Intra-site is the replication with in the same site & inter-site the replication between sites. Inter-site replication occurs between BHS (Bridge Head Servers) in one site and BHS in another site
Which is service in your windows is responsible for replication of Domain controller to another domain controller?
KCC generates the replication topology. Use SMTP / RPC to replicate changes.
Labels:
Active Directory,
L3
Can GC Server and Infrastructure place in single server If not explain why?
No, As Infrastructure master does the same job as the GC. It does not work together.
Labels:
Active Directory,
L2
How many passwords by default are remembered when you check "Enforce Password History Remembered", what is the maximum?
By default, user’s last 6 passwords are remembered, maximum is 24.
The Enforce password history policy setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused.
The possible values for this Group Policy setting are:
- A user-defined number from 0 through 24.
- Not defined.
Labels:
Active Directory,
Group Policy,
L3
What’s the number of permitted unsuccessful logons on Administrator account?
Unlimited, though, that it’s the Administrator account, not any account that’s part of the Administrators group.
Labels:
Active Directory,
L3
How to configure Certificate Templates?
You can create a new certificate template by duplicating an existing template and using the existing template's properties as the default for the new template. Different applications and types of certification authorities (CAs) support different certificate templates. For example, some certificate templates can only be issued and managed by enterprise CAs running Windows Server 2003, and some may require that the CA be running Windows Server 2008. Review the list of default certificate templates, and examine their properties to identify the existing certificate template that most closely meets your needs. This will minimize the amount of configuration work that you need to do.
To create a new certificate template
- Open the Certificate Templates snap-in.
- Right-click the template to copy from, and then click Duplicate Template.
- Choose the minimum version of CA that you want to support.
- Type a new name for this certificate template.
- Make any necessary changes, and click OK.
Labels:
Active Directory,
L3,
Wintel
What is Certificate Template?
Enterprise certification authorities (CAs) use certificate templates to define the format and content of certificates, to specify which users and computers can enroll for which types of certificates, and to define the enrollment process, such as autoenrollment, enrollment only with authorized signatures, and manual enrollment. Associated with each certificate template is a discretionary access control list (DACL) that defines which security principals have permissions to read and configure the template, as well as to enroll or autoenroll for certificates based on the template. The certificate templates and their permissions are defined in Active Directory Domain Services (AD DS) and are valid within the forest. If more than one enterprise CA is running in the Active Directory forest, permission changes will affect all enterprise CAs.
Labels:
Active Directory,
L3,
Wintel
What is merging and replace mode in loopback processing?
Normal user Group Policy processing specifies that computers located in their organizational unit have the GPOs applied in order during computer startup. Users in their organizational unit have GPOs applied in order during logon, regardless of which computer they log on to.
In some cases, this processing order may not be appropriate. For example, when you do not want applications that have been assigned or published to the users in their organizational unit to be installed when the user is logged on to a computer in a specific organizational unit. With the Group Policy loopback support feature, you can specify two other ways to retrieve the list of GPOs for any user of the computers in this specific organizational unit:
- Merge Mode : In this mode, when the user logs on, the user's list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer's location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs. In this example, the list of GPOs for the computer is added to the user's list.
- Replace Mode : In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.
Labels:
Active Directory,
L3
What are the Loopback policies?
Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
To set user configuration per computer, follow these steps:
1. In the Group Policy Microsoft Management Console (MMC), click Computer Configuration.
2. Locate Administrative Templates, click System, click Group Policy, and then enable the Loopback Policy option.
This policy directs the system to apply the set of GPOs for the computer to any user who logs on to a computer affected by this policy. This policy is intended for special-use computers where you must modify the user policy based on the computer that is being used. For example, computers in public areas, in laboratories, and in classrooms.
When users work on their own workstations, you may want Group Policy settings applied based on the location of the user object. Therefore, we recommend that you configure policy settings based on the organizational unit in which the user account resides. However, there may be instances when a computer object resides in a specific organizational unit, and the user settings of a policy should be applied based on the location of the computer object instead of the user object.
Note: You cannot filter the user settings that are applied by denying or removing the AGP and Read rights from the computer object specified for the loopback policy.
Labels:
Active Directory,
L3
What is LSDOU?
It’s group policy inheritance model, where the policies are applied to :-
Local machines, Sites, Domains and Organizational Units.
Labels:
Active Directory,
L3
Subscribe to:
Posts (Atom)