Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
165 views

Active Directory Interview Questions and Answers

This document discusses interview questions and answers related to Active Directory. It begins with basic questions about what Active Directory is and its components like domains, domain controllers, forests, and schemas. It then discusses topics like LDAP, FSMO roles, and the Active Directory database files. The most important FSMO role is identified as the PDC because it is responsible for user logins, password changes, and time synchronization, so if it fails there would be an immediate impact. The document provides detailed explanations for each FSMO role.

Uploaded by

Ulaga Nathan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
165 views

Active Directory Interview Questions and Answers

This document discusses interview questions and answers related to Active Directory. It begins with basic questions about what Active Directory is and its components like domains, domain controllers, forests, and schemas. It then discusses topics like LDAP, FSMO roles, and the Active Directory database files. The most important FSMO role is identified as the PDC because it is responsible for user logins, password changes, and time synchronization, so if it fails there would be an immediate impact. The document provides detailed explanations for each FSMO role.

Uploaded by

Ulaga Nathan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

ActiveDirectoryInterviewQuestionsandanswers

ActiveDirectory(AD)RealTimeInterviewQuestionsandAnswers
IwouldliketosharesomeoftheWindowsActiveDirectoryInterviewQuestionsandanswers,willstartwith
basicquestionsandcontinuewithL1,L2,L3levelquestions
WhatisActiveDirectory?
ActiveDirectory(AD)isadirectoryservicedevelopedbyMicrosoftandusedtostoreobjectslikeUser,
Computer,printer,Networkinformation,ItfacilitatetomanageyournetworkeffectivelywithmultipleDomain
ControllersindifferentlocationwithADdatabase,abletomanage/changeADfromanyDomainControllersand
thiswillbereplicatedtoallotherDCs,centralizedAdministrationwithmultiplegeographicallocation
andauthenticatesusersandcomputersinaWindowsdomain
WhatisLDAPandhowtheLDAPbeenusedonActiveDirectory(AD)?WhatisTree?
TreeisahierarchicalarrangementofwindowsDomainthatshareacontiguousnamespace
WhatisDomain?
ActiveDirectoryDomainServicesisMicrosoftsDirectoryServer.Itprovidesauthenticationandauthorization
mechanismsaswellasaframeworkwithinwhichotherrelatedservicescanbedeployed
WhatisActiveDirectoryDomainController(DC)?
DomainControlleristheserverwhichholdstheADdatabase,AllADchangesgetreplicatedtootherDCand
visevase
WhatisForest?
ForestconsistsofmultipleDomainstrees.TheDomaintreesinaforestdonotformacontiguousnamespace
howevershareacommonschemaandglobalcatalog(GC)
WhatisSchema?
Activedirectoryschemaisthesetofdefinitionsthatdefinethekindsofobjectandthetypeofinformationabout
thoseobjectsthatcanbestoredinActiveDirectory
ActivedirectoryschemaisCollectionofobjectclassandthereattributes
ObjectClass=User
Attributes=firstname,lastname,email,andothers
Canwerestoreaschemapartition?TelmeabouttheFSMOroles?
SchemaMaster
DomainNamingMaster

InfrastructureMaster
RIDMaster
PDC
SchemaMasterandDomainNamingMasterareforestwideroleandonlyavailableoneoneachForest,Other
rolesareDomainwideandoneforeachDomain
ADreplicationismultimasterreplicationandchangecanbedoneinanyDomainControllerandwillget
replicatedtoothersDomainControllers,exceptabovefileroles,thiswillbeflexiblesinglemasteroperations
(FSMO),thesechangesonlybedoneondedicatedDomainControllersoitssinglemasterreplication
Howtocheckwhichserverholdswhichrole?
NetdomqueryFSMO
WhichFSMOroleisthemostimportant?Andwhy?
Interestingquestionwhichroleismostimportantoutof5FSMOrolesorifonerolefailsthatwillimpacttheend
userimmediately
MostarmatureadministratorspicktheSchemamasterrole,notsurewhymaybetheythoughSchemaisvery
criticaltoruntheActiveDirectory
CorrectanswerisPDC,nowthenextquestionwhy?WillexplainrolebyrolewhathappenswhenaFSMOrole
holderfailstofindtheanswer
SchemaMasterSchemaMasterneededtoupdatetheSchema,wedontupdatetheschemadailyright,
whenwillupdatetheSchema?Whilethetimeofoperatingsystemmigration,installingnewExchangeversion
andanyotherapplicationwhichrequiresextendingtheschema
SoifareSchemaMasterServerisnotavailable,wecantabletoupdatetheschemaandnowaythiswillgoing
toaffecttheActiveDirectoryoperationandtheenduser
SchemaMasterneedstobeonlineandreadytomakeaschemachange,wecanplanandhavemoretimeto
bringbacktheSchemaMasterServer
DomainNamingMasterDomainNamingMasterrequiredtocreatinganewDomainandcreatingan
applicationpartition,LikeSchemaMasterwedontcerateDomainandapplicationpartitionfrequently
SoifareDomainNamingMasterServerisnotavailable,wecantabletocreateanewDomainandapplication
partition,itmaynotaffecttheuser,usereventdidntawareDomainNamingMasterServerisdown
InfrastructureMasterInfrastructureMasterupdatesthecrossdomainupdates,whatreallyupdatesbetween
Domains?WheneveruserlogintoDomaintheTGThasbeencreatedwiththelistofaccessusergotthrough
groupmembership(usergroupmembershipdetails)italsocontaintheusermembershipdetailsfromtrusted
domain,InfrastructureMasterkeepthisinformationuptodate,itupdatereferenceinformationevery2daysby

comparingitsdatawiththeGlobalCatalog(thatswhywedontkeepInfrastructureMasterandGCinsame
server)
InasingleDomainandsingleForestenvironmentthereisnoimpactiftheInfrastructureMasterserverisdown
InaMultiDomainandForestenvironment,therewillbeimpactandwehaveenoughtimetofixtheissuebefore
itaffecttheenduser
RIDMasterEveryDCisinitiallyissued500RIDsfromRIDMasterServer.RIDsareusedtocreateanew
objectonActiveDirectory,allnewobjectsarecreatedwithSecurityID(SID)andRIDisthelastpartofaSID.
TheRIDuniquelyidentifiesasecurityprincipalrelativetothelocalordomainsecurityauthoritythatissuedthe
SID
Whenitgetsdownto250(50%)itrequestsasecondpoolofRIDsfromtheRIDmaster.IfRIDMasterServer
isnotavailabletheRIDpoolsunabletobeissuedtoDCsandDCsareonlyabletocreateanewobject
dependsontheavailableRIDs,everyDChasanywherebetween250and750RIDsavailable,sonoimmediate
impact
PDCPDCrequiredforTimesync,userlogin,passwordchangesandTrust,nowyouknowwhythePDCis
importantFSMOroleholdertogetbackonline,PDCrolewillimpacttheenduserimmediatelyandweneedto
recoverASAP
ThePDCemulatorPrimaryDomainControllerforbackwardscompatibilityanditsresponsiblefortime
synchronizingwithinadomain,alsothepasswordmaster.AnypasswordchangeisreplicatedtothePDC
emulatorASAP.IfalogonrequestfailsduetoabadpasswordthelogonrequestispassedtothePDCemulator
tocheckthepasswordbeforerejectingtheloginrequest.
TelmeaboutActiveDirectoryDatabaseandlisttheActiveDirectoryDatabasefiles?
NTDS.DIT
EDB.Log
EDB.Che
Res1.logandRes2.log
AllADchangesdidntwritedirectlytoNTDS.DITdatabasefile,firstwritetoEDB.Logandfromlogfileto
database,EDB.Cheusedtotrackthedatabaseupdatefromlogfile,toknowwhatchangesarecopiedto
databasefile.
NTDS.DIT:NTDS.DITistheADdatabaseandstoreallADobjects,Defaultlocationisthe%system
root%\nrds\nrds.dit,ActiveDirectorydatabaseengineistheextensiblestorageenginewhichusbasedonthe
Jetdatabase
EDB.Log:EDB.LogisthetransactionlogfilewhenEDB.Logisfull,itisrenamedtoEDBNum.logwherenumis
theincreasingnumberstartingfrom1,likeEDB1.Log

EDB.Che:EDB.Cheisthecheckpointfileusedtotracethedatanotyetwrittentodatabasefilethisindicatethe
startingpointfromwhichdataistoberecoveredfromthelogfileincaseiffailure
Res1.logandRes2.log:Resisreservedtransactionlogfilewhichprovidethetransactionlogfileenoughtime
toshutdownifthediskdidnthaveenoughspace
WhatRAIDconfigurationcanbeusedinDomainControllers?CanwekeepOS,logfiles,SYSVOL,AD
databaseonsamelogicalDisk?

You might also like