7/28/2019 AD Datase, GC, Schema Ques n Ans

1/6

What are the requirements for installing AD on a new server?

Here is a quick list of what you must have:

An NTFS partition with enough free space

An Administrator's username and password

The correct operating system version A NIC

Properly configured TCP/IP (IP address, subnet mask and - optional - default

gateway)

A network connection (to a hub or to another computer via a crossover cable)

An operational DNS server (which can be installed on the DC itself)

A Domain name that you want to use

The Windows 2000 or Windows Server 2003 CD media (or at least the i386

folder)

For More Infor : http://www.petri.co.il/active_directory_installation_requirements.htm

How To Install a Domain Controller in Remote Site ?

http://technet2.microsoft.com/windowsserver/en/library/9c7c4da8-ddaa-4b13-967a-

74578773d1a91033.mspx?mfr=true

What roles DNS plays in Active Directory ?When Windows 2003 domain controllers boot, not only do they register theirhostname andIP address with the DNS server, but they also register service records (SRV) thatindicate whichservices that domain controller is supporting (domain controller, Global Catalog, andKerberos).

Windows 2003 member servers and clients use these SRV to locate domaincontrollers and GlobalCatalog servers. Further, the client will determine which Active Directory site it is inand willattempt to contact a domain controller or Global Catalog server in that site first.

How will u ensure that Active Directory is Installed Successfully ?First, check the contents of the %SystemRoot%\Debug\Dcpromo.log file.

To Verify that the installation was successful. Open a command promptand enter the Net Share command. It should report the existence ofthe Netlogon and SYSVOL shares. To verify that the DNS service locatorrecords for the new DC were successfully created, follow these steps:In Dns Console --- Expand the server name-- Expand Forward Lookup Zones.Expand the domainand Verify that the _msdcs, _sites, _tcp, and _udp foldersare presentand contain records for your new DC. These service location recordsare crucial to the operation of the DC

What Will u do If DCPROMO Fails to install Active Directory.

http://technet2.microsoft.com/windowsserver/en/library/9c7c4da8-ddaa-4b13-967a-74578773d1a91033.mspx?mfr=truehttp://technet2.microsoft.com/windowsserver/en/library/9c7c4da8-ddaa-4b13-967a-74578773d1a91033.mspx?mfr=truehttp://technet2.microsoft.com/windowsserver/en/library/9c7c4da8-ddaa-4b13-967a-74578773d1a91033.mspx?mfr=truehttp://technet2.microsoft.com/windowsserver/en/library/9c7c4da8-ddaa-4b13-967a-74578773d1a91033.mspx?mfr=true

7/28/2019 AD Datase, GC, Schema Ques n Ans

2/6

There are a few things to check for after a failure of the Active Directory InstallationWizard. First, check the contents of the %SystemRoot%\Debug\Dcpromo.log file.XIf the log file reports that The system cannot find the file specified,then check for the presence of the %SystemRoot%\System32\Ntds.ditfile. This is a default directory services file on a member server. The wayto fix this is to expand Ntds.di_ from any server CD. Note that this file

should be in the System32 folder on a member server. Once you run asuccessful dcpromo, the active Ntds.dit file will be in the folder youspecified during the promotion.XIf you receive anAccess is denied error, check for incorrect permissionson the default Ntds.dit file, as well as on your new and existing NTDSfolders.XIf SRV records fail to show up in the appropriate DNS zone, check firstto see if the new DCs Primary DNS Server TCP/IP property is set to thecorrect DNS server. If the DC is a DNS server, then this value shouldpoint to itself.

Where is the AD database held? What other folders are related to AD?By default, this file is installed into the %SYSTEMROOT%\NTDS folder.

Folders Releated to Active DirectoryNetLogon.Sysvol.NTDS.

What is SYSVOL Folder ?Every domain controller has a built-in collection of folders named SYSVOL (forSystemVolume). The SYSVOL folders provide a default Active Directory location for filesthat

must be replicated throughout a domain. You can use SYSVOL to replicate GroupPolicyObjects, startup and shutdown scripts, and logon and logoff scripts. A WindowsServer 2003 service named File Replication Service (FRS) is responsible forreplicatingfiles in the SYSVOL folders between domain controllers. FRS uses site boundariestogovern the replication of items in the SYSVOL folders.

What are the Contents of SYSVOL folder.

Following are the contents of sysvol folder.

\SYSVOL

\SYSVOL\domain\SYSVOL\staging\domain

\SYSVOL\staging areas

\SYSVOL\domain\Policies

\SYSVOL\domain\scripts\SYSVOL\SYSVOL

What is Directory Access Protocol

7/28/2019 AD Datase, GC, Schema Ques n Ans

3/6

For clients to search for objects, update information, and communicate withDCs whenlogging on to the network, a directory access protocol must be used. Aprotocol is a set ofrules that dictate how data is sent over a network. A directory access protocolis used for

the specific purpose of exchanging information with the directory service.

What is LDAP(Lightweight Directory Access Protocol)A directory access protocol is used forthe specific purpose of exchanging information with the directory service.Active Directory uses LDAP for communications between clients and directoryservers.LDAP is a version of the X.500 Directory Access Protocol (DAP), and isconsideredlightweight because it uses less code than DAP does

How to Uninstall Active Directory ?Administrative Credentials

To perform this procedure, you must be a member of the Domain Admins group.

To uninstall Active Directory

1. Click Start, click Run, type dcpromo and then click OK.

2. The Active Directory Installation Wizard appears. Click Next at the Welcome screen.

3. You have an option to select This server is the last domain controller in the domain. Ifyou select this option, the wizard attempts to remove the domain from the forest. Do not

select this option. Click Next.

4. At the Administrative Password screen, enter and confirm the password that you want

to assign to the local Administrator account after Active Directory is removed. ClickNext.

5. At the Summary screen, verify that the information is correct and then click Next to

proceed with the removal.6. The wizard proceeds to remove Active Directory. After it finishes, the wizard displays

a completion screen. Click Finish to close the wizard.

7. Click Restart to restart the domain controller

7/28/2019 AD Datase, GC, Schema Ques n Ans

4/6

What is the Global Catalog?The GC server is a DC that stores a copy ofall objects in its host domain, and a partial copy of objects in other domainsthroughout theforest.The partial copy contains objects that are most commonly searchedfor. Because the

GC contains a subset of information in Active Directory, less informationneeds to be replicated,and increases performance when users search for specific attributes of anobject.In addition to being used for searches, the GC is also used to resolve UPNsthat areused in authentication

What are the Functions of Global Catalog Server ?UPN Authentication

The UPN is meant to make logon and e-mail usage easier, since the two (youruseraccount and your e-mail address) are the same. An example of a UPN isBrian@syngress.com.The GC provides assistance when a user from a domainlogs on andthe DC doesnt know about the account.When the DC doesnt know theaccount, it generallymeans that the account exists in another domain.The GC will help in findingtheusers account in Active Directory.The GC server will help resolve the useraccount so theauthenticating DC can finalize logon for the user.

Directory Information Search

To help a user who is searching the database for an object, the GC answersrequestsfor the entire forest. Since the complete copy of every object available islisted in the GC,searches can be completed quickly and with little use of network bandwidth.

Universal Group Membership InformationWhen setting up your network, you will have certain features available basedon the ForestFunctional Level and Domain Functional Level. Universal Groups is one ofthese featuresthat will or will not be available depending on your functional level. If yourDomainFunctional Level is set to at least Windows 2000 Native or later, you will haveUniversalGroups available on your network. Universal Groups can have membersbelonging to variousdomains in the forest.Without a GC server, Universal Groups could notexist.That is

7/28/2019 AD Datase, GC, Schema Ques n Ans

5/6

because Universal Group membership is stored in the GC only.This meansthat every DCwill not have a copy of Universal Group membership; only the DCs serving asGC servershave this information.When a user logs on, his Universal Group membershipis checked.

The GC provides this information to the authenticating DC.Universal Group membership information is stored in all GC servers,

How to Find the Domain Controllers or Global Catalog Servers in a Site

Using a graphical user interface

1. Open the Active Directory Sites and Services snap-in.

2. In the right pane, expand the site that contains the domain controller.

3. For the list of domain controllers, expand the Servers container.

4. To find the global catalog servers, expand each domain controller, right-click on NTDS Settings, and

select Properties.

5. Global catalog servers will have the box checked beside Global Catalog.

Using a command-line interface

The following query finds all domain controllers in specified site.

dsquery server -site

To find only the global catalog servers in a site, use the same command with the -isgc option.

dsquery server -site -isgc

Using DNS

Go to the dns and forward lookup zones. Your domain, _sites, a specific

site, _tcp, all _gc -or-

Go to the dns and forward lookup zones. Your domain, _tcp, all _gc

Using Replmon.exe

If you need to determine which domain controllers are Global Catalog servers, the Windows2003 Support Tools includes a fantastic utility calledReplMon.exe(Replication Monitor). Connectto any domain controller usingReplMon, and right-click the server name. Choose Show Global CatalogServers in Enterprise to display a list of all Global Catalog servers in the entire forest.

7/28/2019 AD Datase, GC, Schema Ques n Ans

6/6

How many GCs you should have in your network.You should have at least 2 GCs in a site. It totally Depends upon how much yourclients generates traffic to the GCs. If you have Exchange Server in yourenvironment then you should have more GCs as Exchange server 2003 GeneratesHeavy traffic to GC by querying for Users, Groups and other resources.

How to view Active Directory Schema ?