MCSE INTERVIEW QUESTION & ANSWERS
1. Describe how the DHCP lease is obtained. It’s a four-step process consisting of
(a) IP request, (b) IP offer © IP selection and (d) Acknowledgement.
2. I can’t seem to access the Internet, don’t have any access to the corporate network and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).
1Que. What is Active Directory?
1Ans. Active Directory is a Meta Data. Active Directory is a data base which stores a data base like your user information, computer information and also other network object info. It has capabilities to manage and administer the complete Network which connect with AD. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration. Active Directory is a domain controller which is use to authenticate and administrate the group of computer, user, server etc. remotely. All the policies and security will be applicable on the client machine which one is join the domain and all this policies and security is defined in active directory.
2Que. What is the Global Catalog?
2Ans. Global Catalog is a server which maintains the information about multiple domain with trust relationship agreement.
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multi domain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster
replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
3Que. What is Active Directory Service?
3Ans. Active Directory Service is an extensible and scalable directory service that enables you to manage network resources efficiently.
4Que. What is LDAP?
4Ans. LDAP (Light Weight Directory Access Protocol) is an internet protocol which Email and other services is used to look up information from the server.
5Que. What is KCC?
5Ans. KCC ( knowledge consistency checker ) is used to generate replication topology for inter site replication and for intrasite replication with in a site replication traffic is done via remote procedure calls over IP, while between site it is done through either RPC or SMTP.
6Que. What is Organization Unit?
6Ans. Organization Unit is basically a container where you put the same type of member, computer etc and applied the policies and security on the catalog server in place of individual user or computer.
7Que. Where is the AD database held? What other folders are related to AD?
7Ans. The AD data base is store in NTDS.DIT file.
8Que. What is the SYSVOL folder?
8Ans. The SYSVOL folder stores the server’s copy of the domain’s public files. The contents such as group policy, users etc. of the SYSVOL folder are replicated to all domain controllers in the domain.
9Que. What is the ISTG? Who has that role by default?
9Ans. Inter-Site Topology Generator (ISTG) is responsible for managing the inbound replication connection objects for all bridgehead servers in the site in which it is located. This domain controller is known as the Inter-Site Topology Generator (ISTG). The domain controller holding this role may not necessarily also is a bridgehead server.
10Que. What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?
10Ans. LDP: Label Distribution Protocol (LDP) is often used to establish MPLS LSPs when traffic engineering is not required. It establishes LSPs that follow the existing IP routing, and is particularly well suited for establishing a full mesh of LSPs between all of the routers on the network.
REPLMON: REPLMON displays information about Active Directory Replication.
ADSIEDIT: ADSIEDIT is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEDIT uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL ADSIEDIT.MSC.
NETDOM: NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels.
REPADMIN: This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use REPADMIN to view the replication topology (sometimes referred to as REPS From and REPS To) as seen from the perspective of each domain controller. In addition, REPADMIN can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-dateness vectors.
36Que. How to take backup of AD?
36Ans. For taking backup of active directory you have to do this: first go to START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS ->BACKUP. When the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the system including AD backup, DNS ETC.
37Que. How to restore the AD?
37Ans. START -> PROGRAM -> ACCESSORIES -> SYSTEM TOOLS -> RESTORE.
38Que. What are the DS* commands?
38Ans. DS* commands are scripting tools for creating Active Directory objects. In addition to CSVDE, LDIFDE and VBScript, we now have the following DS commands: The DA family built in utility,
DS mod - modify Active Directory attributes.
DS rm – to delete Active Directory objects.
DS move - to relocate objects.
DS add - create new accounts.
DS query - to find objects that match your query attributes.
DS get - list the properties of an object.
39Que. What is the difference between LDIFDE and CSVDE? Usage considerations?
39Ans. CSVDE is a command that can be used to import and export objects to and from the AD into a CSV-formatted file. A CSV (Comma Separated Value) file is a file easily readable in Excel. I will not go to length into this powerful command, but I will show you some basic samples of how to import a large number of users into your AD. Of course, as with the DSADD command, CSVDE can do more than just import users. Consult your help file for more info. Like CSVDE, LDIFDE is a command that can be used to import and export objects to and from the AD into a LDIF-formatted file. A LDIF (LDAP Data Interchange Format) file is a file easily readable in any text editor; however it is not readable in programs like Excel. The major difference between CSVDE and LDIFDE (besides the file format) is the fact that LDIFDE can be used to edit and delete existing AD objects (not just users), while CSVDE can only import and export objects.
40Que. What is tombstone lifetime attribute?
40Ans. The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and preventing restores from reintroducing a deleted object. This value is in the Directory Service object in the configuration NIC.
41Que. What are the requirements for installing AD on a new server?
41Ans. 1) The Domain structure 2) The Domain Name 3) Storage location of the database and log file 4) Location of the shared system volume folder 5) DNS config methods 6) DNS configuration.
42Que. What are application partitions? When do I use them?
42Ans. AN application directory partition is a directory partition that is replicated only to specific domain controller. Only domain controller running Windows Server 2003 can host a replica of application directory partition. Using an application directory partition provides redundany, availabiltiy or fault tolerance by replicating data to specific domain controller, any set of domain controllers anywhere in the forest.
43Que. How do you create a new application partition?
43Ans. Use the DnsCmd command to create an application directory partition. To do this, use the following syntax: DnsCmd ServerName /CreateDirectoryPartition FQDN of partition.
Global catalog provides a central repository of domain information for the forest by storing partial replicas of all domain directory partitions. These partial replicas are distributed by multimaster replication to all global catalog servers in a forest. It is also used in universal global membership.
44Que. How do you view all the GCs in the forest?
44Ans. C:\>repadmin /showreps domain controller, where domain controller is the DC you want to query to determine whether it’s a GC. The output will include the text DSA Options: IS_GC if the DC is a GC. To look at the Schema type “adsiedit.msc” in run or command prompt.
45Que. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
45Ans. Yes, you can use dirXML or LDAP to connect to other directories. In Novell you can use E-directory.
46Que. How do you change the DS Restore admin password?
46Ans. In Windows 2000 Server, you used to have to boot the computer whose password you wanted to change in Directory Restore mode, then use either the Microsoft Management Console (MMC) Local User and Groups snap-in or the command net user administrator * to change the Administrator password. Win2K Server Service Pack 2 (SP2) introduced the Setpwd utility, which lets you reset the Directory Service Restore Mode password without having to reboot the computer. (Microsoft refreshed Setpwd in SP4 to improve the utility’s scripting options). In Windows Server 2003, you use the Ntdsutil utility to modify the Directory Service Restore Mode Administrator password. To do so, follow these steps:
1. Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe).
2. Start the Directory Service Restore Mode Administrator password-reset utility by entering the argument “set dsrm password” at the ntdsutil prompt: ntdsutil: set dsrm password.
3. Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine. For example, to reset the password on server, enter the following argument at the Reset DSRM Administrator Password prompt: Reset DSRM Administrator Password: reset password on server. To reset the password on the local machine, specify null as the server name: Reset DSRM Administrator Password: reset password on server null.
4. You’ll be prompted twice to enter the new password. You’ll see the following messages:
5. Please type password for DS Restore Mode Administrator Account:
6. Please confirm new password:Password has been set successfully.
7. Exit the password-reset utility by typing “quit” at the following prompts:
8. Reset DSRM Administrator Password: quit ntdsutil: quit.
1. Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe).
2. Start the Directory Service Restore Mode Administrator password-reset utility by entering the argument “set dsrm password” at the ntdsutil prompt: ntdsutil: set dsrm password.
3. Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine. For example, to reset the password on server, enter the following argument at the Reset DSRM Administrator Password prompt: Reset DSRM Administrator Password: reset password on server. To reset the password on the local machine, specify null as the server name: Reset DSRM Administrator Password: reset password on server null.
4. You’ll be prompted twice to enter the new password. You’ll see the following messages:
5. Please type password for DS Restore Mode Administrator Account:
6. Please confirm new password:Password has been set successfully.
7. Exit the password-reset utility by typing “quit” at the following prompts:
8. Reset DSRM Administrator Password: quit ntdsutil: quit.
47Que. What is Group Policy objects (GPOs)?
47Ans. Group Policy objects, other than the local Group Policy object, are virtual objects. The policy setting information of a GPO is actually stored in two locations: the Group Policy container and the Group Policy template. The Group Policy container is an Active Directory container that stores GPO properties,
including information on version, GPO status, and a list of components that have settings in the GPO. The Group Policy template is a folder structure within the file system that stores Administrative Template-based policies, security settings, script files, and information regarding applications that are available for Group Policy Software Installation. The Group Policy template is located in the system
volume folder (sysvol) in the \Policies subfolder for its domain.
including information on version, GPO status, and a list of components that have settings in the GPO. The Group Policy template is a folder structure within the file system that stores Administrative Template-based policies, security settings, script files, and information regarding applications that are available for Group Policy Software Installation. The Group Policy template is located in the system
volume folder (sysvol) in the \Policies subfolder for its domain.
EXCHANGE SERVER
What is the maximum storage capacity for Exchange standard version? What would you do if it reaches maximum capacity?”
Exchange 2000 Server Standard Edition limits the database size to 16 gigabytes.
Boot process in windows NT/XP/2000/2003.
3. How do you configure memory dump if c: d: e: & paging file is configured so and so way?
4. Backups? Which is better, why and which to use when?
5. Disaster recovery plan?
6. DHCP lease process.
7. DNS zones, chronicle records what are they?
8. DHCP relay agent where to place it?
9. What is active directory compared to SAM?
10. What is GC? How many required for A Tree?
10. What is forest?
11. Group policies?
12. FSMO Roles?
4. Backups? Which is better, why and which to use when?
5. Disaster recovery plan?
6. DHCP lease process.
7. DNS zones, chronicle records what are they?
8. DHCP relay agent where to place it?
9. What is active directory compared to SAM?
10. What is GC? How many required for A Tree?
10. What is forest?
11. Group policies?
12. FSMO Roles?
Fsmo roles are server roles in a Forest
There are five types of FSMO roles
1-Scheema master Forest Wide Role
2-Domain naming master Forest Wide Role
3-Rid master Domain Wide Role
4-PDC Emulator Domain Wide Role
5-Infrastructure master Domain Wide Role
There are five types of FSMO roles
1-Scheema master Forest Wide Role
2-Domain naming master Forest Wide Role
3-Rid master Domain Wide Role
4-PDC Emulator Domain Wide Role
5-Infrastructure master Domain Wide Role
RID Master - It assigns RID and SID to the newly created object like Users and computers. If RID master is down (u can create security objects up to RID pools are available in DCs) else u can’t create any object once it is down.
PDC Emulator: It works as a PDC to any NT BDCs in your environment. It works as Time Server (to maintain same time in your network). It works to change the passwords, lockout etc.
Infrastructure Master: This works when we are renaming any group member ship object this role takes care.
PDC Emulator: It works as a PDC to any NT BDCs in your environment. It works as Time Server (to maintain same time in your network). It works to change the passwords, lockout etc.
Infrastructure Master: This works when we are renaming any group member ship object this role takes care.
Domain Naming Master: Adding / changing / deleting any Domain in a forest.
Schema Master: It maintains structure of the Active Directory in a forest.
Schema Master: It maintains structure of the Active Directory in a forest.
13. Active directory 2000. Can I change password if my machince’s connectivity to DC who holds PDC emulator role has been fails?
14. What is the difference between SD-RAM and DD-RAM?
15. Can i change my DC ip (dns, pref dns, gateway) while dc is working and can i give another ip. (What happens if i give that ip and what happens about the replication of their dc when i am in suspending mode)?
16. There is a set of 30 hard disk configured for raid 5 if two hard disk failed what about data?
It depends how u had configured your RAID its only Raid5 or with spare if its only raid 5 then in raid 5 if your 2 number of HDD goes then your RAID is gone.
-1 out of the total (eg - if u r using 5 u will get only 4 because 1 goes for parity).
17. How can i deploy the Latest Patched in PC through G.P without having the Admin Right in PC?
Create a batch file and place all the patches in the Net logon, and deploy the batch file through GP to all the pcs so the same should take affect after restarting the pc.
Create a batch file and place all the patches in the Net logon, and deploy the batch file through GP to all the pcs so the same should take affect after restarting the PC. The answer to the above question is incorrect you cannot deploy a batch file using group policy. You can only publish or assign msi packages or Zap files. They are the only two valid file formats allowable when using “intellimirror” in active
directory.
directory.
18. How to remove the $sharing through G.P. in 1000 PCs?
19. In Raid 5, suppose i have 5 HDD of 10-10 GB, after configuring the Raid how much space do i have for utilise.
20. How can i resolve the Svr name through Nslookup?
Nslookup command will let u know through which server you are routed, (eg- c:\nslookup then u will get your domain name to which u r getting routed. and if u want to get the name of the pc/server with the ip address then u have to give the command c:\nbtstat -a ip xx-xx-xx-xx)
21. What is difference between scope and super scope?
22. Can I change the password if my machince’s connectivity to DC who holds PDC emulator role has been fails?
No you can’t the password.
23. What is Kerberos? Which version is currently used by Windows? How does Kerberos work?
24. What are the differences between 2K, 2K3 and XP?
XP is a client operating system it cannot act as a server, 2K domain name cannot be renamed, no shadow copying, 2k3 domain name can be renamed, shadow copying is possible.
1. We can’t rename domain in Win2k, you can rename in Win2k3
2. IIS 5.0 in Win2k and IIS 6.0 in Win2k3
3. No Volume Shadow Copying in Win2k, it is available in Win2k3
4. Active Directory Federation Systems in Win2k3
Like that some other security features added in Win2k3, main features are above
2. IIS 5.0 in Win2k and IIS 6.0 in Win2k3
3. No Volume Shadow Copying in Win2k, it is available in Win2k3
4. Active Directory Federation Systems in Win2k3
Like that some other security features added in Win2k3, main features are above
25. What is the difference between DNS and WINS?
26. What is sysprep?
27. What is Net logon?
28. How many types of server?
29. What is hotfix?
Hotfix, which Microsoft release whenever there is a bug or for updating of Operating system.
30. How many types DNS?
31. How many types NET Address?
32. What is T-VOLI?
33. Which protocol used for Sending Message? SNMP.
34. Tell me why we are using exchange server?
This is a mail server. We can use this Server to send mails in Intranet as well as outside.
35. What is the function of DHCP and how to configure DHCP? Assign IP Address automatically.
36. DHCP relay agent where to place it? DHCP Relay Agent to be placed in Software Rouer.
37. What is a Forest?
Tree is nothing but collection domains which is having same name space. Domain contains domain controllers. FOREST -> TREE -> DOMAIN.
38. What is GC? How many required for a Tree?
Global Catalog server is a Searchable Index book. With this we can find out any object in the Active Directory. Also it works as logon authentication for Group memberships. We can have each domain controller in domain or only first domain controller in a domain.
Global Catalog server is a Searchable Index book. With this we can find out any object in the Active Directory. Also it works as logon authentication for Group memberships. We can have each domain controller in domain or only first domain controller in a domain.
39. DNS zones, chronicle records what are they?
In Windows 2000 there are mainly 3 zones
Standard Primary — zone information writes in Txt file
Standard Primary — zone information writes in Txt file
Standard Secondary — copy of Primary
Active Directory Integrated– Information stores in Active Directory in win2k3 one more zone is added that is Stub zone
Stub is like secondary but it contains only copy of SOA records, copy of DNS records, copy of a records for that zone. No copy of MX, SRV records etc.
Stub is like secondary but it contains only copy of SOA records, copy of DNS records, copy of a records for that zone. No copy of MX, SRV records etc.
40. Port Numbers.
FTP - 20, 21 (20 is for controlling and 21 is for Transmitting )
NNTP - 119
SMTP - 25
Kerberos – 88
DNS – 53
DHCP – 67, 68
POP3 – 110
No comments:
Post a Comment