tag:blogger.com,1999:blog-39343007947371422852024-03-06T06:41:19.634+05:30System Administrator Interview Questions and AnswersNishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comBlogger111125tag:blogger.com,1999:blog-3934300794737142285.post-85424087566944244872016-07-28T21:30:00.003+05:302016-07-28T21:30:54.914+05:30How do you view all the GCs in the forest?
DSQUERY server can be used to locate global catalogs
To search the entire forest
dsquery server -forest -isgc
To locate global catalogs in your current (logon) domain
dsquery server -isgc
To locate global catalogs in a specific domain
dsquery server -domain NISHANT.BIZ -isgc
Here, you search for global catalog servers in the tech.cpandl.com Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-12898552003655898592016-07-28T21:27:00.001+05:302016-07-28T21:27:27.820+05:30How to Add or Remove the Global Catalog?
You can use the Active Directory Sites and Services snap-in to add or remove the global catalog.
Open Active Directory Sites and Services. (Click Start, click Administrative Tools, and then click Active Directory Sites and Services.
In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-32958388390884080412016-07-28T21:21:00.000+05:302016-07-28T21:21:03.907+05:30What is the Global Catalog?
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain
Active Directory Domain Services (AD DS) forest.
The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication.
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-20502801008404860602016-07-28T21:19:00.001+05:302016-07-28T21:19:14.233+05:30How do you view replication properties for AD partitions and DCs?
You can use the Active Directory Replication Status Tool (ADREPLSTATUS) or Repadmin command line tool to view the replication.
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-92117946827940743872016-07-28T21:15:00.000+05:302016-07-28T21:15:38.874+05:30How do you create a new application partition?
You can create an application directory partition by using the create nc option in the domain management (partition management in
windows 2008) menu of Ntdsutil. When creating an application directory partition using LDP or ADSI, provide a description in the description attribute of
the domain DNS object that indicates the specific application that will use the partition. For Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-62506359665705201142016-07-27T20:43:00.002+05:302016-07-27T20:43:59.131+05:30What are application partitions? When do I use them?
An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates
in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003
can host a replica of an application directory partition.
Application Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-25448190714687220692016-07-27T20:42:00.000+05:302016-07-27T20:42:13.712+05:30What is Active Directory Naming Context or Directory Partition?
Each domain controller in a domain forest controlled by Active Directory Domain Services includes directory partitions. Directory partitions are also known
as naming contexts. A directory partition is a contiguous portion of the overall directory that has independent replication scope and scheduling data. By
default, the Active Directory Domain Service for an enterprise contains theNishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-16133842261096651692016-07-27T20:36:00.002+05:302016-07-27T20:36:53.542+05:30How to recover a deleted file from SYSVOL folder?
Microsoft Windows 2003 Server domain controllers use the File Replication service (FRS) to automatically replicate data between domain controllers. In
Windows 2003 Server, the contents of the Sysvol folder are replicated to all the domain controllers in your organization. The Sysvol folder stores logon
scripts, default domain profiles, and system policies. If a change is made to a Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-20037942675791881052016-07-27T20:31:00.003+05:302016-07-27T20:31:32.577+05:30What is the SYSVOL folder?
System Volume (SYSVOL) is a shared directory that stores the server copy of the domain public files (Policies and scripts) that must be shared for common access and replication throughout a domain. It must be located in NTFS volume (because junctions are used within the SYSVOL folder structure)
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-81151278338002012822016-07-21T19:47:00.000+05:302016-07-21T19:47:04.664+05:30Where is the AD database held? What other files are related to AD?
The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. Main database file for active directory isntds.dit. Along with this file there are other files also present in this folder. These files are created when you run dcpromo. These are the main files controlling the AD structure
ntds.dit
: This is the main database file for active directory.
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-53135912090288155302016-07-21T19:07:00.000+05:302016-07-21T19:07:15.700+05:30How to verify an Active Directory installation?
Default containers
: These are created automatically when the first domain is created. Open Active Directory Users and Computers, and then verify that the following
containers are present: Computers, Users, and ForeignSecurityPrincipals.
Default domain controllers organizational unit
: This holds the first domain controller, and additionally serves as the default containerNishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-52758071878887370102016-07-21T16:10:00.003+05:302016-07-21T16:10:57.734+05:30What is New in Windows Server 2016 Active Directory?
Privileged access management:
Privileged access management (PAM) helps mitigate security concerns for Active Directory environments that are caused by credential theft techniques such
pass-the-hash, spear phishing, and similar types of attacks. It provides a new administrative access solution that is configured by using Microsoft
Identity Manager (MIM). PAM introduces:
ANishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-47609672306556652422016-07-21T16:04:00.000+05:302016-07-21T16:04:16.812+05:30What is New in Windows Server 2012 R2 Active Directory?
Join personal devices to the workplace
: Windows Server 2012 R2 allows users to join their personal devices, both Windows devices and iOS devices, to Active Directory. When a personal device
is Workplace-Joined, it will provide second-factor authentication and single sign-on (SSO) to corporate resources and applications.
Provide users access to Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-55547296013178187582016-07-21T15:36:00.002+05:302016-07-21T15:36:47.153+05:30What is New in Windows Server 2012 Active Directory?
GUI for Recycle Bin
GUI for Fine-Grained Password Policies
Dynamic Access Control (DAC):
Windows Server 2008 R2 brought the File Classification Infrastructure (FCI). This version's DAC adds far greater functionality to the (optional) second
layer of FCI resource authorization.
Windows PowerShell History Viewer
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-25174419295676767172016-07-21T15:27:00.000+05:302016-07-21T15:27:42.446+05:30What is New in Windows Server 2008 R2 Active Directory?
Active Directory Recycle Bin
Active Directory module for Windows PowerShell
Active Directory Administrative Center
Active Directory Best Practices Analyzer
Active Directory Web Services
Authentication mechanism assurance: Authentication mechanism assurance makes it possible for applications to control resource access based on authentication strength and Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-80434386901068625572016-07-21T14:13:00.001+05:302016-07-21T14:13:27.099+05:30What is New in Windows Server 2008 Active Directory?
AD DS includes many new features that are not available in previous versions of Windows Server Active Directory. These new features make it possible for
organizations to deploy AD DS more simply and securely and to administer it more efficiently.
AD DS: Auditing
AD DS: Fine-Grained Password Policies
AD DS: Read-Only Domain Controllers
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-37123740872808308962016-07-14T21:26:00.002+05:302016-07-14T21:26:58.833+05:30How do you change the Directory Service Restore Mode aka DSRM password?
In Windows Server 2003 onwards, Directory Service Restore Mode password can be changed by Ntdsutil utility. Steps are as follows -
Click, Start, click Run, type ntdsutil, and then click OK.
At the Ntdsutil command prompt, type set dsrm password.
At the DSRM command prompt, type one of the following lines:
To reset the password on the server on which you are workingNishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-54687739271885964342016-07-14T21:06:00.004+05:302016-07-14T21:06:33.803+05:30Why we need netlogon?
It maintains a secure channel between the computer and the domain controller for authenticating users and services. If this service is stopped the computer may not authenticate users and services, and the domain controller can’t register DNS records.
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-83303768682193753102016-07-14T21:04:00.003+05:302016-07-14T21:04:55.928+05:30What is the default Active Directory Built in groups?
Groups in the Builtin container
- Account Operators
- Administrators
- Backup Operators
- Guests
- Incoming Forest Trust Builders
- Network Configuration Operators
- Performance Monitor Users
- Performance Log Users
- Pre-Windows 2000 Compatible Access
- Print Operators
- Remote Desktop Users
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-49340107755062810212016-07-14T21:00:00.004+05:302016-07-14T21:00:53.271+05:30What is AD DS Best Practices Analyzer?
Active Directory Domain Services (AD DS) Best Practices Analyzer (BPA) is a server management tool that can help you implement best practices in the configuration of your Active Directory environment. AD DS BPA scans the AD DS server role as it is installed on your Windows Server 2008 R2 domain controllers, and it reports best practice violations.
You can filter or exclude results from AD DS Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-5385163813632726232016-07-14T20:59:00.004+05:302016-07-14T20:59:36.163+05:30What is AD Administrative Center?
Active Directory Administrative Center provides administrators with an enhanced Active Directory data management experience and a rich graphical user interface (GUI). Administrators can use Active Directory Administrative Center to perform common Active Directory object management tasks (such as user, computer, group, and organization units management) through both data-driven and task-oriented Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-83718410391122557422016-07-14T20:57:00.002+05:302016-07-14T20:57:43.069+05:30What is the Active Directory Management Gateway Service?
Windows Server 2008 R2 introduces a web service interface for application accessibility to Active Directory (AD), and the Windows Server 2008 R2 AD PowerShell cmdlets use this service.
ADMGS provides this web service interface for Windows Server 2003 SP2 and Windows Server 2008 domain controllers (DCs). The service lets Server 2008 R2 AD PowerShell cmdlets and other applications work against theNishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-47219566765401102782016-07-14T20:56:00.001+05:302016-07-14T20:56:23.500+05:30What is Active Directory Federation Services?
Active Directory Federation Services (AD FS) simplifies access to systems and applications using a claims-based access (CBA) authorization mechanism to maintain application security. AD FS supports Web single-sign-on (SSO) technologies that help information technology (IT) organizations collaborate across organizational boundaries.
AD FS 2.0 is a downloadable Windows Server 2008 update that is Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-12559748761184671282016-07-14T20:55:00.001+05:302016-07-14T20:55:14.580+05:30What is AD Certificate Services?
Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies.
Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.comtag:blogger.com,1999:blog-3934300794737142285.post-25582144621783568132016-07-14T20:54:00.001+05:302016-07-14T20:54:07.060+05:30What is SPN?
A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the Nishant Kumarhttp://www.blogger.com/profile/05448881166068272842noreply@blogger.com