Tech Interviews

7/31/2019 Tech Interviews

1/15

1. What are the required components of Windows Server 2003 for installing Exchange

2003? - ASP.NET, SMTP, NNTP, W3SVC2. What must be done to an AD forest before Exchange can be deployed? - Setup

/forestprep3. What Exchange process is responsible for communication with AD? - DSACCESS

4. What 3 types of domain controller does Exchange access? - Normal Domain Controller,Global Catalog, Configuration Domain Controller5. What connector type would you use to connect to the Internet, and what are the two

methods of sending mail over that connector? - SMTP Connector: Forward to smart hostor use DNS to route to each address

6. How would you optimise Exchange 2003 memory usage on a Windows Server 2003

server with more than 1Gb of memory? - Add /3Gb switch to boot.ini7. What would a rise in remote queue length generally indicate? - This means mail is not

being sent to other servers. This can be explained by outages or performance issues withthe network or remote servers.

8. What would a rise in the Local Delivery queue generally mean? - This indicates a

performance issue or outage on the local server. Reasons could be slowness in consultingAD, slowness in handing messages off to local delivery or SMTP delivery. It could also bedatabases being dismounted or a lack of disk space.

9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and

Global Catalog? - SMTP 25, POP3 110, IMAP4 143, RPC 135, LDAP 389,Global Catalog - 3268

10. Name the process names for the following: System Attendant? MAD.EXE,Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE

11. What is the maximum amount of databases that can be hosted on Exchange 2003

Enterprise? - 20 databases. 4 SGs x 5 DBs.12. What are the disadvantages of circular logging? - In the event of a corrupt database,

data can only be restored to the last backup.1. What is Active Directory schema?2. What are the domain functional level in Windows Server 2003?3. What are the forest functional level in Windows Server 2003?4. What is global catalog server?5. How we can raise domain functional & forest functional level in Windows Server 2003?6. Which is the deafult protocol used in directory services?7. What is IPv6?8. What is the default domain functional level in Windows Server 2003?9. What are the physical & logical components of ADS10. In which domain functional level, we can rename domain name?11. What is multimaster replication?12. What is a site?13. Which is the command used to remove active directory from a domain controler?14. How we can create console, which contain schema?15. What is trust?16. What is the file thats responsible for keep all Active Directory database?

Top of Form

Bottom of Form


2/15

42 Comments so far

1. Aneesh said,

The Active Directory schema contains formal definitions of every object class that can becreated in an Active Directory forest it also contains formal definitions of every attribute

that can exist in an Active Directory object.Active Directory stores and retrievesinformation from a wide variety of applications and services. So that it can store andreplicate data from a potentially infinite variety of sources, Active Directory standardizeshow data is stored in the directory. By standardizing how data is stored, the directoryservice can retrieve, update, and replicate data while ensuring that the integrity of the datais maintained.

2. kiran said,

1) Schema master is a set of rules which is used to define the struture of active directory. Itcontains definitions of all the objects which are stored in AD. It maintains information anddetail information of objects.

2) If there are many organisational units and to implement policy on all OU we useDomain level policy.

3)

4) Global Catalog Server maintains full information about its own domain and partialinformation about other domains. It is a forest wide role.

12) Sites: one or more well-connected highly reliable and fast TCP/IP subnets. A siteallows administrator to configure active directory access and replication topology to takeadvantage of the physical network.

13) dcpromo to add/remove active directory but first ADC should be removed before DC ifwe want to remove DC first then check this server is last domain controller in domain.

16) I think the answer for this is schema master.

3. Pinkesh said,

Can you explain us briefly Archeitecture of Windows 2000/2003?

4. Pinkesh said,

What are main differences in Windows NT and Windows 2000 Archeitecture ?

5. Muniraj said,

HII was just googling for Interview FAQs i got this URL as first choice

it is really dream come true situation for me because readily all possible questions andanswers are given.

Please send me if u have any FAQ on Exchnage Related.

Thanx and regardsMuniraj

6. shaik said,
http://www.techinterviews.com/?p=273#formhttp://www.techinterviews.com/?p=273#form


3/15

HII was just googling for Interview FAQs i got this URL as first choiceit is really dream come true situation for me because readily all possible questions andanswers are given.

Please send me if u have any FAQ on Exchnage Related.

Thanx and regards

shaik

7. SUVENDU said,

4.What is global catalog server?

A global catalog server is a domain controller it is a master searchable database thatcontains information about every object in everydomain in a forest. The global catalog contains a complete replica of allobjects in Active Directory for its host domain, and contains a partial replicaof all objects in Active Directory for every other domain in the forest.

It have two important functions:i)Provides group membership information during logon and authenticationii)Helps users locate resources in Active Directory

8. SUVENDU said,

4.What is global catalog server?

A global catalog server is a domain controller it is a master searchable database thatcontains information about every object in everydomain in a forest. The global catalog contains a complete replica of allobjects in Active Directory for its host domain, and contains a partial replicaof all objects in Active Directory for every other domain in the forest.

It have two important functions:i)Provides group membership information during logon and authenticationii)Helps users locate resources in Active Directory

9. SUVENDU said,

13 Which is the command used to remove active directory from a domain controler?

ANS DCPROMO in command prompt

10. SUVENDU said,

10. In which domain functional level, we can rename domain name?

All domain controllers must be running Windows Server 2003, and the Active Directory

functional level must be at the Windows Server 2003.Yes u can rename the domain in windows server 2003

11. irfan said,

User(s) are complaining of delays when using the network. What would you do?

12. shaik said,

hi
http://www.techinterviews.com/http://www.techinterviews.com/http://www.techinterviews.com/http://www.techinterviews.com/http://techinterview/http://www.techinterviews.com/http://www.techinterviews.com/http://www.techinterviews.com/http://www.techinterviews.com/http://techinterview/


4/15

15.NTDS.DIT14. we have to open the register to see the schema master fsmo roleregser 32 schmamgmt.9.Physical computers,sites,dcLogical user,o.us, etc.

6.Light wait directory Access Protocal (ldap)5. What ever changes done in D.c(domain Controlers) will effect at A.Dwe can call it as multimaster .

13. Kumar Ken said,

Hi15. To allow users in one domain to access resources in another, AD uses trust. Trust isautomatically produced when domains are created. The forest sets the default boundaries oftrust, not the domain, and implicit trust is automatic. As well as two-way transitive trust,AD trusts can be shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order to connect to other forests ornon-AD domains. AD uses the Kerberos V5 protocol, although NTLM is also supportedand web clients use SSL/TLS.

11.Multi-master replication is a method of replication employed by databases to transferdata or changes to data across multiple computers within a group. Multi-master replicationcan be contrasted with a master-slave method (also known as single-master replication).

7.Internet Protocol version 6 (IPv6) is a network layer IP standard used by electronicdevices to exchange data across a packet-switched internetwork. It follows IPv4 as thesecond version of the Internet Protocol to be formally adopted for general use.

14. hongsinh said,

What are the domain functional level in Windows Server 2003?15. Sarith said,

Please check this link :) this will help youh**p://technet2.microsoft.com/WindowsServer/en/library/b3674c9b-fab9-4c1e-a8f6-7871264712711033.mspx?mfr=true

16. Naresh Nimmagadda said,

ip v6it ia a 128 bit size addresshere we can see total 8 ocatates each octate size is 16 bits superated with :it is in hexa decimal formatethese 3 types1.unicast address2.multicast address3.anycast addressloopback address of ip v6 is ::1

17. Ramanand said,
http://www.sarith.com/http://www.sarith.com/


5/15

What is mean by dns,dhcp.?what is maen different between hub and switch ?what is meam by brodcast id?what is mean by loop back id?what is mean by schema ?

what is mean by master searchable directory18. Srikanth said,

10. In which domain functional level, we can rename domain name?

The System Properties dialog box can also be used to rename a domain controller, and itdoes not require the functional level to be raised to Windows Server 2003.

19. Renga Raju said,

1.What is Rsop ?Resultant set of policy is provid to make policy modification and trouble shooting easier.Rsop is the query object it has two mode 1.logging mode: Polls existing policies and the

reports the result of the query. 2.Planning mode: The questins ask about the planned policyand the report the result of the quer.2.What is the concept for authoritative and nonauthoritative restoration?1. Non-authoriative restore: which accept the entries from other domain controller after therestoed data.2.Authoritative: Not accept the entries from other domain controller.3.What is the ntds.tit file default size?40 mb

20. niraj said,


ANS i think DCPROMO in command prompt .11.What is multimaster replication?Ans. It is also known as single-master replication.Multi-master replication is a method of replication employed by databases to transfer dataor changes to data across multiple computers within a group. Multi-master replication canbe contrasted with a master-slave method.

21. Sachin said,

What is Multimaster replication?

In addition to storing primary zone information in Dns we can also store it in activedirectory as active directory object.This integrates Dns with active directory in order to

take advantage of active directory features

The benefits are1 zone can be modified from any domain controller within the domain and this informationis automatically updated or replicated to all the other domain controllers along with theactive directory replication.This replication is said to be multimaster replication.2.We no longer face the standard dns server drawbacks.


6/15

In standard dns server only the primary server can modify the zone and then replicate thechanges to other domain controllers(It was in windows NT4 before).But when Dns gets integrated with AD .Zone can be modified and replicated from anydomain controller.

3.Fault tolerance

4.Security

You can prevent access to any updates to zone or individual record preventing insecuredynamic updates.

22. Unnikrishnan said,


ANS : DCPROMO

23. Unnikrishnan said,

11 What is multimaster replication?

The two technologies in DFS are as follows:DFS Replication. New state-based, multimaster replication engine that is optimized forWAN environments. DFS Replication supports replication scheduling, bandwidththrottling, and a new byte-level compression algorithm known as remote differentialcompression (RDC).

DFS Namespaces. Technology that helps administrators group shared folders located ondifferent servers and present them to users as a virtual tree of folders known as anamespace. DFS Namespaces was formerly known as Distributed File System in Windows2000 Server and Windows Server 2003.

24. pavan said,

hi1)What is system boot process in windows and linux.2)how the hardware interact with OS.3)what is paging.

Thanks

25. Salman MW said,

8. The default domain functional level in Windows Server 2003 is Windows 2000 Mixed

10. We can rename domain name in Windows Server 2003 functional level

26. William Wood said,

16. NTDS.dit

27. jagjit singh said,

for removing active directory the command line is

dcpromo /forceremoval

28. Sanjay Patel said,


7/15

Removing Active Directory:1. If we want to remove Active Directory then we willuse commandDCPROMO2. If some one deleted parent domain and we want to

remove from child domain then we will use commandDCPROMO /FORCEREMOVALNote: - we should not remove parent domain first. weshould start from bottom means child domainand after that its parent and so on.


1. DNS(Domain Name Service):-Its mainly used to resolve from host name(FQDN-Fully Qualified Domain Name) to IPaddress and IP address to host name.DNS mainly used in Internet. DNS devide in form ofhierarchical.

2. DHCP(Dynamic Host Configuration Protocol):DHCP use for provide IP address dnamically to client machine. If that client not able tofind DHCP server then client machine will go for APIPA(We have range for APIPA whichis 169.254.0.1-169.254.255.254).

3. HUB and SWITCH:Switch is expencive than hub. If more then one user try to send packet at a time collisionwill occure but in switch we can send. Switch is full duplex. Maximum bandwidth is 100Mhz and that bandwidth is shared by all of the PCs connected to the hub. Data can be sent

in both directions simultaneously, the maximum available bandwidth is 200 Mbps, 100Mbps each way, and there are no other PCs with which the bandwidth must be shared.


3. HUB and SWITCH:Switch is expencive than hub. If more then one user try to send packet at a time collisionwill occure but in switch we can send. Switch is full duplex. In hub Maximum bandwidth is100 Mhz and that bandwidth is shared by all of the PCs connected to the hub. In switchdata can be sent in both directions simultaneously, the maximum available bandwidth is200 Mbps, 100 Mbps each way, and there are no other PCs with which the bandwidth

must be shared.31. Zahed said,

Hi,1.What is differnece between router and routing?2.What is dynamic routing and Static routing?



8/15

1. Difference between Router and Routing: --Router: -Router is a device which is used to connect different network. A device or setup that finds

the best route between any two networks, even if there are several networks to traverse.Like bridges, remote sites can be connected using routers over dedicated or switched linesto create WANs.Routing: --Process of delivering a message across one or more networks via the most appropriate path.

2. Dynamic Routing and Static Routing: --Dynamic routing performs the same function as static routing except it is more robust.Static routing allows routing tables in specific routers to be set up in a static manner sonetwork routes for packets are set. If a router on the route goes down the destination may

become unreachable. Dynamic routing allows routing tables in routers to change as thepossible routes change. There are several protocols used to support dynamic routingincluding RIP and OSPF

33. william wood said,

The schema is the component of the Active Directory directory service that defines all theobjects and attributes that the directory service uses to store data. You can combine someobjects in the schema to create more-complex definitions if objects of greater complexityare required. You can also add new definitions to the schema to support new types ofobjects in the directory.

34. Zahed said,

Hi, i want to know to total process to migrate from Windows NT server to Windows 2000server.

What are all the process will done when we start server tell me briefly which file work forwhich process.

Thnaks warm Regards,Zahed.

35. om said,

The schema is the component of the Active Directory directory service that defines all theobjects and attributes that the directory service uses to store data. You can combine some

objects in the schema to create more-complex definitions if objects of greater complexityare required. You can also add new definitions to the schema to support new types ofobjects in the directory.

36. omraj said,

Dynamic routing performs the same function as static routing except it is more robust.Static routing allows routing tables in specific routers to be set up in a static manner sonetwork routes for packets are set. If a router on the route goes down the destination may


9/15

become unreachable. Dynamic routing allows routing tables in routers to change as thepossible routes change. There are several protocols used to support dynamic routingincluding RIP and OSPF

37. vijay said,

The four domain functional levels are:

Windows 2000 MixedWindows 2000 NativeWindows Server 2003 InterimWindows Server 2003

Windows 2000 Mixed

When you configure a new Windows Server 2003 domain, the default domain functionallevel is Windows 2000 mixed.Under this domain functional level, Windows NT, 2000, and 2003 domain controllers aresupported. However,certain features such as group nesting, universal groups, and so on are not available.

Windows 2000 NativeUpgrading the functional level of a domain to Windows 2000 Native should only be doneif there areno Windows NT domain controllers remaining on the network. By upgrading to Windows2000 Native functional level,additional features become available including: group nesting, universal groups,SIDHistory, and the ability to convertsecurity groups and distribution groups.

Windows Server 2003 InterimThe third functional level is Windows Server 2003 Interim and it is often used when

upgrading fromWindows NT to Windows Server 2003. Upgrading to this domain functional level providessupport forWindows NT and Windows Server 2003 domain controllers. However, like Windows 2000Mixed, it does not provide new features.

Windows Server 2003The last functional level is Windows Server 2003. This domain functional level onlyprovides support forWindows Server 2003 domain controllers. If you want to take advantage of all the featuresincluded withWindows Server 2003, you must implement this functional level. One of the mostimportant features introducedat this functional level is the ability to rename domain controllers

38. Annveer N. Halkood said,

what are the types of name resolution?

how name resolution will take place?

what are the Groups?


10/15

what is DHCP Relay agent?

39. Thyagu said,

1.Active Directory schema is collection of object class and attributes.Eg user is an objectand its having alot attributes such as first name ,last name etcIt present in only one domain in a forest,schema master is having the ability to update thechanges in the Active directory schema.Schema Administrator only can access and edit the schema.

you cannot see the AD schema when you installed AD (dcpromo).

You need to run the registry file for schema in cmd mode :regsvr32.dll schmmgmt

Then you can see the Add -snap in wizard in mmc console ,there you can..

2.the domain functional level in Windows Server 2003

Domain fuctional level support only the windows domain controllers not client level o/s.

They are four:

windows 2000 mixed(by default) supports- win nt,win 2000,win2003.Windows 2000 native- supports- win 2000 ,win 2003Windows 2003 interim- supports ->win NT,win 2003Windows 2003 - supports-win 2003 only

3.forest functional level in Windows Server 2003There are threewindows 2000 mixed supports- win nt,win 2000,win2003.Windows 2000 native- supports- win 2000 ,win 2003Windows 2003 - supports-win 2003 only

4.Global CatalogIt is a searchable database Enginee.It is used to search the objects in a forest.In 2003

,Universal Group caching membership is available for speedy logon across domain. Portno:3268,3269It is also taking part of AD replication.

Sorry guys ,going out now i wll contlater

40. Thyagu said,

5.How we can raise domain functional & forest functional level in Windows Server 2003?

AD users and computers>domain functional level->choose DFL as per your environment.

AD Domain and Trust>Forest functional level>choose FFL as would your environment.

Note:once you have change the DFL and FFL,cannot be revert.

6.the deafult protocol used in directory services?LDAP.

8.Already answered

9.What are the physical & logical components of ADS

Physical->sites,domain controller

Logical ->Forest,domain,tree,ou


11/15

10.In which domain functional level, we can rename domain name

Windows 2003 dfl,you can rename the domain.

Note:Not recommended to rename the domain by Microsoft itself.You need to follow upthe proper procedure to prevent the further issue.Renaming is simple,but forecast issue islot.

11.multi-master replication

Whenever a change occurs to any object within an Active Directory domain, that change isreplicated automatically to all domain controllers within the domain. This process is calledmulti-master replication. Multi-master replication does not happen instantly across allservers simultaneously. Rather, it is a controlled process where each domain controller peeris updated and validated in a logically controlled procedure.

12.Site:

Site is one or more IP subnets.It contains connection objects and computer objects andmainly used for AD replication.

13.Dcpromo, the command used to remove active directory from a domain controler

14.Already answered.

15.Trust is relationship,between forest,domain.

16 NTDS.dit is the file thats responsible for keep all Active Directory database.

I have answered almost question.please let me if my answer is wrong.

41. PREM said,

The schema is the component of the Active Directory directory service that defines all theobjects and attributes that the directory service uses to store data. You can combine someobjects in the schema to create more-complex definitions if objects of greater complexity

are required. You can also add new definitions to the schema to support new types ofobjects in the directory.

42. MAK said,

What is a default forest functionl level when you install the root domain controller ?

1. Explain hidden shares. Hidden or administrative shares are share names with a dollar sign($) appended to their names. Administrative shares are usually created automatically for theroot of each drive letter. They do not display in the network browse list.

2. How do the permissions work in Windows 2000? What permissions does folder

inherit from the parent? When you combine NTFS permissions based on users and theirgroup memberships, the least restrictive permissions take precedence. However, explicitDeny entries always override Allow entries.

3. Why cant I encrypt a compressed file on Windows 2000? You can either compress it orencrypt it, but not both.

4. If I rename an account, what must I do to make sure the renamed account has the

same permissions as the original one? Nothing, its all maintained automatically.5. Whats the most powerful group on a Windows system? Administrators.


12/15

6. What are the accessibility features in Windows 2000? StickyKeys, FilterKeys Narrator,Magnifier, and On-Screen Keyboard.

7. Why cant I get to the Fax Service Management console? You can only see it if a faxhad been installed.

8. What do I need to ensure before deploying an application via a Group Policy? Make

sure its either an MSI file, or contains a ZAP file for Group Policy.9. How do you configure mandatory profiles? Rename ntuser.dat to ntuser.man10. I cant get multiple displays to work in Windows 2000. Multiple displays have to use

peripheral connection interface (PCI) or Accelerated Graphics Port (AGP) port devices towork properly with Windows 2000.

11. Whats a maximum number of processors Win2k supports? 212. I had some NTFS volumes under my Windows NT installation. What happened to

NTFS after Win 2k installation? It got upgraded to NTFS 5.13. How do you convert a drive from FAT/FAT32 to NTFS from the command line?

convert c: /fs:ntfs14. Explain APIPA. Auto Private IP Addressing (APIPA) takes effect on Windows 2000

Professional computers if no DHCP server can be contacted. APIPA assigns the computeran IP address within the range of 169.254.0.0 through 169.254.255.254 with a subnet maskof 255.255.0.0.

15. How does Internet Connection Sharing work on Windows 2000? Internet ConnectionSharing (ICS) uses the DHCP Allocator service to assign dynamic IP addresses to clientson the LAN within the range of 192.168.0.2 through 192.168.0.254. In addition, the DNSProxy service becomes enabled when you implement ICS.

16. How do you double-boot a Win 2003 server box? The Boot.ini file is set as read-only,system, and hidden to prevent unwanted editing. To change the Boot.ini timeout anddefault settings, use the System option in Control Panel from the Advanced tab and selectStartup.

17. What do you do if earlier application doesnt run on Windows Server 2003? When anapplication that ran on an earlier legacy version of Windows cannot be loaded during thesetup function or if it later malfunctions, you must run the compatibility mode function.This is accomplished by right-clicking the application or setup program and selectingProperties > Compatibility > selecting the previously supported operating system.

18. If you uninstall Windows Server 2003, which operating systems can you revert to?

Win ME, Win 98, 2000, XP. Note, however, that you cannot upgrade from ME and 98 toWindows Server 2003.

19. How do you get to Internet Firewall settings? Start > Control Panel > Network andInternet Connections > Network Connections.

20. What are the Windows Server 2003 keyboard shortcuts? Winkey opens or closes theStart menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TABmoves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves thefocus to the previous application in the taskbar. Winkey + B moves the focus to thenotification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorershowing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opensthe Search panel with Search for Computers module selected. Winkey + F1 opens Help.Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opensRun dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspxhttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8b42cf90-1e72-4579-b0ad-2e2b948ce31c.mspx


13/15

21. What is Active Directory? Active Directory is a network-based object store and servicethat locates and manages resources, and makes these resources available to authorizedusers and groups. An underlying principle of the Active Directory is that everything isconsidered an objectpeople, servers, workstations, printers, documents, and devices.Each object has certain attributes and its own security access control list (ACL).

22. Where are the Windows NT Primary Domain Controller (PDC) and its BackupDomain Controller (BDC) in Server 2003? The Active Directory replaces them. Now alldomain controllers share a multimaster peer-to-peer read and write relationship that hostscopies of the Active Directory.

23. How long does it take for security changes to be replicated among the domain

controllers? Security-related modifications are replicated within a site immediately. Thesechanges include account and individual user lockout policies, changes to password policies,changes to computer account passwords, and modifications to the Local Security Authority(LSA).

24. Whats new in Windows Server 2003 regarding the DNS management? When DCpromotion occurs with an existing forest, the Active Directory Installation Wizard contacts

an existing DC to update the directory and replicate from the DC the required portions ofthe directory. If the wizard fails to locate a DC, it performs debugging and reports whatcaused the failure and how to fix the problem. In order to be located on a network, everyDC must register in DNS DC locator DNS records. The Active Directory InstallationWizard verifies a proper configuration of the DNS infrastructure. All DNS configurationdebugging and reporting activity is done with the Active Directory Installation Wizard.

25. When should you create a forest? Organizations that operate on radically different basesmay require separate trees with distinct namespaces. Unique trade or brand names oftengive rise to separate DNS identities. Organizations merge or are acquired and namingcontinuity is desired. Organizations form partnerships and joint ventures. While access tocommon resources is desired, a separately defined tree can enforce more directadministrative and security restrictions.

26. How can you authenticate between forests? Four types of authentication are used acrossforests: (1) Kerberos and NTLM network logon for remote access to a server in anotherforest; (2) Kerberos and NTLM interactive logon for physical logon outside the usershome forest; (3) Kerberos delegation to N-tier application in another forest; and (4) userprincipal name (UPN) credentials.

27. What snap-in administrative tools are available for Active Directory? Active DirectoryDomains and Trusts Manager, Active Directory Sites and Services Manager, ActiveDirectory Users and Group Manager, Active Directory Replication (optional, availablefrom the Resource Kit), Active Directory Schema Manager (optional, available fromadminpak)

28. What types of classes exist in Windows Server 2003 Active Directory?1. Structural class. The structural class is important to the system administrator in

that it is the only type from which new Active Directory objects are created.Structural classes are developed from either the modification of an existingstructural type or the use of one or more abstract classes.

2. Abstract class. Abstract classes are so named because they take the form oftemplates that actually create other templates (abstracts) and structural and auxiliaryclasses. Think of abstract classes as frameworks for the defining objects.


14/15

3. Auxiliary class. The auxiliary class is a list of attributes. Rather than applynumerous attributes when creating a structural class, it provides a streamlinedalternative by applying a combination of attributes with a single include action.

4. 88 class. The 88 class includes object classes defined prior to 1993, when the 1988X.500 specification was adopted. This type does not use the structural, abstract, and

auxiliary definitions, nor is it in common use for the development of objects inWindows Server 2003 environments.29. How do you delete a lingering object? Windows Server 2003 provides a command called

Repadmin that provides the ability to delete lingering objects in the Active Directory.30. What is Global Catalog? The Global Catalog authenticates network user logons and fields

inquiries about objects across a forest or tree. Every domain has at least one GC that ishosted on a domain controller. In Windows 2000, there was typically one GC on every sitein order to prevent user logon failures across the network.

31. How is user account security established in Windows Server 2003? When an account iscreated, it is given a unique access number known as a security identifier (SID). Everygroup to which the user belongs has an associated SID. The user and related group SIDs

together form the user accounts security token, which determines access levels to objectsthroughout the system and network. SIDs from the security token are mapped to the accesscontrol list (ACL) of any object the user attempts to access.

32. If I delete a user and then create a new account with the same username and

password, would the SID and permissions stay the same? No. If you delete a useraccount and attempt to recreate it with the same user name and password, the SID will bedifferent.

33. What do you do with secure sign-ons in an organization with many roaming users?

Credential Management feature of Windows Server 2003 provides a consistent single sign-on experience for users. This can be useful for roaming users who move between computersystems. The Credential Management feature provides a secure store of user credentialsthat includes passwords and X.509 certificates.

34. Anything special you should do when adding a user that has a Mac? "Save password asencrypted clear text" must be selected on User Properties Account Tab Options, since theMacs only store their passwords that way.

35. What remote access options does Windows Server 2003 support? Dial-in, VPN, dial-inwith callback.

36. Where are the documents and settings for the roaming profile stored? All thedocuments and environmental settings for the roaming user are stored locally on thesystem, and, when the user logs off, all changes to the locally stored profile are copied tothe shared server folder. Therefore, the first time a roaming user logs on to a new systemthe logon process may take some time, depending on how large his profile folder is.

37. Where are the settings for all the users stored on a given machine? \Document andSettings\All Users

38. What languages can you use for log-on scripts? JavaScipt, VBScript, DOS batch files(.com, .bat, or even .exe)

39. Describe how the DHCP lease is obtained. Its a four-step process consisting of (a) IPrequest, (b) IP offer, IP selection and (d) acknowledgement.

40. I cant seem to access the Internet, dont have any access to the corporate network

and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask


15/15

is assigned to Windows machines running 98/2000/XP if the DHCP server is not available.The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).

41. Weve installed a new Windows-based DHCP server, however, the users do not seem

to be getting DHCP leases off of it. The server must be authorized first with the ActiveDirectory.

42. How can you force the client to give up the dhcp lease if you have access to the clientPC? ipconfig /release43. What authentication options do Windows 2000 Servers have for remote clients? PAP,

SPAP, CHAP, MS-CHAP and EAP.44. What are the networking protocol options for the Windows clients if for some reason

you do not want to use TCP/IP?NWLink (Novell), NetBEUI, AppleTalk (Apple).45. What is data link layer in the OSI reference model responsible for? Data link layer is

located above the physical layer, but below the network layer. Taking raw data bits andpackaging them into frames. The network layer will be responsible for addressing theframes, while the physical layer is reponsible for retrieving and sending raw data bits.

46. What is binding order? The order by which the network protocols are used for client-

server communications. The most frequently used protocols should be at the top.47. How do cryptography-based keys ensure the validity of data transferred across thenetwork? Each IP packet is assigned a checksum, so if the checksums do not match onboth receiving and transmitting ends, the data was modified or corrupted.

48. Should we deploy IPSEC-based security or certificate-based security? They are reallytwo different technologies. IPSec secures the TCP/IP communication and protects theintegrity of the packets. Certificate-based security ensures the validity of authenticatedclients and servers.

49. What is LMHOSTS file? Its a file stored on a host machine that is used to resolveNetBIOS to specific IP addresses.

50. Whats the difference between forward lookup and reverse lookup in DNS? Forwardlookup is name-to-address, the reverse lookup is address-to-name.

51. How can you recover a file encrypted using EFS? Use the domain recovery agent.

Tech Interviews

Documents

Transcript of Tech Interviews