Windows DNS Server Interview Questions

What is the main purpose of a DNS server?DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa.What is the port no of dns ?53.What is a Forward Lookup?Resolving Host Names to IP AddressesWhat is Reverse Lookup?Resolving IP Addresses to Host NamesWhat is a Resource Record?It is a record provides the information about the resources available in the N/W infrastructure.What are the diff. DNS Roles?Standard Primary, Standard Secondary, & AD Integrated.What is a Zone?Zone is a sub tree of DNS database.Secure services in your network require reverse name resolution to make it more difficult to launch successful attacks against the services. To set this up, you configure a reverse lookup zone and proceed to add records. Which record types do you need to create?PTR RecordsSOA records must be included in every zone. What are they used for?SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers.By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address?Performs a recursive search through the primary DNS server based on the network interface configurationWhat is primary, Secondary, stub & AD Integrated Zone?Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder. Maintains a read, write copy of zone database.Secondary Zone: - maintains a read only copy of zone database on another DNS server. Provides fault tolerance and load balancing by acting as backup server to primary server.Stub zone: - contains a copy of name server and SOA records used for reducing the DNS search orders. Provides fault tolerance and load balancing.How do you manually create SRV records in DNS?This is on windows server go to run ---dnsmgmt.msc rightclick on the zone you want to add srv record to and choose "other new record" and choose service location(srv).What is the main purpose of SRV records ?SRV records are used in locating hosts that provide certain network services.Before installing your first domain controller in the network, you installed a DNS server and created a zone, naming it as you would name your AD domain. However, after the installation of the domain controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the most likely cause of this failure ?The zone you created was not configured to allow dynamic updates. The local interface on the DNS server was not configured to allow dynamic updates.Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy clients ?The zone to be used for dynamic updates must be configured to allow dynamic updates. The DHCP server must support, and be configured to allow, dynamic updates for legacy clients.At some point during the name resolution process, the requesting party received authoritative reply. Which further actions are likely to be taken after this reply ?After receiving the authoritative reply, the resolution process is effectively over.Name 3 benefits of using AD-integrated zones.Active Directory integrated DNS enables Active Directory storage and replication of DNS zone databases. Windows 2000 DNS server, the DNS server that is included with Windows 2000 Server, accommodates storing zone data in Active Directory.When you configure a computer as a DNS server, zones are usually stored as text files on name servers that is, all of the zones required by DNS are stored in a text file on the server computer.These text files must be synchronized among DNS name servers by using a system that requires a separate replication topology and schedule called a zone transfer However, if you use Active Directory integrated DNS when you configure a domain controller as a DNS name server, zone data is stored as an Active Directory object and is replicated as part of domain replication.What are the benefits of using Windows 2003 DNS when using AD-integrated zones?If your DNS topology includes Active Directory, use Active Directory integrated zones. Active Directory integrated zones enable you to store zone data in the Active Directory database.Zone information about any primary DNS server within an Active Directory integrated zone is always replicated.Because DNS replication is single-master, a primary DNS server in a standard primary DNS zone can be a single point of failure. In an Active Directory integrated zone, a primary DNS server cannot be a single point of failure because Active Directory uses multimaster replication.Updates that are made to any domain controller are replicated to all domain controllers and the zone information about any primary DNS server within an Active Directory integrated zone is always replicated.Active Directory integrated zones:Enable you to secure zones by using secure dynamic update.Provide increased fault tolerance. Every Active Directory integrated zone can be replicated to all domain controllers within the Active Directory domain or forest. All DNS servers running on these domain controllers can act as primary servers for the zone and accept dynamic updates.Enable replication that propagates changed data only, compresses replicated data, and reduces network traffic. If you have an Active Directory infrastructure, you can only use Active Directory integrated zones on Active Directory domain controllers. If you are using Active Directory integrated zones, you must decide whether or not to store Active Directory integrated zones in the application directory partition.You can combine Active Directory integrated zones and file-based zones in the same design. For example, if the DNS server that is authoritative for the private root zone is running on an operating system other than Windows Server 2003 or Windows 2000, it cannot act as an Active Directory domain controller. Therefore, you must use file-based zones on that server. However, you can delegate this zone to any domain controller running either Windows Server 2003 or Windows 2000.You installed a new AD domain and the new (and first) DC has not registered its SRV records in DNS. Name a few possible causes.The machine cannot be configured with DNS client her own.The DNS service cannot be run.

What are the benefits and scenarios of using Stub zones?Understanding stub zonesA stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone.A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.A stub zone consists of:The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone. The IP address of one or more master servers that can be used to update the stub zone. The master servers for a stub zone are one or more DNS servers authoritative for the child zone, usually the DNS server hosting the primary zone for the delegated domain name.Use stub zones to:Keep delegated zone information current.By updating a stub zone for one of its child zones regularly, the DNS server hosting both the parent zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone.Improve name resolution.Stub zones enable a DNS server to perform recursion using the stub zone's list of name servers without needing to query the Internet or internal root server for the DNS namespace.Simplify DNS administration.By using stub zones throughout your DNS infrastructure, you can distribute a list of the authoritative DNS servers for a zone without using secondary zones. However, stub zones do not serve the same purpose as secondary zones and are not an alternative when considering redundancy and load sharing.There are two lists of DNS servers involved in the loading and maintenance of a stub zone:The list of master servers from which the DNS server loads and updates a stub zone. A master server may be a primary or secondary DNS server for the zone. In both cases, it will have a complete list of the DNS servers for the zone.The list of the authoritative DNS servers for a zone. This list is contained in the stub zone using name server (NS) resource records. When a DNS server loads a stub zone, such as widgets.example.com, it queries the master servers, which can be in different locations, for the necessary resource records of the authoritative servers for the zone widgets.example.com. The list of master servers may contain a single server or multiple servers and can be changed anytime.What is the "in-addr.arpa" zone used for?In a Domain Name System (DNS) environment, it is common for a user or an application to request a Reverse Lookup of a host name, given the IP address. This article explains this process. The following is quoted from RFC 1035: "The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network on the Internet."The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet addressing structure. "Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition to the IN-ADDR.ARPA suffix. Each label represents one octet of an Internet address, and is expressed as a character string for a decimal value in the range 0-255 (with leading zeros omitted except in the case of a zero octet which is represented by a single zero)."Host addresses are represented by domain names that have all four labels specified." Reverse Lookup files use the structure specified in RFC 1035.For example, if you have a network which is 150.10.0.0, then the Reverse Lookup file for this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the 150.10.0.0 network will have a PTR (or 'Pointer') entry in 10.150.IN- ADDR.ARPA referencing the host name for that IP address. A single IN- ADDR.ARPA file may contain entries for hosts in many domains. Consider the following scenario. There is a Reverse Lookup file 10.150.IN-ADDR.ARPA with the following contents: Exp : 1.20 IN PTR WS1.ACME.COM.What does a zone consist of & why do we require a zone?Zone consists of resource records and we require zone for representing sites.What is Caching Only Server?When we install 2000 & 2003 server it is configured as caching only server where it maintains the frequently accessed sites information and again when we access the same site for next time it is obtain from cached information instead of going to the actual site.What is forwarder?When one DNS server can?t receive the query it can be forwarded to another DNS once configured as forwarder.What is secondary DNS Server?It is backup for primary DNS where it maintains a read only copy of DNS database.How to enable Dynamic updates in DNS?StartProgramAdmin toolsDNS Zone properties.What are the properties of DNS server?INTERFACES, FORWARDERS, ADVANCED, ROUTINGS, SECURITY, MONITORING, LOGGING, DEBUG LOGGING.Properties of a Zone?General, SOA, NAMESERVER, WINS, Security, and ZONE Transfer.What is scavenging?Finding and deleting unwanted records.What are SRV records?SRV are the service records, there are 6 service records. They are useful for locating the services.What are the types of SRV records?MSDCS:Contains DCs information.TCP:Contains Global Catalog, Kerberos & LDAP information.UDP:Contains Sites information.Sites:Contains Sites information.Domain DNS Zone:Conations domain?s DNS specific information.Forest DNS zone:Contains Forest?s Specific Information.Where does a Host File Reside?c:\windows\system32\drivers\etc.What is SOA?Start of Authority: useful when a zone starts. Provides the zone startup information.What is a query?A request made by the DNS client to provide the name server information.What are the diff. types of Queries?Recursion, iteration.Tools for troubleshooting DNS?DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs.What is WINS server? where we use WINS server? difference between DNS and WINS?WINS is windows internet name service used to resolve the NetBIOS(computer name)name to IP address.This is proprietary for Windows.You can use in LAN.DNS is a Domain Naming System, which resolves Host names to IP addresses. It uses fully qualified domain names. DNS is an Internet standard used to resolve host names.What is new in Windows Server 2003 regarding the DNS management?When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory.If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.SOA records must be included in every zone. What are they used for?SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers.By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address? Performs a recursive search through the primary DNS server based on the network interface configuration.How do I clear the DNS cache on the DNS server?Go to cmd prompt and type ipconfig /flushdns .What is the main purpose of SRV records?SRV records are used in locating hosts that provide certain network services.What is the "." zone in my forward lookup zone?This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.Do I need to configure forwarders in DNS?No. By default, Windows 2000 DNS uses the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. Most of the time, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems.The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection. Windows Server 2003 DNS will query root hints servers if it cannot query the forwarders.Should I point the other Windows 2000-based and Windows Server 2003-based computers on my LAN to my ISP's DNS servers?No. If a Windows 2000-based or Windows Server 2003-based server or workstation does not find the domain controller in DNS, you may experience issues joining the domain or logging on to the domain. A Windows 2000-based or Windows Server 2003-based computer's preferred DNS setting should point to the Windows 2000 or Windows Server 2003 domain controller running DNS.If you are using DHCP, make sure that you view scope option #15 for the correct DNS server settings for your LAN.Do I need to point computers that are running Windows NT 4.0 or Microsoft Windows 95, Microsoft Windows 98, or Microsoft Windows 98 Second Edition to the Windows 2000 or Windows Server 2003 DNS server?Legacy operating systems continue to use NetBIOS for name resolution to find a domain controller; however it is recommended that you point all computers to the Windows 2000 or Windows Server 2003 DNS server for name resolution.What if my Windows 2000 or Windows Server 2003 DNS server is behind a proxy server or firewall?If you are able to query the ISP's DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.What should I do if the domain controller points to itself for DNS, but the SRV records still do not appear in the zone?Check for a disjointed namespace, and then run Netdiag.exe /fix.You must install Support Tools from the Windows 2000 Server or Windows Server 2003 CD-ROM to run Netdiag.exe.How do I set up DNS for a child domain?To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server.Note Windows Server 2003 has additional types of zones, such as Stub Zones and forest-level integrated Active Directory zones, that may be a better fit for your environment. Set the child domain controller to point to itself first. As soon as an additional domain controller is available, set the child domain controller to point to this domain controller in the child domain as its secondary.

Are you looking for a job as a system administrator? Or are you thinking about leaving your current position for a new job as a system administrator with a new company in a Microsoft multi-user computing environment?If you answered yes to either of those questions, then this article is for you! Any of the described technologies and questions below may be asked of you during an interview.A system administrator is responsible for managing a multi-user computing environment, such as a local area network (LAN). The responsibilities of the system administrator typically include installing and configuring system hardware and software, establishing and managing user accounts, upgrading software and performing backup and recovery tasks.The main responsibilities performed by a system administrator are:* Active Directory management (adding and configuring new workstations and setting up user accounts to provide authorizations)* Installing and updating system software* OS patching/upgrades* Preventing the spread of viruses and malicious programs* Allocating mass storage space* Reviewing system logs* System security management* Creating a backup and recovery policy* Performance monitoring and optimizationBefore facing any interview for a system administrator position, make sure that you have enough knowledge on these technologies:Basic Network Concepts:* Data communication and transmission techniques* Fundamentals of OSI and TCP/IP model* IP address classes* IP subnetting* IPv6 fundamentals* Basics of switchingMicrosoft Server Functionalities:* Active Directory Domain Controller (Read only DC , Child DC)* Active Directory Domain Services* DHCP Server* DNS* File and print server* Database storage server* Windows Deployment Services (WDS)* Group Policy management* Registry management* Hyper V* Schedule tasks (Backup, AD DS Backup)* High Availability Features (Failover Clustering, Network Load Balancing)Top Interview Questions for a System Administrator (Microsoft) Position:All of the questions below are very common and must be prepared for before facing any interview for a System-Server Administrator position.

Differences b/w Conditional Forwarding and Stub Zones.Ans:- Both do the same thing like forwarding the requests to appropriate name servers who are authoritative for the domains in the queries. However, there is difference in both, Stub Zone are Dynamic and Conditional forwarder are static.Conditional Forwarding Where you want DNS clients in separate networks to resolve each others names without having to query DNS servers on the Internet, such as in the case of a company merger, you should configure the DNS servers in each network to forward queries for names in the other network. DNS servers in one network will forward names for clients in the other network to a specific DNS server that will build up a large cache of information about the other network. When forwarding in this way, you create a direct point of contact between two networks DNS servers, reducing the need for recursion.Stub Zone-Stub-Zones are dynamic -A stub zone is like a secondary zone in that it obtains its resource records from other name servers (one or more master name servers). A stub zone is also read-only like a secondary zone, so administrators cant manually add, remove, or modify resource records on it. But the differences end here, as stub zones are quite different from secondary zones in a couple of significant ways.First, while secondary zones contain copies of all the resource records in the corresponding zone on the master name server, stub zones contain only three kinds of resource records: A copy of the SOA record for the zone. Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone.2) How AD Replication Works ?Ans:-http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx3) How DNS is important in AD replication?Ans:- Once DC gets its replication Partner Hostname then it queries DNS for IP Address. Also, _MSDCS zone is required for Domain Controller Locator that enables the client to locate the DC.For complete detailshttp://technet.microsoft.com/en-us/library/cc759550(WS.10).aspx4) Ports Required for Domain Controllers to communicate.Ans:-http://yourcomputer.in/list-port-numbers-windows/

5) What is GPT and GPC?Ans:- A GPO (Group Policy Object) is a collection of Group Policy settings, it consists of GPC and GPT.GPC (Group Policy Container)contains the information of property of GPO like Security Filtering, GPO Status, GPO GUID etc.GPT (Group Policy Template)contains the data of GPO in Sysvol folder that can be checked after the configuration of the GPO that what settings have been configured to the client.6) What is new in Microsoft Clustering 2008?Ans:-http://yourcomputer.in/whats-new-windows-server-2008-cluster/7) What is Majority Node Set?Ans:-A majority node set is a single quorum resource, from a server cluster perspective; however, the data is actually stored on multiple disks across the cluster. Each cluster node stores the configuration on a local disk it can have access to when it starts up. By default, the location is pointed to %systemroot%\cluster\ResourceGUIDFurther Explained :-http://yourcomputer.in/windows-cluster-interview-questions-and-answers/If the configuration of the cluster changes, that change is replicated across the different disks8) What is NLB?Ans:- NLB (Network Load Balance)is aMicrosoftimplementation ofclusteringandload balancingthat is intended to provide high availability and high reliability, as well as high scalability.http://technet.microsoft.com/en-us/library/cc779570(v=ws.10).aspx9) Difference Between Unicast and MulticastAns:-UnicastUnicast is a one-to one connection between the client and the server. Unicast uses IP delivery methods such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which are session-based protocols. When a Windows Media Player client connects using unicast to a Windows Media server, that client has a direct relationship to the server. Each unicast client that connects to the server takes up additional bandwidth. For example, if you have 10 clients all playing 100-kilobits per second (Kbps) streams, those clients as a group are taking up 1,000 Kbps. If you have only one client playing the 100 Kbps stream, only 100 Kbps is being used.MulticastMulticast is a true broadcast. The multicast source relies on multicast-enabled routers to forward the packets to all client subnets that have clients listening. There is no direct relationship between the clients and Windows Media server. The Windows Media server generates an .nsc (NetShow channel) file when the multicast station is first created. Typically, the .nsc file is delivered to the client from a Web server. This file contains information that the Windows Media Player needs to listen for the multicast. This is similar to tuning into a station on a radio. Each client that listens to the multicast adds no additional overhead on the server. In fact, the server sends out only one stream per multicast station. The same load is experienced on the server whether only one client or 1,000 clients are listeninghttp://support.microsoft.com/kb/29178610) What is new in Windows 2008 AD?Ans:-Read-Only Domain ControllersFine-Grained Password PoliciesRestartable Active Directory ServiceBackup and RecoverySYSVOL Replication with DFS-RAuditing ImprovementsUI Improvements11) How to configure RODC to replicate password of users?Ans:- You can add users in the PASSWORD REPLICATION POLICY tab of RODC computer properties12) What is the issue we face while recovering AD from VMware snapshot?13) Difference between Authoritative and Non-authoritative restore in AD?Ans:-http://yourcomputer.in/authoritative-vs-non-authoritative-restoration-of-active-directory14) What is new in Authoritative restoration in windows 2008?15) What is new in Windows Cluster 2008?Ans:-http://yourcomputer.in/whats-new-windows-server-2008-cluster/16) What is Strict Replication?Ans:-Strict Replication is a mechanism developed by Microsoft developers for Active Directory Replication. If a domain controller has the Strict Replication enabled then that domain controller will not get Lingering Objects from a domain controller which was isolated for more than the TombStone Life Time. TSL is 180 days by default on a Forest created with Windows Server 2003 SP1. A domain controller shouldnt be outof sync for more than this period. Lingering Objects may appear on other domain controllers if replication happens with the outdated domain controllers. These domain controllers will not replicate with the outdated domain controllers if you have set the below mentioned registry key.You must set the following registry setting on all the domain controllers to enable the Strict Replication: KEY Name:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters Registry Entry:Strict Replication Consistency Value:1 (enabled), 0 (disabled) Type:REG_DWORD17) What is Super Scope in DHCP?Ans:-Asuperscopeis an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity. With this feature, a DHCP server can: Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple logical IP networks are used. When more than one logical IP network is used on each physical subnet or network, such configurations are often calledmultinets. Support remote DHCP clients located on the far side of DHCP and BOOTP relay agents (where the network on the far side of the relay agent uses multinets).In multinet configurations, you can use DHCP superscopes to group and activate individual scope ranges of IP addresses used on your network. In this way, the DHCP server can activate and provide leases from more than one scope to clients on a single physical network.Superscopes can resolve specific types of DHCP deployment issues for multinets, including situations in which: The available address pool for a currently active scope is nearly depleted, and more computers need to be added to the network. The original scope includes the full addressable range for a single IP network of a specified address class. You need to use another range of IP addresses to extend the address space for the same physical network segment. Clients must be migrated over time to a new scope (such as to renumber the current IP network from an address range used in an existing active scope to a new scope that contains another range of IP addresses). You want to use two DHCP servers on the same physical network segment to manage separate logical IP networks.18) What is the requirement to configure Full memory Dump in windows?Ans:-To generate a complete memory dump file:1. ClickStart> right-clickComputerand selectPropertiesin the menu.2. ClickAdvanced > Settings > Startup and Recovery > Settings > Write debugging information > Complete memory dump.3. ClickOKtwice.19) Which DNS record is required for Replication?Ans:- Host A records of replication partners (Domain Controllers), Srv Records to find out the Domain Controllers GUID in _msdcs zone (DC Locator)20) Tools to analyze Memory Dump?Ans:-Windows Debugger (WinDbg.exe) toolDumpchk,exe21) Tools to troubleshoot Group Policy issues?Ans:- You can use AD inbuilt features to troubleshoot group policy issue like RSOP.msc or can run RSOP by selecting users in Active Directory users and computers, gpresult -v, gpt.ini in sysvol under Group Policy GUID folder can be checked to find out the GPO settings configured22) What AD parameters can be added to enable the Monitoring for AD?23) How to troubleshoot AD replication issues?Ans:- It can be troubleshooted by repmon command that generates the error result in eventvwr. DNS can be checked between two destination. Network/Firewall issue24) Booting sequence in windows 2008?Heres the brief description of Windows Server 2008 Boot process.1. System is powered on2. The CMOS loads the BIOS and then runs POST3. Looks for the MBR on the bootable device4. Through the MBR the boot sector is located and the BOOTMGR is loaded5. BOOTMGR looks for active partition6. BOOTMGR reads the BCD file from the \boot directory on the active partition7. The BCD (boot configuration database) contains various configuration parameters( this information was previously stored in the boot.ini)8. BOOTMGR transfer control to the Windows Loader (winload.exe) or winresume.exe in case the system was hibernated.9. Winloader loads drivers that are set to start at boot and then transfers the control to the windows kernel.25) How to edit Schema in AD?Ans:- Firstly,schmmgmt.dll has to be register. Then ADSIEdit tool can be used to edit schema.26) Difference between Windows 2003 & Windows 2008 boot processAns:-Windows 2003 Boot Process:1.POST2.The MBR reads the boot sector which is the first sector of the active partition.3.Ntldr looks path of os from boot.ini4.Ntldr to run ntdedetect.com to get information about installed hardware.5.Ntldr reads the registry files then select a hardware profile, control set and loads devicedrivers.6.After that Ntoskrnl.exe takes over and starts winlogon.exe which starts lsass.exeWindows Server 2008 Boot process.1. System is powered on2. The CMOS loads the BIOS and then runs POST3. Looks for the MBR on the bootable device4. Through the MBR the boot sector is located and the BOOTMGR is loaded5. BOOTMGR looks for active partition6. BOOTMGR reads the BCD file from the \boot directory on the active partition7. The BCD (boot configuration database) contains various configuration parameters( this information was previously stored in the boot.ini)8. BOOTMGR transfer control to the Windows Loader (winload.exe) or winresume.exe in case the system was hibernated.9. Winloader loads drivers that are set to start at boot and then transfers the control to the windows kernel.27) Name of utilities that is being used to check multipathingAns:- FCInfo utility or Storage Explorer (windows 2008) can be used to check the same.For complete details:http://yourcomputer.in/how-to-check-wwn-on-windows-server/28) How to create Host A record remotely?Ans:- dnscmd command can be used for creating a Resource Record on DNS server. Below is the command:dnscmd [] /recordadd 29) What is glue record?Ans:-Name servers in delegations are identified by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. If the name given in the delegation is a subdomain of the domain for which the delegation is being provided, there is acircular dependency. In this case the name server providing the delegation must also provide one or more IP addresses for the authoritative name server mentioned in the delegation. This information is calledglue. The delegating name server provides this glue in the form of records in theadditional sectionof the DNS response, and provides the delegation in theanswer sectionof the response.For example, if theauthoritative name serverfor example.org is ns1.example.org, a computer trying to resolve www.example.org first resolves ns1.example.org. Since ns1 is contained in example.org, this requires resolving example.org first, which presents a circular dependency. To break the dependency, the name server for thetop level domainorg includes glue along with the delegation for example.org. The glue records are address records that provide IP addresses for ns1.example.org. The resolver uses one or more of these IP addresses to query one of the domains authoritative servers, which allows it to complete the DNS query.30) What is Loopback Group Policy?Ans:-Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.

Q: What is Active Directory?A:Active Directory provides a centralised control for network administration and security. Server computers configured with Active Directory are known as domain controllers. Active Directory stores all information and settings for a deployment in a central database, and allows administrators to assign policies and deploy and update software.Q: What is a Domain?A:A domain is defined as a logical group of network objects (computers, users, devices) that share the same Active Directory database. A tree can have multiple domains.Q: What is Domain Controller?A:A domain controller (DC) or network domain controller is a Windows-based computer system that is used for storing user account data in a central database. It is the centrepiece of the Windows Active Directory service that authenticates users, stores user account information and enforces security policy for a Windows domain.A domain controller allows system administrators to grant or deny users access to system resources, such as printers, documents, folders, network locations, etc., via a single username and password.Q: What is Group Policy?A:Group Policy allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory service containers: sites, domains, or organizational units (OUs).Q: What are GPOs (Group Policy Objects)?A:A Group Policy Object (GPO) is a collection of settings that control the working environment of user accounts and computer accounts. GPOs define registry-based policies, security options, software installation and maintenance options, script options, and folder redirection options.There are two kinds of Group Policy objects:*Local Group Policy objectsare stored on individual computers.*Nonlocal Group Policy objects, which are stored on a domain controller, are available only in an Active Directory environment.Q: What is LDAP?A:LDAP (Light-Weight Directory Access Protocol) determines how an object in an Active Directory should be named. LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv2 and LDAPv3.Q: Where is the AD database stored?A:The AD database is stored in C:\Windows\NTDS\NTDS.DIT.Q: What is the SYSVOL folder?A:The SYSVOL folder stores the server copy of the domains public files that must be shared for common access and replication throughout a domain.All AD databases are stored in a SYSVOL folder and its only created in an NTFS partition. The Active Directory Database is stored in the %SYSTEM ROOT%NDTS folder.Q: What is Garbage collection?A:Garbage collection is the online defragmentation of the Active Directory which happens every 12 hours.Q: When do we use WDS?A:Windows Deployment Services is a server role used to deploy Windows operating systems remotely. WDS is mainly used for network-based OS installations to set up new computers.Q: What is DNS and which port number is used by DNS?A:The Domain Name System (DNS) is used to resolve human-readable hostnames like www.intenseschool.com into machine-readable IP addresses like 69.143.201.22.DNS servers use UDP port 53 but DNS queries can also use TCP port 53 if the former is not accepted.Q: What are main Email Servers and which are their ports?A:Email servers can be of two types:Incoming Mail Server (POP3, IMAP, HTTP)The incoming mail server is the server associated with an email address account. There cannot be more than one incoming mail server for an email account. In order to download your emails, you must have the correct settings configured in your email client program.Outgoing Mail Server (SMTP)Most outgoing mail servers use SMTP (Simple Mail Transfer Protocol) for sending emails. The outgoing mail server can belong to your ISP or to the server where you setup your email account.The main email ports are:* POP3 port 110* IMAP port 143* SMTP port 25* HTTP port 80* Secure SMTP (SSMTP) port 465* Secure IMAP (IMAP4-SSL) port 585* IMAP4 over SSL (IMAPS) port 993* Secure POP3 (SSL-POP) port 995Q: What do Forests, Trees, and Domains mean?A:Forests, trees, and domains are the logical divisions in an Active Directory network.A domain is defined as a logical group of network objects (computers, users, devices) that share the same active directory database.A tree is a collection of one or more domains and domain trees in a contiguous namespace linked in a transitive trust hierarchy.At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible.Q: Why do we use DHCP?A:Dynamic Host Configuration Protocol assigns dynamic IP addresses to network devices allowing them to have a different IP address each time they are connected to the network.Q: What are Lingering Objects?A:A lingering object is a deleted AD object that still remains on the restored domain controller in its local copy of Active Directory. They can occur when changes are made to directories after system backups are created.When restoring a backup file, Active Directory generally requires that the backup file be no more than 180 days old. This can happen if, after the backup was made, the object was deleted on another DC more than 180 days ago.Q: How can we remove Lingering Objects?A:Windows Server 2003 and 2008 have the ability to manually remove lingering objects using the console utility command REPADMIN.EXE.Q: Why should you not restore a DC that was backed up 6 months ago?A:When restoring a backup file, Active Directory generally requires that the backup file be no more than 180 days old. If you attempt to restore a backup that is expired, you may face problems due to lingering objects.Q: How do you backup AD?A:Backing up Active Directory is essential to maintain the proper health of the AD database.How to check AD configured properly?Ans: Check NTDS and SYSVOL shared folder at %systemroot%windows\.

2. How to transfer global catalog to another domain?Ans: We can not transfer the global catalog; we can only remove the global catalog from one server and enable other server as a global catalog.

3. How to configure global catalog server?Ans: Go to Active directory site and services and expand till your desire servers NTDS settings and then right click; property and check mark the Global catalog check box.

4. What are the fsmo roles and it gets down what will impact?Ans: Flexible Single Master Operation, There are five roles.Domain Naming Master (Forest wide role)Schema Master (Forest wide role)PDC Emulator (Domain wide role)RID Master (Domain wide role)Infrastructure Master (Domain wide role)

5. What is the RID pool?Ans: RID Master provides the RID (Relative Identifier) pool to Domain controller of the Domain. When an object is create in a domain, a Unique SID (Security ID) is assigned to it which consisting of a RID (Unique ID) and a SID (Common ID for all Object), A RID pool contain 500 RIDs.

6. How to check FSMO roles running on which server?Ans: By using DCdiag /test:Knowsofroleholders /v command.ii) Type Netdom query fsmo

7. How to transfer FSMO role one domain controller to another domain controller command prompt and GUI?Ans: Go to Start->Run->dsa.msc go the property of users and computers and transfer the RID, PDC, and Infrastructure roles.Go to Start Run->go to the property of the active directory domain and trust and transfer the Domain naming master roleFor transferring schema master role, first we have to register the schema master by using regsvr32 schmgmt.dll command in run. Than Go start Run MMCAdd Active directory schema and transfer the schema master role.

8. What is AD data base file and log file where it stored is and what is the use of log file?Ans: AD Data base is NTDS.DIT and its location is %system root%\windows\NTDS\ntds.dit. AD Log files are EDB.log ,EDB.chk and REG.log and the location of there files are %system root%\windows\NTDS\ntds.dit.

9. How to recover corrupted AD data base file?Ans:Its described very well in the articleavailable here.

10. Is it possible to rename domain name in windows 2003?Ans: Yes, We can rename the domain name in windows 2003.

11. What are the two types of replication?Ans: Inter-site replication, Intra-site replication.

12. What are the protocols used in replication?Ans:RPC and SMTP. Predominantly RPC is used. SMTP is not used as its not recommended for replication of Domain Partition.

Replication conflict is managed using a methoddescribed here. Read the full article several times and you would be happy that you got to know something very important.

13. What is default time for replication?Ans: KCC (Knowledge Consistency Checker) is the algorithm and the two protocols used are RPC over IP and SMTP over IP. They replicate in every 15 min.

14. What is the difference between the two types of replication i.e. intrasite and intersite?Intersite replication is for replication with in the site and Intra-site replication is for the replication between the sites.

15. What are replication partition and tell about partition?Ans: FSMO role PartitionSchema CN=Schema,CN=configuration, DC=Domain Naming Master CN=configuration,DC=PDC DC=RID DC=Infrastructure DC=Replication partitions are.Schema PartitionConfiguration PartitionDomain PartitionApplication Partition

16. Is application partition available in windows 2003?Ans: Yes, Windows 2003 contains application partition, mainly application partition contains the application information like: DNS

17. What is the DNS?Ans: Domain Naming System.Used to resolve the host name (FQDN) name to IP Address and Vice Versa

18. What are types of DNS and zones?(i)Primary DNS zone(ii)Secondary DNS zone(iii)Active directory integrated zone(IV)Stub zone

To know more about DNS please read the blog http://dnsfunda.blogspot.com

19. What is the Start of Authority (SOA) record and is its use?Ans:It contains information like the server name where the file was created (Primary DNS Server name), it Maintains the serial number and increments it after every change in the DNS Zone, stores Refresh interval and Retry interval time, maintains TTL of the records as well. Readthis article for more details.@ IN SOA nameserver.place.dom. postmaster.place.dom. ( 1 ; serial number 3600 ; refresh [1h] 600 ; retry [10m] 86400 ; expire [1d] 3600 ) ; min TTL [1h]

20. What are records available in dns?Ans: Address records, Host Records, MX Records, and CNAME records.

21. Explain about SRV, MX and CNAME records?ANS: SRVrecords point a client to the servers which are hosting a service. For example Active Directory Service.MXrecord points to the client to servers hosting mail service. MX stands for Mail Exchanger.CNAMErecord is a alias record for a name that already exists. Suppose there were two servers and both of them consolidated into one, in that case one name becomes useless. But any application dependent on unused name has to work, in that case we create an alias record which is the unused name pointing to the name in use. Hence the application keeps functioning.

22. Where DNS file stored and data base of DNS?Ans: %SYSTEMROOT%\Windows\System32\DNS

23. How do I configure DHCP Server and steps?ANS:If you have already installed DHCP on the server then follow the stepsmentionedin thisTrainsignal Article.

24. How to reserve IP address?Ans: We can assign a particular IP address to the MAC address of a machine using IP reservation in DHCP.

25. Why do we need two or more subnets?ANS:To segment or restrict/localize one type of traffic to one segment or subnet of the network.

26. If we have two different subnets then how do I configure it in single DHCP server?ANS: Two different scopes are created for two subnets.

27. What is the use of relay agent?A router drops the DHCP packet as its a broadcast packet. When we enable the relay agent option on the router it then lets the DHCP Broadcast packets pass through. Hence the relay agent helps in sending it over to the destined subnet.

28. What is the group policy?Ans: It is way to provide the desirable predefined environment to all users in an Active Directory environment and it is centrally manageable.

29. My requirement is to need disable USB port, how will you do?Through Group policy.

30. How to take a backup of group policy?Ans: We can use GPMC (Group Policy Management Console), right click on the GPO and select backup and take backup on destination folder

31. You are an administrator and my requirement is to configure active directory for four different locations. How will you plan it?Ans: Depending on the requirement I' ll configure one parent domain and three child domains, or One domain with four sites, or four different domains (least preferred).

32. What are the two modes a terminal server works in?ANS: User mode and applciation mode.

33. What is the default security group, groups give explanations?Ans:

34. You are maintaining remote servers that you can take remote but you cant ping them, how to troubleshoot?

35. What is use of Kerberos protocol?Ans: Kerberos protocol is an authentication protocol. When we login in an Active Directory environment its the protocol that is used to authenticate us.

36. What is the version Kerberos protocol?Ans: We are using Kerberos V 5.0.

37. What is the authentication protocol in Windows NT?Ans: Windows NT supported two kinds of challenge/response authentication:LanManager (LM) challenge/responseWindows NT challenge/response (also known as NTLM challenge/response)

38. What are RAID levels?Ans: Main RAID levels are RAID-0, RAID-1, RAID-5 and RAID-10.

39. Which RAID you will recommend and why?Ans: RAID-1 for O.S - mirroring RAID-5 for DATA partition- Stripe set with parity.

40. What are the different RAID1 and RAID 5?RAID-1:- In RAID-1 two hard disk are there and the data on one is mirrored to another. So even if one fails other one is there with the same data for service continuity.RAID-5: We can use minimum three hard disk and maximum depend upon RAID controller card, Data written on disk in stripes with distributed parity set.

41. What are the Different between and disk mirroring and disk duplexing?Ans:

Disk Mirroring:Disk mirroring (also known as RAID-1) is the practice of duplicating data in separate volumes on two hard disks to make storage more fault-tolerant. Mirroring provides data protection in the case of disk failure, because data is constantly updated to both disks. However, since the separate disks rely upon a common controller, access to both copies of data is threatened if the controller fails.

Disk Duplexing:Disk duplexing is a variation of disk mirroring in which each of multiple storage disks has its own SCSI controller. Disk duplexing overcomes this problem; the use of redundant controllers enables continued data access as long as one of the controllers continues to function.Since the controllers for each disk are different, one of the disks keeps working even if the other disk fails or one of the disk controller fails. So it gives us the luxury to plan for the downtime based on our convinience. Another benefit of disk duplexing is increased throughput. Using a technique known as a split seek, whichever disk can deliver the requested data more quickly responds. Multiple requests may also be split between the disks for simultaneous processing.

42. What is the dynamic disk?Dynamic disksprovide the ability to create volumes that span multiple disks (spanned and striped volumes) and the ability to create fault-tolerant volumes (mirrored and RAID-5 volumes).Dynamic disks offer greater flexibility for volume management because they use a database to track information about dynamic volumes on the disk and about other dynamic disks in the computer. Because each dynamic disk in a computer stores a replica of the dynamic disk database, for example, a corrupted dynamic disk database can repair one dynamic disk by using the database on another dynamic disk.

Dynamic disks are a separate form of volume management that allows volumes to have noncontiguous extents on one or more physical disks. Dynamic disks and volumes rely on the Logical Disk Manager (LDM) and Virtual Disk Service (VDS) and their associated features. These features enable you to perform tasks such as converting basic disks into dynamic disks, and creating fault-tolerant volumes. To encourage the use of dynamic disks, multi-partition volume support was removed from basic disks, and is now exclusively supported on dynamic disks.

The following operations can be performed only on dynamic disks:1) Create and delete simple, spanned, striped, mirrored, and RAID-5 volumes.2) Extend a simple or spanned volume.3) Remove a mirror from a mirrored volume or break the mirrored volume into two volumes.4) Repair mirrored or RAID-5 volumes.5) Reactivate a missing or offline disk.

43. What is disk striping?Ans:Disk stripingis the technique of spreading data over multiple disks. The data to be stored is divided into blocks and spread across several partitions on various hard disk. Disk striping is used with or without equivalence. Disk striping helps in improving the performance of the disk.

44. What are the backup types?Ans:(i) Normal or full Backup(ii) Deferential Backup(iii)Incremental Backup(iv)Copy backup(v)Daily Backup

45. Which type backup reset archive bits?Ans: The bit which has check mark on the folder whose backup has been done using normal backup method.

46. What is the use of DFS?Ans: Distributed File System, It is used for the fault tolerance because it makes the duplicate copy of every DFS root. Not only that the domain login process as well uses DFS to find out the nearest DC to login.

47. Do you know about FRS?Ans: File Replication Services.Example: Replication of SYSVOL folder.

48. What are difference between TCP and UDP protocol?Ans: TCP is a connection orientated protocol while UDP is not a connection orientated protocol.

49. What is different between HUB and Switch?Ans: HUB broadcast the data packet but Switches multicast the data packet into the network which reduces the collision of data packets.

50. Which layer of OSI model does the Router works in?Ans: One layer Three (Network layer)

51. You are going to migrate the domain how to plan?Ans:The answeris here.

52. For project requirement you going to share 20 folders what is the step you will take?53. What is the need of a VLAN?Ans: To divide/restrict the traffic into one segment of the network.

54. What kind ofprivilegeis required to transfer FSMO roles?Ans. logged-on user should be a member of the Enterprise Administrators group to transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.

55. Write down the command line to transfer all the FSMO roles to other server?Ans: Click Start, click Run, type ntdsutil in the Open box, and then click OKType roles, and then press ENTER.Type connections, and then press ENTER.Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.At the server connections prompt, type q, and then press ENTER.Type transfer role, where role is the role that you want to transfer. For example,To transfer the RID master role, type transfer schema masterTo transfer the RID master role, type transfer domain naming masterTo transfer the RID master role, type transfer rid masterTo transfer the RID master role, type transfer pdcTo transfer the RID master role, type transfer infrastructure master7. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt.

56. Write down the command line to seize all the FSMO roles to a server?Ans:Click Start, click Run, type ntdsutil in the Open box, and then click OKType roles, and then press ENTER.Type connections, and then press ENTER.Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.At the server connections prompt, type q, and then press ENTER.Type seize role, where role is the role that you want to seize. For example,To seize the RID master role, type seize schema masterTo seize the RID master role, type seize domain naming masterTo seize the RID master role, type seize rid masterTo seize the RID master role, type seize pdcTo seize the RID master role, type seize infrastructure master.7. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt.

57. Command for removing active directory?Ans: dcpromo /forceremoval

58. How to test whether a domain controller is also a global catalog server:

Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.

Double-click Sites in the left pane, and then locate the appropriate site or click Default-first-site-name if no other sites are available.

Open the Servers folder, and then click the domain controller.

In the domain controller's folder, double-click NTDS Settings.

On the Action menu, click Properties.

Describe how the DHCP lease is obtained.Its a four-step process consisting of (a)IP request, (b)IP offer, IP selectionand (d)acknowledgement.I cant seem to access the Internet, dont have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened?The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology isAPIPA (Automatic Private Internet Protocol Addressing).Weve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP leases off of it.The server must be authorized first with the Active Directory.How can you force the client to give up the dhcp lease if you have access to the client PC?ipconfig /releaseWhat authentication options do Windows 2000 Servers have for remote clients?PAP, SPAP, CHAP, MS-CHAP and EAP.What are the networking protocol options for the Windows clients if for some reason you do not want to use TCP/IP?NWLink (Novell), NetBEUI, AppleTalk (Apple).What is binding order?The order by which the network protocols are used for client-server communications. The most frequently used protocols should be at the top.How do cryptography-based keys ensure the validity of data transferred across the network?Each IP packet is assigned achecksum, so if thechecksumsdo not match on both receiving and transmitting ends, the data was modified or corrupted.Should we deploy IPSEC-based security or certificate-based security?They are really two different technologies.IPSec secures the TCP/IP communicationand protects the integrity of the packets. Certificate-based security ensures thevalidity of authenticated clients and servers.What is LMHOSTS file?Its a file stored on a host machine that is used toresolve NetBIOS to specific IP addresses.Whats the difference between forward lookup and reverse lookup in DNS?Forward lookup is name-to-address, the reverse lookup is address-to-name.How can you recover a file encrypted using EFS?Use thedomain recovery agent.What is the Difference between Windows 2003 standard Enterprise, Premium, Data center and Web Edition?WEB EDITION:To position windows server 2003 more competitively against other web servers, Microsoft has released a stripped-down-yet-impressive edition of windows server 2003 designed specially for web services. the feature set and licensing allows customers easy deployment of web pages, web sites, web applications and web services.Web Edition supports 2GB of RAM and a two-waysymmetric multiprocessor(SMP). It provides unlimited anonymous web connections but only 10inbound server message block(SMB)connections, which should be more than enough for contentpublishing. The server cannot be an internet gateway, DHCP or fax server. Although you can remotely administer the server with Remote Desktop, the server can not be a terminalserver in the traditional sense. The server can belong to a domain, but cannot be a domain controller. The included version of themicrosoft SQL server database Engine can support as many as 25 concurrent connections.How do you recover an object in Active Directory, which is accidentally deleted by you, with no backup?Usingntdsutil.execommand,we can restored the AD objects.What is the Logical / Physical Structures of the AD Environment?physical structure:Forest, Site, Domain, DClogical structure:Schema partition, configuration partition, domain partition and application partitionHow to change the windows xp product key if wrongly installed with other product key but you have originalproduct key? What you will do to Make your os as Genuine?Some third party software are available for this function or reinstall this systemIf 512mb Ram is there what will be the minimum and maximum Virtual memory for the system?To workout the total virtual memory (page file) required for windows XP you should take the amount of ram in the system and + 25% (512MB + 25% (128MB) = 640MB total virtual memory. by setting both the min and max to 640MB you can increase the performances of the operating system.What is LDAP?LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server.What is the SYSVOL folder?TheSysvolfolder on aWindows domain controlleris used to replicate file-based data among domain controllers. Because junctions are used within theSysvolfolder structure, Windows NT file system (NTFS) version 5.0 is required ondomain controllersthroughout a Windows distributed file system (DFS) forest.What are application partitions? When do we use them?Application Directory Partitionis apartition space in Active Directorywhich an application can use to store that application specific data. This partition is then replicated only to some specificdomain controllers.The application directory partition can contain any type of data except security principles (users, computers, groups).How do we Backup Active Directory?Backing up Active Directory is essential to maintain an Active Directory database.You can back up Active Directory by using the Graphical User Interface (GUI) and command-line tools that the Windows Server 2003family provides.You frequently backup the system state data on domain controllers so that you can restore the most current data. By establishing a regular backup schedule, you have a better chance of recovering data when necessary.To ensure a good backup includes at least the system state data and contents of the system disk, you must be aware of thetombstone lifetime. By default, thetombstoneis 60 days. Any backup older than 60 days is not a good backup. Plan to backup at least two domain controllers in each domain, one of at least one backup to enable anauthoritative restoreof the data when necessary.How do we restore AD?You cantrestore Active Directory (AD) to a domain controller (DC) while the Directory Service (DS) is running. To restore AD, perform the following steps.Reboot the computer.The computer will boot into a special safe mode and wont start the DS. Be aware that during this time the machine wont act as a DC and wont perform functions such as authentication.1. Start NT Backup.2. Select the Restore tab.3. Select the backup media, and select System State.4. Click Start Restore.5. Click OK in the confirmation dialog box.After you restore the backup, reboot the computer and start in normal mode to use the restored information. The computer might hang after the restore completes; Ive experienced a 30-minute wait on some machines.What are GPOs?Group Policygives you administrative control over users and computers in your network. By usingGroup Policy, you can define the state of a users work environment once, and then rely on Windows Server 2003 to continually force the Group Policy settings that you apply across an entire organization or to specific groups of users and computers.What domain services are necessary for you to deploy the Windows Deployment Services on yournetwork?Windows Deployment Services requires that a DHCP server and a DNS server be installed in the domainWhat is the difference between a basic and dynamic drive in theWindowsServer2008environment?A basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions (simple volumes).Dynamic disks consist of a single partition that can be divided into any number of volumes. Dynamic disks also supportWindows Server 2008 RAID implementations.What is the main purpose of a DNS server?DNS servers are used to resolve FQDN hostnames into IP addresses and vice versaCommonly Used DNS Records?A-Records (Host address)CNAME-Records (Canonical name for an alias)MX-Records (Mail exchange)NS-Records (Authoritative name server)PTR-Records (domain name pointer)SOA-Records (Start of authority)

What does Active Directory mean?A:The active Directory means a service that identifies and handles resources, making them visible for different groups or members that are authorized. It has the role of an object store. The Active directory sees as objects workstations, people, servers devices or documents and they all have their own characteristics and access control list or ACL.2.Q: What is the meaning of Global Catalog?A:A Global Catalog is something that each domain has, and it is used for authenticating the user on the network, on windows 2000 network logons were protected from failures by assigning a Global Catalog to every site.3.Q: What is the use for DHCP?A:DHCP is used for the DHCP servers, personal computers can get their configuration from a DHCP server on an IP configuration. The server knows nothing about the personal computers until they make a request for information. Usually the most common information sent is IP address and DHCP is used to make a large network administration easier.4.Q: What does a Super Scope do in DHCP?A:The Super Scope gives the DHCP server the possibility to have leases to multiple clients on the same physical network. The leases come from multiple scopes. All scopes must be defined using DHCP manager before the Super Scope creation and they are named member scopes. The DHCP problems can be resolved by the Super Scope in different ways like the following:a) on a physical network like a LAN network where multiple logical IP networks exist Super Scope is very useful here. These types of networks are also named multinets.b) there is also need for a Super Scope when the address pool for the current scope becomes empty and there is a need for new computers on the physical network.c) when clients have to move on another scope.d) when DHCP clients from the other side of the relay agents (BOOTP) or the network has many logical subnets.e) when standard networks are limited to leasing addresses for the clients.5.Q: How can we switch the roles in an Active Directory?A:Switching or transferring roles in an Active Directory can be made with the use of Ntdsutil.exe.6.Q: What is the purpose of a Stub zone DNS?A:The copy of a zone that has only the needed resources for finding the authoritative DNS servers in that specific zone (DNS= Domain Name Servers) is called a Stub zone. It also resolves names for DNS namespaces, thing required when names must be resolved from two different DNS namespaces. The Stub zone contains: the master servers IP that is used for updating the Stub zone and the SOA (Start of Authority), the NS (name server) and the glue A delegated zone records.5.Q: What main file is used for Active Directory backup and how it is made?A:Active Directory backup is made using NTbackup utility. The backup is made once with the system state and they are restored also together because they depend on each other. The system state has different components like:a) The registryb) Boot files or startup files (files required by the operating system to start).c) The component servicesd) The system volume or the SYSVOL folder this is a folder that contains files that are shared on a domain.e) The Active Directory6.Q: Does a windows administrator have to be critical?A:Yes and I can explain how. A system administrator is responsible for an entire network which means he/she must take care of multiple things in the same time which is not an easy task. In order to achieve this, an administrator must have high organization skills and a high technical knowledge and he/she must prevent the problems from happening so that he/she wont have to be forced to fix them.Complicated Windows System Administrator Interview Questions7.Q: In what way is forward lookup zone different from the reverse lookup zone in NDS?A:There is one difference between these two: the forward lookup means name to IP and reverse lookup means IP to name.8.Q: As a system administrator can you make backup and recovery of data?A:This is a responsibility that any system administrator must have assume as a basic skill. Of course there are many types of backup that can be made but all must be known for a successful career.9.Q: What is the meaning of DHCP and what is the port used by it to work?A:DHCP or Dynamic Host Configuration Protocol has the ability to assign an IP automatically, this is done in fact by the server and has a number range. When the system starts an IP is assigned automatically. The DHCP server has port number 68, while the client has 67.10.Q: Can you ensure an updated system all the time and perform market research?A:Staying up-to-date is another strong point of a professional administrator, technology evolves and we must keep up with the flow, otherwise we cant do our job in a professional way. Market research is the key to an up-to date work.11.Q: Is it possible for a computer to be able to browse the internet without having a default gateway?A:Yes it is as long as we use a public IP address. The gateway is required as a router or firewall when using an intranet address.12.Q: What are the advantages or disadvantages of using DHCP?A:The advantage is that the DHCP server configures all IPs automatically and the disadvantage is that when you receive a new IP address the machine name remains the same because of its association with the IP. Its not a real problem but when somebody tries to access the machine by its name it become one.13.Q: Are you familiar with monitoring?A:Yes, monitoring is a base activity of a system administrator, he/she manages all the access rights and the server space, security of the user accounts is one of the most important things here. Also an administrator must make sure that the users activity doesnt affect in any way the integrity of the server.14.Q: How can we create a SRV record in DNS?A:To do this we must open the DNS then we must select the abc.local domain the right click and we must go to Other New Records and the SRV ( choose location).15.Q: In how much time are the security changes applied on the domain controllers?A:Including policies for personal and public lockout, the changes apply immediately. The changes also include passwords and LSA or Local Security Authority.16.Q: What do you do if a an end user states that a file is gone?A:Files are deleted constantly by end users but the backup can restore them. Anyhow before using the backup we must check if the user didnt move the file by mistake in another place.Senior level Windows System Administrator Interview Questions17.Q: Where is the storage place of the environmental settings and documents from the roaming profile?A:These documents and settings are deposited locally until the users log off, when they are moved into the shared folder from the server so the log on at a fresh system may take a while because of this.18.Q: What are the classes that we can find in the Active Directory of Windows Server 2003?A: We can find:a) theabstract classwhich can be made to look like a template and create other templates, no matter if they are abstract, auxiliary or structural.b) the structural class is the important type of class that is made from multiple abstract classes or an existing structural class. They are the only ones that can make Active Directory objects.c) the auxiliary class is used as a replace for many attributes of a structural class, it is a list of attributes.d) The 88 class is used for objects classes that were defined before 1993 and it is not a common class, it doesnt use abstract, structural or auxiliary classes.19.Q: When is a good time for creating a forest?A:Certain companies that have different bases require different trees and separate namespaces. And unique names sometimes give birth to different identities of DNS. Also companies are sometimes acquired and get under other influences but the continuity must be preserved for the names.20.Q: Can you explain to us about you experience in the past regarding windows administration?A:I have ten years of experience in this field, I was passionate about computers since childhood and I installed many operating systems at home and inside organizations including these versions of windows: 95, 98, 98 SE, NT, Millenium, 2000, 2003 Server, XP, Seven, Vista. I also managed these systems and performed maintenance, I worked with different applications from the windows environment.21.Q: How can you handle a situation in which for instance if you have an application that is not running on Windows 2003 because its older?A:In this situation the application has to be started in the compatibility mode with a previously windows operating system. This is made by right clicking the application icon and choosing another Windows from the compatibility menu.22.Q: What is the meaning of Repadmin.exe from Windows Server 2008?A:Repadmin.exe means Replication Diagnostics Tool and helps for the diagnostic of domain controllers in the Windows system. This tool is used by administrators to see the replication topology from the perspective of every domain controller. The active Directory forest can also be supervised by Repadmin.exe and replication problems can be tracked.23.Q: What difference can we find in the usage of CSVDE versus LDIFDE?A:CSVDE and LDIFDE are both commands and are used for importing and exporting objects but they are different in the way that CSVDE uses the format CSV (Comma Separated Value) which is an Excel file for files and LDIFDE uses LDIF (LDAP Data Interchange Format) file type which can be viewed with a simple text editor. LDIFDE can be also used for editing or deleting objects unlike CSVDE.24.Q: What big differences exist between these two operating systems: Windows 2000 and Windows XP?A:Windows 2000 has more capabilities than Windows XP especially regarding features like DHCP, Terminal Services or DNS. It has all the advantages for server usage. Windows 2000 is a little more professional than XP, but they are both coming with different versions for every user taste. While XP has Home version, Professional or Enterprise, Windows 2000 has Professional and Server editions. The Home version of XP comes with minimal features because the target clients are beginners.25.Q: What are the things that make Unix different from Windows?A:The code loading runtime of Unix is different from the one that Windows has. We must become aware of how the system exactly works before we make a dynamically loading module. Unix has the shared objects with the .so extension that encapsulate lines of code that the programs will use and the functions names. These function names become the references of those functions in the memory of the program when the file is combined with the program. In Windows the .dll file (dynamic-link library file) doesnt have references and the code of the files does not link to the memory of the program but they get through a lookup table which points to data or functions. Unix has just one type of library file, with the .a extension and the code of many object file is contained within with the .o extension. When the link is created for a shared object file the definition of the identifier may not be found, so the object code from the library will be included.

1. What is the Difference Between DNS & WINS Servers?

Domain Name System (DNS) :1. It resolves Hostnames to IP addresses and vice versa2. It supports Hierarchical Structure for host names3. Host name up to 64 Characters (FQDN is up to 255 characters)4. It works with Windows and Unix5. DNS works with only TCP/IP protocol6. DNS is static in NT 4.0 and Dynamic in 2000 onwards

Windows Internet Name Service (WINS) :1. It resolves NetBIOS names to IP addresses and vice versa2. It supports Flat structure for NetBIOS names3. Host name is up to 15 characters (16th character indicates service)4. Works with only Windows5. Works with only TCP/IP Protocol6. It supports the Dynamic updation of the database

2. What is the Difference Between Disk Duplexing & Disk Mirroring?Disk Mirroring :Disk mirroring uses only one disk controller. In RAID1, or disk mirroring, one drive in the array acts as a "mirror" drive, backing up all the data on the primary drive on-the-fly.Disk Duplexing : It uses additional disk controller. Duplexing adds another disk controller. So in case one controller fails, the other can pick up without any interruption in service. Mirroring Data is copied from on-disk controller (channel) to two disk drivers. If one drive fails, the other is still operational. Duplexing Data is duplicated over two disk channels and stored on two drives. This method extends fault tolerance to the controller. Server duplexing This method provides fault tolerance by duplicating the entire file server. If one server fails, the other provides continuous service to users. For example, Novell's System Fault Tolerance provides server duplexing. Replication A strategy of duplicating critical files and directories from a server at one location to a server at another location to make that information more accessible to users at the remote location and also to provide redundancy and backup. See "Redundancy" and "Replication." Clustering A cluster is a group of servers that share access to the same resources and service clients equally. Should one of the servers go down, the others take up the processing load. Clustered servers may access the same disk systems, which may be mirrored or in a RAID configuration. See "Clustering." Mirror site A mirror site is a duplicate data center, located at another site, that contains duplicate systems and data. The duplicate data center should go into operation as the primary site if the master data center site fails for any reason. Companies running mission-critical applications will often create mirrored sites. See "Data Center Design."

3. How many types of Backups are available?

Backups are 5 Types:1. Normal or Full2. Daily3. Copy4. Incremental5. Differential

4. What is the Difference Between Differential Backup & Incremental Backup?

Incremental Backup resets the Archieve bits

Differential Backup doesnt reset the Archieve bits

5. Tell about the DHCP functionality?

DHCP client sends special broadcast packet to DHCP Discover Message Nearest DHCP server responds by sending DHCP offer message DHCP client sends a DHCP request message DHCP ACK message broadcasts by DHCP server DHCP client configures its TCP/IP stack by using address it accepted from the server.

6. Difference between Hub & Switch?HUB: Hub is a Layer 1 (L1) Device It works on shared Bandwidth It have One Broadcast domain & One collision domain It sends the packets to every active port in the HUB, so traffic is more. Useful in small network Environment

Switch: It is a Layer 2 (L2) Device. It have one Broadcast domain. It have many collision domains (Every port have its own collision domain) It sends the packets to only to the destination IP by learning the Destination IP. So traffic is less compared to Hub. Useful in Medium & Large networks.

7. We have 3 Hard disks with capacity of 2GB, 5GB and 4GB. If I implemented RAID 5, How much space available for User ?

RAID5 takes the minimum disk space as basic so it takes 2GB from every disk so 6GB is total disk available. In that 2GB is for Parity. So totally 4GB is available for User.

8.What is the Booting process of Windows 2000?

1. NTLDR runs and then calls NTDETECT.COM, it checks the computers hardware attributes (Type of vedio, hard disk, ports, memory and so on)2.Based on the results of the search, NTDETECT compiles a list of hardware. This information is placed in the Registry under the appropriate hardware keys.3.NTLDR reads an ASCII text file BOOT.INI to determine which other OS are on the hard disk. (This file created during setup, is located in the root directory of the boot partition.4.After the countdown period ends, the default OS in loaded5.NT starts the booting process by loading the low level drivers and services6. The GUI and higher drivers load, and NT logon security screen appears.

9. What is the Role of NTDETECT file?

NTDETECT.COM checks the computers hardware attributes (Type of vedio, hard disk, ports, memory and so on)

10. Which options are available in Windows Security Logon window?

Lock Computer, Logoff, Shutdown, Change Password, Task Manager, Cancel

11. What is hosts and lmhosts files explain?

Hosts file used for DNS to resolve Hostnames to IP Address and Vice Versa LMHOSTS file is used for WINS to resolve NetBIOS names to IP Address and Vice Versa

12. What h mode indicates in WINS?

In DHCP 4 Modes are available to resolve NetBIOS names to IP Address.1. B-Node (Broadcast) :2. P-Node (Peer-to-Peer):3. M-Node (Mixed):4. H-Node (Hybrid):

13. User locked the system and forget password. If we reset the password can the user able to logon immediately?

It is not possible in NT 4. Even if u change the password, user should restart the system. It is possible in 2003 server. There is no need to restart the PC

14. Basic difference between between PDC and BDC?

Primary Domain Controller (PDC):1. A single member computer of an NT Domain that is running Windows NT server.2. This maintains the SAM database for the Domains (R/W SAM Database)3. It Authenticates the logon users.4. It updates the SAM database in BDC

Backup Domain Controller (BDC):1. A member computer of an NT Domain that shares the load of user security2. This machine has to run windows NT server and maintains a copy of SAM database.3. The SAM database in BDC is Read only. It gets updated from PDC.3. Whenever PDC is down, We can promote the BDC as a PDC.

SAM: A protected sub system that operates and maintains the security accounts manager database

Security Accounts Manager (SAM) Database: the database that contains the user accounts, Passwords, and other settings for each user

15. Can we create users in BDC?

Yes. We can create the users in BDC, Whenever users are created in BDC immediately the changes are updated in PDC

16. What is EIGRP and IGRP?

Interior Gateway Routing Protocol (IGRP): Cisco Proprietary protocol. Distance Vector protocol Metric is Bandwidth of Delay Administrative distance 100 Classful Routing protocol Periodic Routing protocol (sends entire routing table to the neighbour router for every 90 secs) Does not supporting Subnetting Minimum HOP count 100 ( can go upto 255) Slow convergence Used for medium sized networks Uses AS numbers (1-65535)

Enhanced Interior Gateway Routing Protocol (EIGRP): Ciscos proprietary protocol Advance distance vector protocol Hybrid protocols (distance vector + link state) Metric is 5 Factors (Bandwidth, Delay, Reliability, Load Maximum, Transmission Unit) Works on basis of AS numbers AD Value 90 internal, 170 external It supports triggered update (whenever change in topology that particular information will sent) Supports subnetting Classless routing protocol It supports multiple network layer protocol It uses DUAL (Diffusion Update Algorithm) to select the best path Route is represented by D symbol It keeps 3 routing tables (Topology table, Neighbour table, Routing table) Auto summarization by default, but manual summarization is also possible.

17. What is RIP explain?

Routing Information Protocol (RIP): It is a standard protocol Distance Vector protocol Metric is HOP count Administrative distance 120 RIP Ver 1.0 does not supports subnetting, It is a Classfull routing protocol Periodic routing updates (sends entire routing table for every 30 secs) Does not supports subnetting Uses broadcast address 255.255.255.255 to send the updates Maximum HOP count is 15 Slow convergence Used for small inter networks RIP V 2.0 suports subnetting, It is a classless routing protocol, It sends updates through multicast address 224.0.0.9

18. What is difference between Router and Switch?

Router: It is a Layer 3 (L3) device It breaks broadcast + collision domains It forwards the packets to other networks

Switch: It is a Layer 2 (L2) device By default all the ports are in one broadcast domain It breaks the Collision domain (Every port have its own collision domain) It does not have WAN ports Only used in LAN environment

19.What is difference between L2 & L3 Switch?

L2 switch is used only for Switching L2 switch have one broadcast domain and breaks the Collision domain Static & Dynamic VLANs possible, but inter VLAN communication not possible

L3 switch is used for switching & routing purpose L3 switch breaks the Broadcast domain & Collision domain Static & Dynamic VLAN;s possible, Inter VLAN communication possible (Router) L3 switch can be used in LAN environment for fast throughput

20.What shows net use?

NET USE displays the present connected Mapped drives in the system

21.How can u map a folder by using Command Prompt?

NET USE Z: \\ap-ftpsrv\drivers

22. What is ADS and what are the Functions of ADS?

ADS is a Directory service which stores all the information in a central location. It provides the network accessibility to users, applications and administrators. In ADS everything is stored as an Object. It contains Class Objects and Attribute Objects All identical objects comes under one class ex. All users comes under User class Attributes are the properties of the Object ex. For user full name, logon name etc

Simplifies Management: Eliminates redundant management tasks. Provides a single-point of management for Windows user accounts, clients, servers, and applications as well as the ability to synchronize with existing directories. Reduces trips to the desktop. Automatically distributes software to users based on their role in the company, reducing or eliminating multiple trips that system administrators need to make for software installation and configuration. Better maximizes IT resources. Securely delegates administrative functions to all levels of an organization. Lowers total cost of ownership (TCO). Simplifies the management and use of file and print services by making network resources easier to find, configure, and use.

Strengthens Security: It improves password security and management. By providing single sign-on to network resources with integrated, high-powered security services that are transparent to end users. It ensures desktop functionality. By locking-down desktop configurations and preventing access to specific client machine operations, such as software installation or registry editing, based on the role of the end user. It speeds e-business deployment. By providing built-in support for secure Internet-standard protocols and authentication mechanisms such as Kerberos, public key infrastructure (PKI) and lightweight directory access protocol (LDAP) over secure sockets layer (SSL). It tightly controls security. By setting access control privileges on directory objects and the individual data elements that make them up.

Extends Interoperability: Takes advantage of existing investments and ensures flexibility. Standards-based interfaces to all features make use of investments and ensure flexibility for future applications and infrastructure. Consolidates management of multiple application directories. Using open interfaces, connectors, and synchronization mechanisms, organizations can consolidate directories including Novell's NDS, LDAP, ERP, e-mail, and other mission-critical applications. Allows organizations to deploy directory-enabled networking. Network devices from leading vendors such as Cisco and 3COM can use the directory to let administrators assign quality of service and allocate network bandwidth to users based on their role in the company. Allows organizations to develop and deploy directory-enabled applications. Using the fully extensible directory architecture, developers can build applications that deliver functionality tailored to the needs of the end user.

23. What are the 4 Partitions of the ADS, explain?

Naming Contexts and Directory Partitions:Each domain controller in an Active Directory forest includes directory partitions. Directory partitions are also known as naming contexts. A directory partition is a contiguous portion of the overall directory that has independent replication scope and scheduling data. By default, the Active Directory for an enterprise contains the following partitions: Schema Partition: Schema holds information on the definition of objects within the network. The schema partition contains the classSchema and attributeSchema objects that define the types of objects that can exist in the Active Directory forest. Every domain controller in the forest has a replica of the same schema partition.Defines rules for object creation and modification for all objects in the forest. Replicated to all domain controllers in the forest. Replicated to all domain controllers in the forest, it is known as an enterprise partition. Configuration Partition: Configuration partition holds information relating to the forest structure. The configuration partition contains replication topology and other configuration data that must be replicated throughout the forest. Every domain controller in the forest has a replica of the same configuration partition.Information about the forest directory structure is defined including trees, domains, domain trust relationships, and sites (TCP/IP subnet group). Replicated to all domain controllers in the forest, it is known as an enterprise partition. Domain Partition: The domain partition contains the directory objects, such as users and computers, associated with the local domain. A domain can have multiple domain controllers and a forest can have multiple domains. Each domain controller stores a full replica of the domain partition for its