What are the Groups types available in active directory?

Security groups : Use Security groups for granting permissions to gain access to resources. Sending an e-mail message to a group sends the message to all members of the group. Therefore security groups share the capabilities of distribution groups.

Distribution groups : Distribution groups are used for sending e-main messages to groups of users. You cannot grant permissions to distribution groups. Even though security groups have all the capabilities of distribution groups, distribution groups still requires, because some applications can only read distribution groups.

What System State data contains?

• Startup files
• Registry
• Com + Registration Database
• Memory Page file
• System files
• AD information
• Cluster Service information
• SYSVOL Folder

What is lost & found folder in ADS?

It’s the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happen ADS didn’t find the OU then it will put that in Lost & Found Folder.

What Intra-site and Inter-site Replication?

Intra-site is the replication with in the same site & inter-site the replication between sites. Inter-site replication occurs between BHS (Bridge Head Servers) in one site and BHS in another site

Which is service in your windows is responsible for replication of Domain controller to another domain controller?

KCC generates the replication topology. Use SMTP / RPC to replicate changes.

Can GC Server and Infrastructure place in single server If not explain why?

No, As Infrastructure master does the same job as the GC. It does not work together.

How many passwords by default are remembered when you check "Enforce Password History Remembered", what is the maximum?

By default, user’s last 6 passwords are remembered, maximum is 24.

The Enforce password history policy setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused.

The possible values for this Group Policy setting are:

• A user-defined number from 0 through 24.
• Not defined.

What’s the number of permitted unsuccessful logons on Administrator account?

Unlimited, though, that it’s the Administrator account, not any account that’s part of the Administrators group.

How to configure Certificate Templates?

You can create a new certificate template by duplicating an existing template and using the existing template's properties as the default for the new template. Different applications and types of certification authorities (CAs) support different certificate templates. For example, some certificate templates can only be issued and managed by enterprise CAs running Windows Server 2003, and some may require that the CA be running Windows Server 2008. Review the list of default certificate templates, and examine their properties to identify the existing certificate template that most closely meets your needs. This will minimize the amount of configuration work that you need to do.

To create a new certificate template

• Open the Certificate Templates snap-in.
• Right-click the template to copy from, and then click Duplicate Template.
• Choose the minimum version of CA that you want to support.
• Type a new name for this certificate template.
• Make any necessary changes, and click OK.

What is Certificate Template?

Enterprise certification authorities (CAs) use certificate templates to define the format and content of certificates, to specify which users and computers can enroll for which types of certificates, and to define the enrollment process, such as autoenrollment, enrollment only with authorized signatures, and manual enrollment. Associated with each certificate template is a discretionary access control list (DACL) that defines which security principals have permissions to read and configure the template, as well as to enroll or autoenroll for certificates based on the template. The certificate templates and their permissions are defined in Active Directory Domain Services (AD DS) and are valid within the forest. If more than one enterprise CA is running in the Active Directory forest, permission changes will affect all enterprise CAs.