable to change their passwords
Mention what are lingering
objects?
Lingering objects can exists if a domain controller does not
replicate for an interval of time that is longer than the tombstone lifetime
(TSL).
What is TOMBSTONE lifetime?
Tombstone lifetime in an Active Directory determines how long a
deleted object is retained in Active Directory. The deleted objects in
Active Directory is stored in a special object referred as TOMBSTONE.
Usually, windows will use a 60- day tombstone lifetime if time is not set in
the forest configuration.
What is Active Directory Schema?
Schema is an active directory component describes all the
attributes and objects that the directory service uses to store data
What is a child DC?
CDC or child DC is a sub domain controller under root domain
controller which share name space
What is RID Master?
RID master stands for Relative Identifier for assigning unique IDs
to the object created in AD
What are the components of AD?
Components of AD
includes
- Logical Structure: Trees, Forest, Domains and OU
- Physical Structures: Domain controller and Sites
What
is Infrastructure Master?
Infrastructure Master is accountable for updating information
about the user and group and global catalogue.
How to
take backup of AD ?
taking backup of active directory you have to do this :
first go to START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP
when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the syatem including AD backup , DNS ETC.
taking backup of active directory you have to do this :
first go to START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP
when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the syatem including AD backup , DNS ETC.
What is Garbage collection ?
Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours.
Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours.
What is NETDOM?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels
NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels
What
do you understand by the term "Memory Leak"?
A memory leak is when you used
some memory and lost the pointer to the allocation so you can no longer
de-allocate that memory. There are two types of memory leaks, the gradual
memory leak (where memory continuously grows at approximately the same rate)
and the sudden memory jump.
Non-authoritative
restore of Active DirectoryNon-authoritative restore is restore the domain controller to its state at the time of backup, and allows normal replication to overwrite restored domain controller with any changes that have occurred after the backup. After system state restore, domain controller queries its replication partners and get the changes after backup date, to ensure that the domain controller has an accurate and updated copy of the Active Directory database.
Non-authoritative restore is the default method for restoring Active Directory, just a restore of system state is non-authoritative restore and mostly we use this for Active Directory data loss or corruption.
Which FSMO role is the most
important? And why?
Interesting question which role is most important out of 5 FSMO
roles or if one role fails that will impact the end-user immediately Most
armature administrators pick the Schema master role, not sure why maybe they
though Schema is very critical to run the Active Directory
Correct answer is PDC, now the next question why? Will explain
role by role what happens when a FSMO role holder fails to find the answer
Schema Master –
Schema Master needed to update the Schema, we don’t update the schema daily
right, when will update the Schema? While the time of operating system
migration, installing new Exchange version and any other application which
requires extending the schema
So if are Schema Master Server is not available, we can’t able to
update the schema and no way this will going to affect the Active Directory
operation and the end-user Schema Master needs to be online and ready to make a
schema change, we can plan and have more time to bring back the Schema Master
Server
Domain Naming Master –
Domain Naming Master required to creating a new Domain and creating an
application partition, Like Schema Master we don’t cerate Domain and
application partition frequently So if are Domain Naming Master Server is not
available, we can’t able to create a new Domain and application partition, it
may not affect the user, user event didn’t aware Domain Naming Master Server is
down
Infrastructure Master –
Infrastructure Master updates the cross domain updates, what really
updates between Domains? Whenever user login to Domain the TGT has been created
with the list of access user got through group membership (user group
membership details) it also contain the user membership details from trusted
domain, Infrastructure Master keep this information up-to-date, it update
reference information every 2 days by comparing its data with the Global
Catalog (that’s why we don’t keep Infrastructure Master and GC in same
server)
In a single Domain and single Forest environment there is no
impact if the Infrastructure Master server is down In a Multi Domain and
Forest environment, there will be impact and we have enough time to fix the
issue before it affect the end-user
RID Master –Every
DC is initially issued 500 RID’s from RID Master Server. RID’s are used
to create a new object on Active Directory, all new objects are created with
Security ID (SID) and RID is the last part of a SID. The RID uniquely
identifies a security principal relative to the local or domain security
authority that issued the SID When it gets down to 250 (50%) it requests a
second pool of RID’s from the RID master. If RID Master
Server is not available the RID pools unable to be issued to
DC’s and DC’s are only able to create a new object depends on the
available RID’s, every DC has anywhere between 250 and 750 RIDs available, so
no immediate impact
PDC – PDC
required for Time sync, user login, password changes and Trust, now you know
why the PDC is important FSMO role holder to get back online, PDC role will
impact the end-user immediately and we need to recover ASAP The PDC emulator
Primary Domain Controller for backwards compatibility and it’s responsible for
time synchronizing within a domain, also the password master. Any password
change is replicated to the PDC emulator ASAP. If a logon request fails due to
a bad password the logon request is passed to the PDC emulator to check the
password before rejecting the login request.
Tel me about Active Directory
Database and list the Active Directory Database files?
NTDS.DIT
EDB.Log
EDB.Che
Res1.log and Res2.log
All AD changes didn’t write directly to NTDS.DIT database file,
first write to EDB.Log and from log file to database, EDB.Che used to track the
database update from log file, to know what changes are copied to database
file.
NTDS.DIT: NTDS.DIT is
the AD database and store all AD objects, Default location is the %system
root%\nrds\nrds.dit, Active Directory database engine is the extensible storage
engine which us based on the Jet database
EDB.Log: EDB.Log is
the transaction log file when EDB.Log is full, it is renamed to EDB Num.log
where num is the increasing number starting from 1, like EDB1.Log
EDB.Che: EDB.Che is
the checkpoint file used to trace the data not yet written to database file
this indicate the starting point from which data is to be recovered from the
log file in case if failure
Res1.log and Res2.log: Res is
reserved transaction log file which provide the transaction log file enough
time to shutdown if the disk didn’t have enough space
What are all the Active Directory
Partitions?
Schema
Configuration
Domain
Application partition
Configuration
Domain
Application partition