Answer:- ntdsutil - type roles - connections - connect servername - q - type seize role - at the fsmo maintenance prompt - type seize rid master lG Read More Answers. Answer:- in It is a role that only one DC can or should hold at any given time within its boundary.
The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. It controls the addition or removal of domains in the forest. The PDC emulator is necessary to synchronize time in an enterprise. Updates group membership information when users from other domains are moved or renamed.
If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. Bridgehead server - A domain controller that is used to send replication information to one or more other sites DHCP Superscope: A rage of IP address that span several subnets.
The DHCP server can assign these address to clients that are on several subnets. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces. Answer:- The KCC generates and maintains the replication topology for replication within sites and between sites.
KCC runs every 15 minutes. Question 48 How you add a user in ad by commandline? Answer:- dsadd Read More Answers. Answer:- Its very easy please logon to lelopdf. Question 51 lG What is the minimum requirement for installing AD? Question 54 How to verifying database and Log files? DIT schema table? Answer:- The types of objects that can be created in the Active Directory, relationships between them, and the attributes on each type of object. This table is fairly static and much smaller than the data table.
DIT Link table? Answer:- Link Table contains linked attributes, which contain values referring to other objects in the Active Directory. Take the Member Of attribute on a user object.
That attribute contains values that reference groups to which the user belongs. This is also far smaller than the data table. DIT Data table? Question 59 How many types of Active Directory data? Replicates to all DCs within a domain. The object portion becomes part of GC. The attribute values only replicates within the domain.
C This is reserved transaction log files of 20 MB 10 MB each which provides the transaction log files enough room to shutdown if the other spaces are being used.
Answer:- M Garbage Collection is a process that is designed to free space within the Active Directory database. This process runs independently on every DC with a default lifetime interval of 12 hours. Question 63 List the main steps of Garbage collection process? Tombstones are remains of objects that have been previously deleted.
Answer:- Online Defragmentation method that runs as part of the garbage collection process. The only advantage to this method is that the server does not need to be taken offline for it to run. However, this method does not shrink the Active Directory database file Ntds.
Question 65 What is Schema information in Active Directory? Replicates to all DCs. Static in nature. Answer:- Configuration data about forest and trees. Static as your forest is. This approach requires that the ADS database be started in repair mode.
The advantage to this method is that the database is resized, unused space is removed, and the size is reflected by the Ntds. The database file cannot be compacted while Active Directory is mounted. To defrag ntds. Compact to D:DbBackup You must specify a directory path and if the path name has spaces, the command will not work unless you use quotation marks: in Quit till you reach the command prompt A new compacted database named Ntds. Copy the new ntds.
You have successfully compacted the Active Directory database. Question C Define EDB. Answer:- This is the transaction log file 10 MB. When EDB. Where nnnn is the increasing number starting from 1. Answer:- This is the checkpoint file used to track the data not yet written to database file. This indicates the starting point from which data is to be recovered from the log file, in case of failure. Answer:- A forest consists of multiple domain trees. The domain trees in a forest do not form a contiguous namespace but share a common schema and GC.
The forest root domain is the first domain created in the forest. The root domains of all domain trees in the forest establish transitive trust relationships with the forest root domain. This is necessary for the purposes of establishing trust across all the domain trees in the forest. This can be useful in, for example, companies with independent divisions that must each maintain their own DNS names.
Question 72 Define domain Trees in Active Directory? Answer:- Tree is a hierarchical arrangement of W2K domains that share a contiguous name space. The first domain in a domain tree is called the root domain.
A domain immediately above another domain in the same domain tree is referred to as the parent of the child domain. The name of the chills domain is combined with its parent domain to form its DNS name. Every child domain has a two two-way, transitive trust relationship with its parent domain Because these trust relationships are two-way and transitive, a Windows domain newly created in a domain tree or forest immediately has trust relationships established with every other Windows domain in the domain tree or forest.
These trust relationships allow a single logon process to authenticate a user on all domains in the domain tree or forest. This does not necessarily mean that the authenticated user has rights and permissions in all domains in the domain tree. Because a domain is a security boundary, rights and permissions must be assigned on a per-domain basis.
Answer:- Attributes are defined separately from classes. For example, the Description attribute is used ba in many classes, but is defined once in the schema, assuring consistency.
Question 74 lG Define Active Directory schema? Answer:- The Active Directory schema is the set of definitions that defines the kinds of objects, and the types of information about those objects, that can be stored in Active Directory.
The definitions are themselves stored as objects so that Active Directory can manage the schema objects with the same object management operations used ui for managing the rest of the objects in the directory.
There are two types of definitions in the schema: attributes and classes. Answer:- in Site consists of one or more IP subnets connected by a high speed link.
Wide area networks should employ multiple sites for efficiently handling servicing requests and reducing replication traffic. Sites map the physical structure of your network whereas domains generally map the logical structure of your organization. Active Directory Sites and Services allow you to specify site information. Active Directory uses this information to determine how best to use available network resources.
Answer:- Active Directory Sites and Services allow you to specify site information. Active Directory uses this information to determine how best to use available network O resources.
Answer:- Classes, also referred to as object classes; describe the possible directory objects that can be created. Each class is a collection of attributes. When you create an object, the attributes store the information that describes the object. The User class, for example, is composed of many attributes, including Network Address, Home Directory, and so on.
Every object in Active Directory is an instance of an object class. Question 78 Define Service requests in Active Directory? Answer:- When a client requests a service from a domain controller, it directs the request to a domain controller in the same site. Selecting a domain controller that is well-connected to the client makes handling the request more efficient. Answer:- GC is created automatically on the first DC in the forest. It stores a full replica of all objects in the directory for its host domain and a partial replica of all objects of every other domain in the forest.
The replica is partial because it stores only some attributes for each objects. Question 80 List the GC key directory roles? Answer:- Site streamlines replication of directory information and reduces replication traffic. A client determines it is in when it is turned on, so its site location will often be dynamically updated. A domain controller's site location is established by which site its Server object belongs to in the directory, so its site location will be consistent unless the domain controller's Server object is intentionally moved to a different site.
Question 82 Define the global catalog key directory roles? If there is only one domain controller in the domain, the domain controller and the global catalog are the same server. If there are multiple domain controllers in the network, the global catalog is hosted on the domain controller configured as such. If a global catalog is not available when a user initiates a network ui logon process, the user is only able to log on to the local computer.
It stores a full replica of all objects in the directory for its host domain and a partial replica of all objects contained in the directory of every other domain in the forest.
The replica is partial because it stores some, but not all, of the in property values for every object in the forest. C Answer:- The global catalog is designed to respond to queries about objects anywhere in the forest with maximum speed and minimum network traffic. Because a single global catalog contains information about objects in all domains in the forest, a query about an object can be resolved by a global catalog in the domain in which the query is initiated.
Thus, finding information in the directory does not produce unnecessary query traffic across domain boundaries. O You can optionally configure any domain controller to host a global catalog, based on your organization's requirements for servicing logon requests and search queries. After additional domain controllers are installed in the domain, you can change the default location of the global catalog to another domain controller using Active Directory Sites and Services.
Question 85 Do you know why GC and infrastructure master should not be on the same server? Answer:- The infrastructure master is responsible for updating references from objects in its domain to objects in other domains.
The infrastructure master compares its data with that of a global catalog. Global catalogs receive regular updates for objects in all domains through replication, so the global catalog's data will always be up-to-date. If the infrastructure master finds data that is out-of-date, it requests the updated data from a global catalog. The infrastructure master then replicates that updated data to the other domain controllers in the domain. The infrastructure master will never find data that is out of date, so will never replicate any changes to the other domain controllers in the domain.
Question 86 Define the Domain naming master role? Question 87 Define Schema master role? Answer:- The schema master DC controls all updates and modifications to the schema. Question 88 Define Forest-Wide operations master roles? Question 89 ba Define Domain-Wide operations master roles? Whenever a DC creates a user, group, or computer object, it assigns a unique security ID to el that object.
The security ID consists of a domain security ID that is the same for all security IDs created in the domain , and a relative ID that is unique for each security ID created in the domain. To move an object between domains using Movetree. Question 91 e Define PDC emulator role? It processes password changes from clients and replicates updates to the BDCs.
In native-mode, the PDC emulator receives preferential replication of password changes performed by other DCs in the domain.
If a password was recently changed, that change takes time to replicate to every DC in the domain. If a logon authentication fails at another DC due to a bad password, that DC will forward the authentication request to the PDC emulator before rejecting the log on attempt.
O Question 92 M Define the Infrastructure master role? Answer:- The infrastructure master is responsible for updating the group-to-user references whenever the members of groups are renamed or changed. At any time, there can be only one DC acting as the infrastructure master in each domain.
When you rename or move a member of a group and that member resides in a different domain from the group , the group may temporarily appear not to contain that member.
The infrastructure master of the group's domain is responsible for updating the group so it knows the new name or location of the member. The infrastructure master distributes the update via multi-master replication. There is no compromise to security during the time between the member rename and the group update. Only an administrator looking at that particular group membership would notice the temporary inconsistency. Question 93 Define the single master operations?
Answer:- Active Directory supports multi-master replication of the directory data between all DCs in the domain.
Some changes are impractical to perform in multi-master fashion, so only one DC, called the operations master, accepts requests for such changes. Because the operations master roles can be moved to other DCs within the domain or forest, these roles are sometimes referred to as Flexible Single Master Operations.
In any Active Directory there are five operations master roles. Some roles must appear in every forest. Other roles must appear in every domain in the forest. Answer:- G When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID for references to security principals , and the DN of the object being referenced. Others can be unavailable for quite some time before their absence becomes a problem If an operations master is not available due to computer failure or network problems, you can seize the operations master role.
A DC whose schema master role has been seized must never be brought back online. Question 99 How to create a container to list printers in Active Directory? The Printers container that you created appears in the list of directory objects. Question How to publish a printer in AD? Answer:- 1 Log on to the computer as an administrator. Use only letters and numbers; do not use spaces, punctuation, or special characters. Question How to configure an authoritative time server in Windows ?
Answer:- Windows includes the W32Time time service tool that is required by the Kerberos authentication protocol. The purpose of the Time service is to ensure that all G computers that are running Windows in an organization use a common time. PDC operations master at the root of the forest becomes authoritative for the organization. Administrators can also configure an internal time server as authoritative by using the net time command.
If the administrator directs the command to the operations master, it may be necessary to reboot the server for the changes to take effect. Answer:- el Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loop back feature to apply GPOs that depend only on which computer the user logs on to.
Question e What is Kerberos V5 authentication process? C Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos V5 protocol verifies both the identity of the user and network services. This dual verification is known as mutual authentication. Question O Do you know how Kerberos V5 works? Answer:- M The Kerberos V5 authentication mechanism issues tickets A set of identification data for a security principle, issued by a DC for purposes of user authentication.
Two forms of tickets in Windows are ticket-granting tickets TGTs and service tickets for accessing network services. These tickets contain encrypted data, including an encrypted password, which confirms the user's identity to the requested service. Question How to change the recovery console administrator password on a DC?
Question Define user accounts in Active Directory? Answer:- In Active Directory, each user account has a user logon name, a pre-Windows user logon name SAM account name , and a user principal name suffix. Active Directory suggests a pre-Windows user logon name using the first 20 bytes of the user logon name. This computer name is used as the LDAP relative distinguished name.
Active Directory suggests the pre-Windows name using the first 15 bytes of the relative distinguished name. This can be changed at any time. The service principal name is built from the DNS host name. The service principal name is used in the process of G mutual authentication between the client and the server hosting a particular service. Windows XP includes a folder named System Volume Information on the root of each drive that remains hidden from view even when you choose to show system files.
It remains hidden because it is not a normally hidden folder you can say it is a Super Hidden Folder. Short form Master Boot Record, a small program that is executed when a computer boots up. The program begins the boot process by looking up the partition table to determine which partition to use for booting 13 What is Bit Locker. BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows 7 and Vista, To encrypt an entire drive, simply right-click on the drive and select Turn on BitLocker from the context menu.
IDE and SATA are different types of interfaces to connect storage devices like hard drives to a computer's system bus. For many years ATA provided the most common and the least expensive interface for this application.
This is a big deal in the Microsoft world for disaster recovery, high availability and more. VMware does this, too, but the vendor charges new licensees extra for the capability.
Start Task manager, and select Performance tab. In performance tab we can see system up time Method 2: By typing systeminfo in command prompt we can find out up time of your server In system boot time. Although Server Manager is available in Windows Server R2 and Windows Server , Server Manager was updated in Windows Server , to support remote, multi-server management, and help increase the number of servers an administrator can manage.
First the computer looks up the destination host. If it exists in local DNS cache, it uses that information. If it finds references to external resources, such as pictures, css files, javascript files, these are is delivered the same way as the HTML document itself.
DHCP operates on a client server model in four phases. At this point the IP configuration process is complete. UDP protocol and 67 port in client and 68 port in server. A typical server allows its administrator to set the lease time.
Discover, Offer, request and acknowledgement. If a DHCP server is to operate within an Active Directory domain and is not running on a domain controller it must first be authorized to Active directory. You may want to backup your DHCP server from time to time to prepare for disaster recovery scenarios or when migrating DHCP server role to a new hardware.
Right click server name, choose Backup.. Right Click server name, choose Restore 3. Choose the location of the backup, click OK 4. Because domain names are alphabetic, they're easier to remember. Two types of lookup in DNS. Forward lookup : it converts Domain name to ip address. Reverse lookup: it converts ip address to Domain name. Three types of zone. Primary zone secandary zone and stub zone.
Why it is used. Its an active directory protocal ,Basically, it's a protocol used to access data from a database 2 What is Active Directory?
Why it used. Active Directory is a Directory Service created by Microsoft. It is included with most Windows Server operating systems. Active Directory is primarily used to store directory objects like users and groups and computers printers. Using Active Directory brings a number of advantages to your network, Centralized user account management Centralized policy management group policy Better security management 3 What Is Group Policy.
Group Policy is a feature of the Microsoft Windows NT family of operating systems that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment.
Assign Users : The software application is advertised when the user logs on. It is installed when the user clicks on the software application icon via the start menu, or accesses a file that has been associated with the software application.
Assign Computers :The software application is advertised and installed when it is safe to do so, s uch as when the computer is next restarted. Publish to users : The software application does not appear on the start menu or desktop. This means the user may not know that the software is available.
Published applications do not reinstall themselves in the event of accidental deletion, and it is not possible to publish to computers. It is used to log on to the computer when Active Directory has failed or needs to be restored. Timing can be tricky; if the Windows logo appears you waited too long.
A text menu menu will appear. Then press the Enter key. What other folders are related to AD? To Install Microsoft Active Directory: Ensure that you log on to the computer with an administrator account to perform installation. In the Welcome page, click Next. In the Operating system compatibility panel, click Next. This name will be used during Tivoli Provisioning Manager installation, so make a note of it. Click Next.
The first part of the DNS name is usually sufficient. On the Database and Logs panel, select the desired folders for the Database and Logs. On the Shared System Volume panel, enter a valid directory for the system volume.
Click Next to continue. If you configured DNS successfully, the Permissions setting panel is displayed. Select Permissions compatible only with Windows or Windows Server The server will be rebooted as part of the process. Global groups provide access to resources in other trusted domains.
Universal groups grant access to resoures in all trusted domains. Adding one group as a member of another group is called 'group nesting'. This will help for easy administration and reduced replication traffic 19 What is Domain control?
A domain controller DC is a server that handles all the security requests from other computers and servers within the Windows Server domain there was a primary domain controller and a backup domain controller.
0コメント