What is Active Directory? Active directory is a hierarchical structure that stores information about objects on the network. Active Directory provides the methods for storing directory data and making this data available to network users and administrators. Active Directory Default Storage? Active Directory Data base folder: - D:\WINDOWS\NTDS Store active Directory log: - D:\WINDOWS\NTDS SYSVOL:-The SYSVOL folder stores the server copy of domain public files. The contents of the SYSVOL folder are replicated to all domain controllers in the domain. It must be located on an NTFS Volume SYSVOL By default Location: - D:\WINDOWS\SYSVOL What is Domain? In Active Directory, a collection of computer, user, and group objects defined by the administrator. These objects share a common directory database, security policies, and security relationships with other domains. In Domain Name System (DNS), a domain is any tree or sub tree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Active Directory domains. What is Domain Controller? In an Active Directory forest, a server that contains a writable copy of the Active Directory database participates in Active Directory replication, and controls access to network resources. Administrators can manage user accounts, network access, shared resources, site topology, and other directory objects from any domain controller in the forest. See also Active Directory; authentication; directory; forest. What is Domain Services? Active Directory provides the means to manage the identities and relationships that make up your organization's network. Integrated with Windows Server 2008, Active Directory gives you out-of-thebox functionality needed to centrally configure and administer system, user, and application settings. Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. What is Global Catalog (GC)? A domain controller that contains a partial replica of every domain in Active Directory. A global catalog holds a replica of every object in Active Directory, but with a limited number of each object’s attributes. The global catalog stores those attributes most frequently used in search operations (such as a user’s first and last names) and those attributes required to locate a full replica of the
object. The Active Directory replication system builds the global catalog automatically. The attributes replicated into the global catalog include a base set defined by Microsoft. Administrators can specify additional properties to meet the needs of their installation. What is Forest? A collection of one or more Active Directory domains that share a common schema, configuration, and global catalog. What is tree? A tree in Active Directory is just an extension of the idea of a directory tree. It’s a hierarchy of objects and containers that demonstrates how objects are connected, or the path from one object to another. Endpoints on the tree are usually objects. What is Site? One or more well-connected (highly reliable and fast) Transmission Control Protocol/Internet Protocol (TCP/IP) subnets. A site allows administrators to con-figure Active Directory access and replication topology quickly and easily to take advantage of the physical network. When users log on, Active Directory clients locate Active Directory servers in the same site as the user. See also subnet; well-connected. What is Organizational unit (OU)? A container object in Active Directory used to separate computers, users, and other resources into logical units. An organizational unit is the smallest entity to which Group Policy can be linked. It is also the smallest scope to which administration authority can be delegated. What is Schema? A description of the object classes and attributes stored in Active Directory. For each object class, the schema defines what attributes an object class must have, what additional attributes it may have, and what object class can be its parent. An Active Directory schema can be updated dynamically. For example, an application can extend the schema with new attributes and classes and use the extensions immediately. Schema updates are accomplished by creating or modifying the schema objects stored in Active Directory. Like every object in Active Directory, a schema object has an access control list (ACL) so that only authorized users can alter the schema. What is LDAP? LDAP is a communication protocol designed for use on TCP/IP networks. LDAP defines how a directory client can access a directory server and how the client can perform directory operations and share directory data. Active Directory Lightweight Directory Service (AD LDS) provides directory services for directoryenabled applications. AD LDS does not require or rely on Active Directory domains or forests. AD LDS was previously known as Active Directory Application Mode (ADAM).
What is Single-master replication? A type of replication where one domain controller is the master domain controller and operations are not permitted to occur at different places in a network at the same time. In Active Directory, one or more domain controllers can be assigned to perform single-master replication. Operations master roles are special roles assigned to one or more domain controllers in a domain to perform singlemaster replication. See also operations master role. What is multimaster replication? A replication model in which any domain controller accepts and replicates directory changes to any other domain controller. This differs from other replication models in which one computer stores the single modifiable copy of the directory and other computers store backup copies. See also domain controller; replication. What is FSMO role? Flexible Single-Master Operation role. Mechanism used by Active Directory to prevent update conflicts in multi master deployments. Some objects are updated in a single-master mode even if the deployment is multi master, which is very similar to the old concept of a Primary Domain Controller (PDC) in Windows NT domains. There are five FSMO Roles in an Active Directory deployment, but only the PDC-emulator role affects Identity Synchronization for Windows. Because password updates are replicated immediately only to the Active Directory domain controls with the PDC emulator role, Identity Synchronization for Windows use this domain controller for synchronization. What is Operations Master? A domain controller that has been assigned one or more special roles in an Active Directory domain. The domain controllers assigned these roles perform operations that are single master (not permitted to occur at different places on the network at the same time). Examples of these operations include resource identifier allocation, schema modification, primary domain controller (PDC) election, and certain infrastructure changes. The domain controller that controls the particular operation owns the operations master role for that operation. The ownership of these operations master roles can be transferred to other domain controllers. Also known as flexible single-master operations (FSMO). What is Schema Master? The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the entire forest. What is Domain Naming Master? The domain controller holding the domain naming master role controls the addition or removal of domains in the forest. There can be only one domain naming master in the entire forest. Note: - 1. Forest-wide operations master roles are Schema Master and Domain Naming Master.
2. Domain-wide operations master roles are Rid Master, PDC Emulator Master and Infrastructure Master. What is Relative ID (RID) Master? The domain controller assigned to allocate sequences of relative IDs to each domain controller in its domain. Whenever a domain controller creates a security principal (user, group, or computer object), the domain controller assigns the object a unique security ID (SID). The SID consists of a domain SID that is the same for all SIDs created in a particular domain and a relative ID that is unique for each SID created in the domain. At any time, there can be only one relative ID master in a particular domain. What is PDC Emulator master? A domain controller that holds the PDC emulator operations master role in Active Directory. The PDC emulator services network clients that do not have Active Directory client software installed, and it replicates directory changes to any Microsoft Windows NT backup domain controllers (BDCs) in the domain. The PDC emulator handles password authentication requests involving passwords that have recently changed and not yet replicated. At any time, the PDC emulator master role can be assigned to only one domain controller in each domain. What is infrastructure master? The domain controller assigned to update group-to-user references whenever group memberships are changed and to replicate these changes to any other domain controllers in the domain. At any time, there can be only one infrastructure master in a particular domain. The infrastructure master should not be located on the same computer as the global catalog if there is more than one domain controller in the forest. What happen if Schema Master Failure? Temporary loss of the schema operations master is not visible to network users. It is not visible to network administrators either, unless they are trying to modify the schema or install an application that modifies the schema during installation. If the schema master will be unavailable for an unacceptable length of time, you can seize the role to the domain controller you’ve chosen to act as the standby schema master. However, seizing this role is a step that you should take only when the failure of the schema master is permanent. What happen if Domain Naming Master Failure? Temporary loss of the domain naming master is not visible to network users. It is not visible to network administrators either, unless they are trying to add a domain to the forest or remove a domain from the forest. If the domain naming master will be unavailable for an unacceptable length of time, you can seize the role to the domain controller you’ve chosen to act as the standby domain naming master. However, seizing this role is a step that you should take only when the failure of the domain naming master is permanent.
What happen if RID Master Failure? Temporary loss of the RID operations master is not visible to network users. It is not visible to network administrators either, unless they are creating objects and the domain in which they are creating the objects runs out of relative identifiers. If the RID master will be unavailable for an unacceptable length of time, you can seize the role to the domain controller you’ve chosen to act as the standby RID master. However, seizing this role is a step that you should take only when the failure of the RID master is permanent. What happen if PDC Emulator Failure? The loss of the PDC emulator affects network users. Therefore, when the PDC emulator is not available, you might need to immediately seize the role. If the current PDC emulator will be unavailable for an unacceptable length of time and its domain has clients without Windows Server 2003 client software, or if it contains Windows NT backup domain controllers, seize the PDC emulator role to the domain controller you’ve chosen to act as the standby PDC emulator. When the original PDC emulator is returned to service, you can return the role to the original domain controller. What happen if Infrastructure Master Failure? Temporary loss of the infrastructure master is not visible to network users. It is not visible to network administrators either, unless they have recently moved or renamed a large number of accounts. If the infrastructure master will be unavailable for an unacceptable length of time, you can seize the role to a domain controller that is not a global catalog but is well connected to a global catalog (from any domain), ideally in the same site as a global catalog server. When the original infrastructure master is returned to service, you can transfer the role back to the original domain controller.
DNS (Domain Naming System or Distributed Naming System) Related Interview Question & Answer.
1) What is DNS? The Domain Name System (DNS) is a hierarchical distributed naming system for computers. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. 2) What is the main purpose of a DNS server? DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa. 3) How does a computer know to which DNS server it has to sent the request The DNS server IP address is configured on the TCP/IP adapter setting of the computer. With this information, the computer knows the DNS server to which the request has to be sent. 4) What is the port no of DNS? UDP port number – 53 5) How many root DNS servers are available in the world? 13 6) What is a Forward Lookup?
Resolving Host Names to IP Addresses, Address mapping (A) records maps a host name to an IP address 7) What is a Forward Lookup? Reverse-lookup pointer (PTR) records map an IP address to a host name. 8) What is a Resource Record? It is a record provides the information about the resources available in the N/W infrastructure. 9) What is the different DNS Roles? Standard Primary, Standard Secondary, & AD Integrated. 10) What is a Zone? Zone is a sub tree of DNS database. 11) Why we create PTR Records Secure services in your network require reverse name resolution to make it more difficult to launch successful attacks against the services. To set this up, you configure a reverse lookup zone and proceed to add records. 12) SOA records must be included in every zone. What are they used for? SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain the e-mail address of the person who nis responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers. 13) What is primary, Secondary, stub & AD Integrated Zone? Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder. Holds the master copy of a zone and can replicate it to secondary zones. All changes to a zone are made on the standard primary. Secondary Zone: - maintains a read only copy of zone database on another DNS server. Provides fault tolerance and load balancing by acting as backup server to primary server.Information in a primary zone is replicated to the secondary by use of the zone transfer mechanism. Stub zone: - contains a copy of name server and SOA records used for reducing the DNS search orders. Provides fault tolerance and load balancing. Active Directory-integrated: -A Microsoft proprietary zone type, where the zone information is held in the Windows 2000 Active Directory (AD) and replicated using AD replication. DNS record types 14) What is the main purpose of SRV (Service)records? SRV records are used in locating hosts that provide certain network services. 15) Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy clients? The zone to be used for dynamic updates must be configured to allow dynamic updates. The DHCP server must support, and be configured to allow, dynamic updates for legacy clients. 16) Benefits of using AD-integrated zones. a) Active Directory integrated DNS enables Active Directory storage and replication of DNS zone databases. Windows 2000 DNS server, the DNS server that is included with Windows 2000 Server, accommodates storing zone data in Active Directory. b) When you configure a computer as a DNS server, zones are usually stored as text files on name servers that is, all of the zones required by DNS are stored in a text file on the server computer. c) These text files must be synchronized among DNS name servers by using a system that requires a separate replication topology and schedule called a zone transfer However, if you use Active Directory integrated DNS when you configure a domain controller as a DNS name server, zone data is stored as an Active Directory object and is replicated as part of domain replication.