Q: What is Active Directory?

A: Active Directory provides a centralised control for network administration and security. Server
computers configured with Active Directory are known as domain controllers. Active Directory stores
all information and settings for a deployment in a central database, and allows administrators to assign
policies and deploy and update software.

Q: What is a Domain?

A: A domain is defined as a logical group of network objects (computers, users, devices) that share the
same Active Directory database. A tree can have multiple domains.

Q: What is Domain Controller?

A: A domain controller (DC) or network domain controller is a Windows-based computer system that
is used for storing user account data in a central database. It is the centrepiece of the Windows Active
Directory service that authenticates users, stores user account information and enforces security policy
for a Windows domain.

A domain controller allows system administrators to grant or deny users access to system resources,
such as printers, documents, folders, network locations, etc., via a single username and password.

Q: What is Group Policy?

A: Group Policy allows you to implement specific configurations for users and computers. Group
Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active
Directory service containers: sites, domains, or organizational units (OUs).

Q: What are GPOs (Group Policy Objects)?

A: A Group Policy Object (GPO) is a collection of settings that control the working environment of
user accounts and computer accounts. GPOs define registry-based policies, security options, software
installation and maintenance options, script options, and folder redirection options.

There are two kinds of Group Policy objects:

 Local Group Policy objects are stored on individual computers.

 Nonlocal Group Policy objects, which are stored on a domain controller, are available only in
an Active Directory environment.

Q: What is LDAP?

A: LDAP (Light-Weight Directory Access Protocol) determines how an object in an Active Directory
should be named. LDAP is the industry standard directory access protocol, making Active Directory
widely accessible to management and query applications. Active Directory supports LDAPv2 and
LDAPv3.

Q: Where is the AD database stored?

A: The AD database is stored in C:\Windows\NTDS\NTDS.DIT.

Q: What is the SYSVOL folder?

A: The SYSVOL folder stores the server copy of the domain’s public files that must be shared for
common access and replication throughout a domain.
All AD databases are stored in a SYSVOL folder and it’s only created in an NTFS partition. The
Active Directory Database is stored in the %SYSTEM ROOT%NDTS folder.

Q: What is Garbage collection?

A: Garbage collection is the online defragmentation of the Active Directory which happens every 12
hours.

Q: When do we use WDS?

A: Windows Deployment Services is a server role used to deploy Windows operating systems
remotely. WDS is mainly used for network-based OS installations to set up new computers.

Q: What is DNS and which port number is used by DNS?

A: The Domain Name System (DNS) is used to resolve human-readable hostnames like
www.intenseschool.com into machine-readable IP addresses like 69.143.201.22.

DNS servers use UDP port 53 but DNS queries can also use TCP port 53 if the former is not accepted.

Q: What are main Email Servers and which are their ports?

A: Email servers can be of two types:

Incoming Mail Server (POP3, IMAP, HTTP)

The incoming mail server is the server associated with an email address account. There cannot be more
than one incoming mail server for an email account. In order to download your emails, you must have
the correct settings configured in your email client program.

Outgoing Mail Server (SMTP)

Most outgoing mail servers use SMTP (Simple Mail Transfer Protocol) for sending emails. The
outgoing mail server can belong to your ISP or to the server where you setup your email account.

The main email ports are:

 POP3 – port 110

 IMAP – port 143
 SMTP – port 25
 HTTP – port 80
 Secure SMTP (SSMTP) – port 465
 Secure IMAP (IMAP4-SSL) – port 585
 IMAP4 over SSL (IMAPS) – port 993
 Secure POP3 (SSL-POP) – port 995

Q: What do Forests, Trees, and Domains mean?

A: Forests, trees, and domains are the logical divisions in an Active Directory network.

A domain is defined as a logical group of network objects (computers, users, devices) that share the
same active directory database.

A tree is a collection of one or more domains and domain trees in a contiguous namespace linked in a
transitive trust hierarchy.
At the top of the structure is the forest. A forest is a collection of trees that share a common global
catalog, directory schema, logical structure, and directory configuration. The forest represents the
security boundary within which users, computers, groups, and other objects are accessible.

Q: Why do we use DHCP?

A: Dynamic Host Configuration Protocol assigns dynamic IP addresses to network devices allowing
them to have a different IP address each time they are connected to the network.

Q: What are Lingering Objects?

A: A lingering object is a deleted AD object that still remains on the restored domain controller in its
local copy of Active Directory. They can occur when changes are made to directories after system
backups are created.

When restoring a backup file, Active Directory generally requires that the backup file be no more than
180 days old. This can happen if, after the backup was made, the object was deleted on another DC
more than 180 days ago.

Q: How can we remove Lingering Objects?

A: Windows Server 2003 and 2008 have the ability to manually remove lingering objects using the
console utility command REPADMIN.EXE.

Q: Why should you not restore a DC that was backed up 6 months ago?

A: When restoring a backup file, Active Directory generally requires that the backup file be no more
than 180 days old. If you attempt to restore a backup that is expired, you may face problems due to
lingering objects.

1. What is Global Catalog Server?

Global Catalog server is the server which keeps the stores the details of each object created in the
forest. Global Catalog is the master searchable index to all objects in forest.

2. What is the size of log file which created before updating into ntds.dit and the total number of
files?

Three Log files Names

Edb.log
Res1.log
Res2.log
Each initially 10 MB

3. Can GC Server and Infrastructure place in single server? If not explain why?

No, As Infrastructure master does the same job as the GC. It does not work together.

4. What does SYSVOL contains?

SysVol Folder contains the public information of the domain & The information for replication
Ex: Group policy object & scripts can be found in this directory.
5. Which is service in windows server responsible for replication of Domain controller to another
domain controller. ?
KCC generates the replication topology.
Use SMTP / RPC to replicate changes.

6. How data will travel between sites in ADS replication?

As determined in the site connectors

7. What is the port number for SMTP, Kerberos, LDAP, and GC Server??
SMTP 25, Kerberos 88, GC 3268, LDAP 389

8. What Intrasite and Intersite Replication?

Intrasite is the replication within the same site & intersite the replication between sites.

9. What is lost & found folder in ADS?

It’s the folder where you can find the objects missed due to conflict.
Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find
the OU then it will put that in Lost & Found Folder.

10. What is Garbage collection?

Garbage collection is the process of the online defragmentation of active directory. It happens every 12
Hours.

11. What System State backup data contains?

Contains Startup files,
Registry
Com + Registration Database
Memory Page file
System files
AD information
Cluster Service information
SYSVOL Folder
12. How do you restore a particular OU which got deleted by accident?
Go authoritative restore

13. What is IPSec Policy?

IPSec provides secure gateway-to-gateway connections across outsourced private wide area network
(WAN) or Internet-based connections using L2TP/IPSec tunnels or pure IPSec tunnel mode.
IPSec Policy can be deployed via Group policy to the Windows Domain controllers 7 Servers.
14. What is the order of applying Group Policy?
Local Policy.
Site Policy.
Domain Policy.
OU Policy.

15. What are the new features in Windows Server 2012 R2 related to ADS?
ADS:

IT administrators can allow devices to be associated with the company’s Active Directory and use this
association as a seamless second factor authentication.
Enable users to use single sign-on (SSO) from devices that are associated with the company’s Active
Directory.

Enable users to connect to applications and services from anywhere with Web Application Proxy.

Manage the risk of users working from anywhere, accessing protected data from their devices, with
Multi-factor Access Control and Multi-Factor Authentication (MFA).

16. How to edit the Schema in ADS?

ADSI Edit

17. What is Domain Local, Global Group, Universal group?

Domain Local – Only Users with in Domain
Global groups are used to grant permissions to objects in any domain in the domain tree or forest.
Members of global groups can include only accounts and groups from the domain in which they are
defined.
Universal groups are used to grant permissions on a wide scale throughout a domain tree or forest.
Members of global groups include accounts and groups from any domain in the domain tree or forest.

18. What does mean by root DNS servers?

Public DNS servers Hosted in the Internet which registers the DNS

19. What are the different records in DNS?

A – Address record
MX – Mail Server Record
NS – Name Server
CNAME – Canonical name / Alias
SOA – Start of authority

20. What is a SOA record?

Start of authority – authorized DNS in the domain

21. What is RsOP?

RsOP is the resultant set of policy applied on the object (Group Policy)

22. What is default lease period for DHCP Server?

8 days Default

23. What is the process of DHCP clients for getting the ip address?
Discover – Order – Receive – Acknowledge

24. What is multicast?

Multicast scopes enable you to lease Class D IP addresses to clients for participation in multicast
transmissions, such as streaming video and audio transmissions.
25. What is superscope?
Superscope enables you to group several standard DHCP scopes into a single administrative group
without causing any service disruption to network clients.