As promised yesterday, here is the first lot of Questions.
1. What are fine grained policies in Windows Server 2008 R2?
Ans. Fine Grained Policies help administrators to specify different sets of policies for different users or groups. In earlier versions of Windows, operating systems only allowed administrators to assign group policies on Site, Domain or Organizational Unit level. With the release of Windows Server 2008 RTM/R2, feature of fine grained policies is introduced which allows administrators to assign policies on per-user or per-group basis.
2. Name the two built-in GPOs that arc by default created when AD DS is installed.
Ans. The two built-in GPOs are Default Domain Policy and Default Domain Controller Policy.
3. What is the difference between Default Domain Policy and Default Domain Controller Policy?
Ans. Default Domain Policy is applied throughout the domain and is effective on every object and organizational unit that a domain contains. On the other hand, Default Domain Controller Policy is linked only to Domain Controllers organizational unit and is applicable to all domain controllers that reside in that OU.
4. What are the two ways of deploying software through group policies?
Ans. Two ways to deploy software applications through group policies are:
a) Assigned (Computer Configuration and User Configuration): In this type of deployment applications automatically get installed as soon as computer starts or user logs on.
b) Published (User Configuration): In this deployment type users must manually install available applications by going to Add or Remove Programs in Control Panel of client computers.
5. What is the difference between assigning an application and publishing an application in Group Policy?
Ans. While deploying software applications through group policies, when the deployment type is set as assigned, applications automatically get installed as soon as the computers start or the users log on. On the other hand when the deployment type is set as published, users must go to Control Panel and must manually install the applications before they can use them.
6. What command is used to add client computers to a specific DHCP User Class?
Ans. IPCONFIG /SetClassID is the command that administrators must use on all client computers to add them to a specific DHCP User Class.
7. Which command line utility is used to administer Windows SharePoint Services?
Ans. Stsadm.exe is the command line utility that is used to administer Windows SharePoint Services (WSS).
8. What is Windows PowerShell?
Ans. Windows PowerShell was introduced with the release of Microsoft Windows Server 2008 RTM and is now carried forward to Microsoft Windows Server 2008 R2 operating system. Windows PowerShell provides CLI or Command Line Interface in which users and administrators can run commands. Moreover Windows PowerShell is a scripting platform which administrators can use to create and execute scripts to automate administrative tasks.
9. What are Starter GPOs?
Ans. A Starter GPO contains Administrative templates. Starter GPOs can be configured with the settings which administrators want to preconfigure while creating Group Policy Objects (GPOs). When administrators create GPOs they must configure every created GPO right from the scratch and some GPOs must have identical settings to be configured. Without Starter GPOs this would have been a tedious task. Starter GPOs allow administrators to configure identical settings just once and then the Starter GPOs can be called while creating GPOs.
10. Being an Administrator of DATACORP.COM you have configured a GPO named Desktop Lock that has following settings:
a) Remove Add or Remove Programs
b) Restrict Access to Control Panel
c) Prevent changing desktop wallpaper
You want to link it to an OU named Datacorp Users which also contains a child OU named Executives. What will you do to prevent Executives OU from inheriting settings from DesktopLock GPO?
Ans. A Parent Organizational Unit (OU) can contain multiple Child OUs. By default, when a GPO is linked to a parent OU its child OUs automatically inherit the settings. To prevent the settings from being inherited by child OUs, inheritance on child OUs must be blocked by the administrators manually.
11. You are an administrator at DATACORP.COM. For security reasons, you want that users cannot plug any USB or removable devices to the computers. What appropriate action you should take to do so?
Ans. A separate GPO in which removable and plug and play devices are restricted must be created and linked to the domain using Group Policy Management Console (GPMC). Furthermore, this GPO must be enforced by right clicking on the GPO and clicking Enforced option so that even if some OUs have been configured to block inheritance, this group policy setting still becomes applicable on them.
12. In which condition you are required to configure Loopback Policy Processing?
Ans. When an Organizational Unit (OU) is linked to the Group Policy Object (GPO) that has been configured with both User Configuration and Computer Configuration and administrators want that if a particular computer is shared in public places, such as reception area, only Computer Configuration takes precedence irrespective of the user account that logs on to the computer. In such cases Loopback Policy Processing is used which enforces Computer Configuration of the GPO to be applied on the publicly shared computer.
13. You want to install Microsoft Word 2007 on all your client computers in the network. How would you accomplish the task with least administrative overhead?
Ans. Installing MS Office package on every client computer individually would be a tedious task. In such case administrators must use Group Policies to deploy the package domain wide. They can choose either Published or Assigned mode to accomplish the task.
14. Why do we need to configure Disk Quota?
Ans. In complex production environments many times administrators configure roaming user pro-files and they configure user files to be saved on a centrally located file server. In order to re-strict and limit users from occupying large disk spaces, administrators mostly configure Disk Quotas so that users can only utilize the hard disk spaces that administrators manually assign to them.
15. What is the difference between Hard Quota and Soft Quota?
Ans. When administrators assign disk quotas they can choose any one of the two available options. They can either restrict users from saving files on the quota enabled volumes if they exceed their quota limits or they can allow users to continue saving their files even if their quota limits exceed, but with warning messages. When administrators restrict users from saving files on quota enabled volume this is known as Hard Quota and when users are allowed to save files even if the quota limit expires this is known as Soft Quota.
16. What is a Witness Disk?
Ans. Witness Disks are the shared volumes that contain copies of cluster configuration databases. In Windows Server 2003, Witness Disks were known as Quorum Disks. These disks are connected as a central storage media for the servers that participate as members of the cluster.
17. Which editions of Windows Sever 2008 R2 support failover clustering?
Ans. Only Enterprise and Datacenter editions of Windows Server 2008 R2 support Failover clustering.
18. What is Volume Shadow Copy?
Ans. Volume Shadow Copy is a feature integrated in Microsoft Windows operating systems that allows administrators to capture snapshots of the data which can be restored in case actual data is lost. Administrators must manually enable Volume Shadow Copy feature for each volume individually.
19. What is Bare Metal restore?
Ans. Bare Metal Restore is a technique through which administrators can restore all backed up data in a fresh machine that has no Operating System or software installed.
20. What is the command line tool used to performing an Active Directory authoritative restore?
Ans. Ntdsutil command is used to perform authoritative restore.
21. How can you perform a Non-Authoritative Restore?
Ans. Non-Authoritative Restore can be performed by navigating Windows Server backup console or by typing Wbadmin.exe on command line.
22. What is the main benefit of restoring Active Directory using Installation from Media (IFM) process?
Ans. With the help of Installation from Media (IFM) process, when an Active Directory is restored on a Windows Server 2008 R2 computer from a backup, it remarkably reduces administrator's overhead which they would otherwise have to face if they had to install Active Directory Domain Services on a bare metal machine and wait for replication to get all configuration and settings.
23. As an administrator of DATACORP.COM you need to create 200 domain user accounts. How will you complete the task with least administrative overhead?
Ans. As an administrator I shall create PowerShell or VBScripts to automate user creation task. In order to accomplish this, I will create a .ps1 file that will contain command to create user accounts. Once the file is created I will call it in PowerShell interface by using
24. Which command is used to manage SYSVOL replication when Forest Functional Level is Windows Server 2008 R2?
Ans. DFSRadmin.exe command is used to manage SYSVOL replication in Windows Server 2008 R2 when Forest Functional Level is raised to Windows Server 2008 R2. DFSR is also used during Active Directory replication. In legacy versions of Windows Network Operating Systems, File Replication Services (FRS) was used.
25. Which command-line utility is used to perform initial configuration of WDS (Windows Deployment Services) Server in Windows Server 2008 R2?
Ans. Wdsutil is the command-line utility through which we can configure WDS (Windows Deployment Services) Server.
26. Which command is used to enable Active Directory Recycle Bin feature in Windows Server 2008 R2?
Ans. We can type the following command in Windows Powershell module:
Enable-ADOptionalFeature -Identity <ADOptionalFeature> -Scope <ADOptionalFeatureScope> -Target <ADEntity>.
For ex-, if we want to enable Active Directory Recycle bin for mydomain.com domain, we should type:
Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com' -Scope ForestOrConfigurationSet -Target 'contoso.com'
27. What does OOBE command do?
Ans. When Windows Server 2008 R2 is installed, the very first window that appears on the screen is Initial Configuration Tasks. After administrators have configured their servers with appropriate settings they can disable the initialization of this window at every start up. However if because of any reason they still want to access this window they can type in Out-Of-Box Experience (OOBE) command in the search box or Run command box to initiate it.
28. Which command line tool is used to troubleshoot DNS server?
Ans. Nslookup command is used to troubleshoot DNS server from command line.
29. Through which command we can convert a Security Policy into a Group Policy Object (GPO)?
Ans. Scwcmd.exe transform command converts a Security Policy into a GPO.
30. Which command is used to update Group Policy settings on a client computer?
Ans. Gpupdate.exe or gpupdate /force command can be executed in the elevated command prompt on the client computer.
31. Which command is used to manage DNS server from command line?
Ans. Dnscmd command can be used to manage DNS server from command line utility.
32. Which command is used to renew an IP address assigned by DHCP server?
Ans. In order to renew dynamic IP address assigned by DHCP server ipconfig /renew command must be executed from the elevated command prompt.
33. Which command you must use to deploy Read Only Domain Controller (RODC)?
Ans. Although deployment of Read Only Domain Controller (RODC) can be made simpler through GUI, adprep /rodcprep command can be used to create RODC through command line interface.
34. Why do we initiate ipconfig /flushdns command?
Ans. It clears DNS cache from the client computers.
35. What is Global Names Zone?
Ans. GlobalNames Zone is a new feature introduced in Microsoft Windows Server 2008 which allows single label (NetBIOS) name resolution. This feature is introduced to replace WINS, hence completely eliminating its requirement.
36. Name the scopes available for DNS Zone replication in Active Directory infrastructure.
Ans. There are four scopes where DNS Zones can be replicated in Active Directory infrastructure: a) To all DNS servers in the Active Directory Forest b) To all DNS servers in the Active Directory Domain c) To all domain controllers in an Active Directory Domain d) To all domain controllers specified in the scope of the following application directory partition (Custom list required)
37. What are Name Servers?
Ans. Name Server is a dedicated computer that is responsible to resolve DNS queries initiated by client computers. Sometimes DNS server is also referred as Name Server.
38. What is the use of LMhosts file?
Ans. Lmhost file is used to resolve NetBIOS names to their respective IP addresses. IP addresses must be manually specified in the Lmhost file.
39. Why should you configure alternate DNS server address?
Ans. In medium or large-scale industries administrators mostly deploy multiple DNS servers so that if one server fails entire network does not get affected because of lack of name resolution system. In such scenarios administrators specify preferred and alternate DNS server addresses to the client computers so that if because of any reason preferred DNS server fails to resolve the query, the query can be sent to the alternate DNS server for name resolution.
40. What are the DNS zone transfer options available in the Zone Transfers tab in Windows Server 2008 R2?
Ans. There are three options available in the Zone Transfers tab.
a) To any server
b) Only to servers listed on the Name Server Tab
c) Only to the following servers (Custom list of DNS server must be specified).
41. What is the newly added feature in Windows Server 2008 R2 which allows client computers to verify the authenticity of the DNS record?
Ans. DNSSEC is the feature which checks the integrity of DNS query responses through public key technologies.
42. What is the use of cache.dns file and where it is found?
Ans. Cache.dns file stores DNS cache which is used by DNS server to resolve names over intemet. It contains the list of available internet root servers. It can be located in %systemroot%\system32 DNS directory.
43. What is BIND in DNS?
Ans. Berkeley Internet Name Domain (BIND) is a means of transferring zone data that is used by UNIX based operating systems because they do not use fast transfer format. When Windows based computers perform zone transfer to UNIX based operating systems BIND is used. This option is enabled by default.
44. What is the difference between Forward Lookup and Reverse Lookup Zone?
Ans. Forward lookup zone is configured to resolve Fully Qualified Domain Names to IP addresses whereas Reverse lookup zone is configured to resolve IP addresses to Fully Qualified Domain Names.
45. In which condition can we store a DNS zone in Active Directory?
Ans. In any active directory oriented network infrastructure when an active directory domain controller also plays a role of DNS server, by default DNS database is stored in Active Directory database. This default DNS configuration is known as DNS integrated zone.
46. What is the difference between basic disk and dynamic disk?
Ans. One of the major differences between basic disks and dynamic disks is that dynamic disks can be used to implement Redundant Array of Inexpensive Disks (RAIDs) and are mostly used in production environments whereas normal disk types are mostly used in home environments. When an operating system is installed on a hard disk drive by default it is set as a basic disk. Administrators must manually convert basic disks to dynamic disks.
47. What is the difference between Network Attached Storage (NAS) and Direct Attached Storage (DAS)?
Ans. Network Attached Storage devices are those that are not directly connected to the computers and are centrally located and connected to the network. In such cases data is backed up and stored on these devices as per the schedule which remarkably reduces administrators' overhead that they would otherwise have to face if the devices were connected locally. These devices are helpful when there are multiple file servers and domain controllers in the network. Direct Attached Storage devices are the ones that are directly connected to the computers and backups are stored on them. These devices are useful when there is only one or maximum two file servers or domain controllers in a network.
48. What do you understand by Network Load Balancing Cluster?
Ans. Network Load Balancing or NLB is a cluster configuration that allows administrators to equally balance the load of traffic among all the members in a cluster. With the help of NLB, queries are distributed among the servers of a cluster on round robin basis. For example if there are three servers in a cluster namely A, B and C first query will be sent to server A. second to server B and third to server C. When the cluster receives fourth query it will be sent to server A and so on.
49. What is SMB?
Ans. Server Message Block or SMB is a protocol that is used to provide access to the shared resources located at the file servers. Sometimes SMB is also known as Common Internet File System or CIFS. SMB is an application layer protocol.
50. Why offline files are important?
Ans. Offline files are important if an organization has multiple users who work on part time basis and their job includes working from homes as well. In such cases administrators configure off-line files so that these mobile users can save cached copies of the files on their local machines on which they can work even when they are not connected to the office network
51. What are RAID volumes?
Ans. RAID volumes arc the hard disk drives that are logically bundled together to work as a single entity so as to provide fault tolerance and additional storage capacity. In order to implement RAIDs, hard disks must be converted to dynamic disk types.
52. What is Network File System (NFS)?
Ans. Network File System (NFS) is a protocol used to access shared resources efficiently. When any object or resource is accessed from a remote location, because of NFS the operating system looks at the remote entities as local objects or resources stored on a local storage media.
53. What is Cluster Shared Volumes (CSV)?
Ans. Cluster Shared Volumes is a feature which is introduced in Windows Server 2008 R2 and is used in conjunction with Hyper-V. With the help of this feature administrators can access multiple virtual hard disk files from all cluster nodes simultaneously.
99. What is UPN suffix?
Ans. User Principal Name or UPN Suffix is an alternate suffix that can be added to a domain user name. If there are multiple domains and domain trees in an active directory forest, a user account may have a lengthy UPN suffix, for example usernamekarootdomain.childdomain.com. With the help of alternate UPN suffix it can be usemarne@aiternateupnsufa.com. This makes it simpler for users to type their credentials.
100. What is the difference between local users and domain users?
Ans. In any computer when user accounts are stored and authenticated from the local Security Accounts Manager or SAM file they are known as local user accounts. On the other hand when the account credentials are sent to the domain controllers for authentication, such type of user accounts are known as domain user accounts.
However, I was able to accumulate only 100 questions, but Windows/AD is not at all limited to above questionnaire. It is so vast and ever expanding, so please take above set of interview questions as an example ONLY and don't limit your knowledge to above mentioned questions.
Disclaimer- Don't held me responsible, if you fail any Windows/AD interview, after reading above questions. Also, refer Microsoft Technical Documentation for updated and correct information.
1. What are fine grained policies in Windows Server 2008 R2?
Ans. Fine Grained Policies help administrators to specify different sets of policies for different users or groups. In earlier versions of Windows, operating systems only allowed administrators to assign group policies on Site, Domain or Organizational Unit level. With the release of Windows Server 2008 RTM/R2, feature of fine grained policies is introduced which allows administrators to assign policies on per-user or per-group basis.
2. Name the two built-in GPOs that arc by default created when AD DS is installed.
Ans. The two built-in GPOs are Default Domain Policy and Default Domain Controller Policy.
3. What is the difference between Default Domain Policy and Default Domain Controller Policy?
Ans. Default Domain Policy is applied throughout the domain and is effective on every object and organizational unit that a domain contains. On the other hand, Default Domain Controller Policy is linked only to Domain Controllers organizational unit and is applicable to all domain controllers that reside in that OU.
4. What are the two ways of deploying software through group policies?
Ans. Two ways to deploy software applications through group policies are:
a) Assigned (Computer Configuration and User Configuration): In this type of deployment applications automatically get installed as soon as computer starts or user logs on.
b) Published (User Configuration): In this deployment type users must manually install available applications by going to Add or Remove Programs in Control Panel of client computers.
5. What is the difference between assigning an application and publishing an application in Group Policy?
Ans. While deploying software applications through group policies, when the deployment type is set as assigned, applications automatically get installed as soon as the computers start or the users log on. On the other hand when the deployment type is set as published, users must go to Control Panel and must manually install the applications before they can use them.
6. What command is used to add client computers to a specific DHCP User Class?
Ans. IPCONFIG /SetClassID is the command that administrators must use on all client computers to add them to a specific DHCP User Class.
7. Which command line utility is used to administer Windows SharePoint Services?
Ans. Stsadm.exe is the command line utility that is used to administer Windows SharePoint Services (WSS).
8. What is Windows PowerShell?
Ans. Windows PowerShell was introduced with the release of Microsoft Windows Server 2008 RTM and is now carried forward to Microsoft Windows Server 2008 R2 operating system. Windows PowerShell provides CLI or Command Line Interface in which users and administrators can run commands. Moreover Windows PowerShell is a scripting platform which administrators can use to create and execute scripts to automate administrative tasks.
9. What are Starter GPOs?
Ans. A Starter GPO contains Administrative templates. Starter GPOs can be configured with the settings which administrators want to preconfigure while creating Group Policy Objects (GPOs). When administrators create GPOs they must configure every created GPO right from the scratch and some GPOs must have identical settings to be configured. Without Starter GPOs this would have been a tedious task. Starter GPOs allow administrators to configure identical settings just once and then the Starter GPOs can be called while creating GPOs.
10. Being an Administrator of DATACORP.COM you have configured a GPO named Desktop Lock that has following settings:
a) Remove Add or Remove Programs
b) Restrict Access to Control Panel
c) Prevent changing desktop wallpaper
You want to link it to an OU named Datacorp Users which also contains a child OU named Executives. What will you do to prevent Executives OU from inheriting settings from DesktopLock GPO?
Ans. A Parent Organizational Unit (OU) can contain multiple Child OUs. By default, when a GPO is linked to a parent OU its child OUs automatically inherit the settings. To prevent the settings from being inherited by child OUs, inheritance on child OUs must be blocked by the administrators manually.
11. You are an administrator at DATACORP.COM. For security reasons, you want that users cannot plug any USB or removable devices to the computers. What appropriate action you should take to do so?
Ans. A separate GPO in which removable and plug and play devices are restricted must be created and linked to the domain using Group Policy Management Console (GPMC). Furthermore, this GPO must be enforced by right clicking on the GPO and clicking Enforced option so that even if some OUs have been configured to block inheritance, this group policy setting still becomes applicable on them.
12. In which condition you are required to configure Loopback Policy Processing?
Ans. When an Organizational Unit (OU) is linked to the Group Policy Object (GPO) that has been configured with both User Configuration and Computer Configuration and administrators want that if a particular computer is shared in public places, such as reception area, only Computer Configuration takes precedence irrespective of the user account that logs on to the computer. In such cases Loopback Policy Processing is used which enforces Computer Configuration of the GPO to be applied on the publicly shared computer.
13. You want to install Microsoft Word 2007 on all your client computers in the network. How would you accomplish the task with least administrative overhead?
Ans. Installing MS Office package on every client computer individually would be a tedious task. In such case administrators must use Group Policies to deploy the package domain wide. They can choose either Published or Assigned mode to accomplish the task.
14. Why do we need to configure Disk Quota?
Ans. In complex production environments many times administrators configure roaming user pro-files and they configure user files to be saved on a centrally located file server. In order to re-strict and limit users from occupying large disk spaces, administrators mostly configure Disk Quotas so that users can only utilize the hard disk spaces that administrators manually assign to them.
15. What is the difference between Hard Quota and Soft Quota?
Ans. When administrators assign disk quotas they can choose any one of the two available options. They can either restrict users from saving files on the quota enabled volumes if they exceed their quota limits or they can allow users to continue saving their files even if their quota limits exceed, but with warning messages. When administrators restrict users from saving files on quota enabled volume this is known as Hard Quota and when users are allowed to save files even if the quota limit expires this is known as Soft Quota.
16. What is a Witness Disk?
Ans. Witness Disks are the shared volumes that contain copies of cluster configuration databases. In Windows Server 2003, Witness Disks were known as Quorum Disks. These disks are connected as a central storage media for the servers that participate as members of the cluster.
17. Which editions of Windows Sever 2008 R2 support failover clustering?
Ans. Only Enterprise and Datacenter editions of Windows Server 2008 R2 support Failover clustering.
18. What is Volume Shadow Copy?
Ans. Volume Shadow Copy is a feature integrated in Microsoft Windows operating systems that allows administrators to capture snapshots of the data which can be restored in case actual data is lost. Administrators must manually enable Volume Shadow Copy feature for each volume individually.
19. What is Bare Metal restore?
Ans. Bare Metal Restore is a technique through which administrators can restore all backed up data in a fresh machine that has no Operating System or software installed.
20. What is the command line tool used to performing an Active Directory authoritative restore?
Ans. Ntdsutil command is used to perform authoritative restore.
21. How can you perform a Non-Authoritative Restore?
Ans. Non-Authoritative Restore can be performed by navigating Windows Server backup console or by typing Wbadmin.exe on command line.
22. What is the main benefit of restoring Active Directory using Installation from Media (IFM) process?
Ans. With the help of Installation from Media (IFM) process, when an Active Directory is restored on a Windows Server 2008 R2 computer from a backup, it remarkably reduces administrator's overhead which they would otherwise have to face if they had to install Active Directory Domain Services on a bare metal machine and wait for replication to get all configuration and settings.
23. As an administrator of DATACORP.COM you need to create 200 domain user accounts. How will you complete the task with least administrative overhead?
Ans. As an administrator I shall create PowerShell or VBScripts to automate user creation task. In order to accomplish this, I will create a .ps1 file that will contain command to create user accounts. Once the file is created I will call it in PowerShell interface by using
24. Which command is used to manage SYSVOL replication when Forest Functional Level is Windows Server 2008 R2?
Ans. DFSRadmin.exe command is used to manage SYSVOL replication in Windows Server 2008 R2 when Forest Functional Level is raised to Windows Server 2008 R2. DFSR is also used during Active Directory replication. In legacy versions of Windows Network Operating Systems, File Replication Services (FRS) was used.
25. Which command-line utility is used to perform initial configuration of WDS (Windows Deployment Services) Server in Windows Server 2008 R2?
Ans. Wdsutil is the command-line utility through which we can configure WDS (Windows Deployment Services) Server.
26. Which command is used to enable Active Directory Recycle Bin feature in Windows Server 2008 R2?
Ans. We can type the following command in Windows Powershell module:
Enable-ADOptionalFeature -Identity <ADOptionalFeature> -Scope <ADOptionalFeatureScope> -Target <ADEntity>.
For ex-, if we want to enable Active Directory Recycle bin for mydomain.com domain, we should type:
Enable-ADOptionalFeature -Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com' -Scope ForestOrConfigurationSet -Target 'contoso.com'
27. What does OOBE command do?
Ans. When Windows Server 2008 R2 is installed, the very first window that appears on the screen is Initial Configuration Tasks. After administrators have configured their servers with appropriate settings they can disable the initialization of this window at every start up. However if because of any reason they still want to access this window they can type in Out-Of-Box Experience (OOBE) command in the search box or Run command box to initiate it.
28. Which command line tool is used to troubleshoot DNS server?
Ans. Nslookup command is used to troubleshoot DNS server from command line.
29. Through which command we can convert a Security Policy into a Group Policy Object (GPO)?
Ans. Scwcmd.exe transform command converts a Security Policy into a GPO.
30. Which command is used to update Group Policy settings on a client computer?
Ans. Gpupdate.exe or gpupdate /force command can be executed in the elevated command prompt on the client computer.
31. Which command is used to manage DNS server from command line?
Ans. Dnscmd command can be used to manage DNS server from command line utility.
32. Which command is used to renew an IP address assigned by DHCP server?
Ans. In order to renew dynamic IP address assigned by DHCP server ipconfig /renew command must be executed from the elevated command prompt.
33. Which command you must use to deploy Read Only Domain Controller (RODC)?
Ans. Although deployment of Read Only Domain Controller (RODC) can be made simpler through GUI, adprep /rodcprep command can be used to create RODC through command line interface.
34. Why do we initiate ipconfig /flushdns command?
Ans. It clears DNS cache from the client computers.
35. What is Global Names Zone?
Ans. GlobalNames Zone is a new feature introduced in Microsoft Windows Server 2008 which allows single label (NetBIOS) name resolution. This feature is introduced to replace WINS, hence completely eliminating its requirement.
36. Name the scopes available for DNS Zone replication in Active Directory infrastructure.
Ans. There are four scopes where DNS Zones can be replicated in Active Directory infrastructure: a) To all DNS servers in the Active Directory Forest b) To all DNS servers in the Active Directory Domain c) To all domain controllers in an Active Directory Domain d) To all domain controllers specified in the scope of the following application directory partition (Custom list required)
37. What are Name Servers?
Ans. Name Server is a dedicated computer that is responsible to resolve DNS queries initiated by client computers. Sometimes DNS server is also referred as Name Server.
38. What is the use of LMhosts file?
Ans. Lmhost file is used to resolve NetBIOS names to their respective IP addresses. IP addresses must be manually specified in the Lmhost file.
39. Why should you configure alternate DNS server address?
Ans. In medium or large-scale industries administrators mostly deploy multiple DNS servers so that if one server fails entire network does not get affected because of lack of name resolution system. In such scenarios administrators specify preferred and alternate DNS server addresses to the client computers so that if because of any reason preferred DNS server fails to resolve the query, the query can be sent to the alternate DNS server for name resolution.
40. What are the DNS zone transfer options available in the Zone Transfers tab in Windows Server 2008 R2?
Ans. There are three options available in the Zone Transfers tab.
a) To any server
b) Only to servers listed on the Name Server Tab
c) Only to the following servers (Custom list of DNS server must be specified).
41. What is the newly added feature in Windows Server 2008 R2 which allows client computers to verify the authenticity of the DNS record?
Ans. DNSSEC is the feature which checks the integrity of DNS query responses through public key technologies.
42. What is the use of cache.dns file and where it is found?
Ans. Cache.dns file stores DNS cache which is used by DNS server to resolve names over intemet. It contains the list of available internet root servers. It can be located in %systemroot%\system32 DNS directory.
43. What is BIND in DNS?
Ans. Berkeley Internet Name Domain (BIND) is a means of transferring zone data that is used by UNIX based operating systems because they do not use fast transfer format. When Windows based computers perform zone transfer to UNIX based operating systems BIND is used. This option is enabled by default.
44. What is the difference between Forward Lookup and Reverse Lookup Zone?
Ans. Forward lookup zone is configured to resolve Fully Qualified Domain Names to IP addresses whereas Reverse lookup zone is configured to resolve IP addresses to Fully Qualified Domain Names.
45. In which condition can we store a DNS zone in Active Directory?
Ans. In any active directory oriented network infrastructure when an active directory domain controller also plays a role of DNS server, by default DNS database is stored in Active Directory database. This default DNS configuration is known as DNS integrated zone.
46. What is the difference between basic disk and dynamic disk?
Ans. One of the major differences between basic disks and dynamic disks is that dynamic disks can be used to implement Redundant Array of Inexpensive Disks (RAIDs) and are mostly used in production environments whereas normal disk types are mostly used in home environments. When an operating system is installed on a hard disk drive by default it is set as a basic disk. Administrators must manually convert basic disks to dynamic disks.
47. What is the difference between Network Attached Storage (NAS) and Direct Attached Storage (DAS)?
Ans. Network Attached Storage devices are those that are not directly connected to the computers and are centrally located and connected to the network. In such cases data is backed up and stored on these devices as per the schedule which remarkably reduces administrators' overhead that they would otherwise have to face if the devices were connected locally. These devices are helpful when there are multiple file servers and domain controllers in the network. Direct Attached Storage devices are the ones that are directly connected to the computers and backups are stored on them. These devices are useful when there is only one or maximum two file servers or domain controllers in a network.
48. What do you understand by Network Load Balancing Cluster?
Ans. Network Load Balancing or NLB is a cluster configuration that allows administrators to equally balance the load of traffic among all the members in a cluster. With the help of NLB, queries are distributed among the servers of a cluster on round robin basis. For example if there are three servers in a cluster namely A, B and C first query will be sent to server A. second to server B and third to server C. When the cluster receives fourth query it will be sent to server A and so on.
49. What is SMB?
Ans. Server Message Block or SMB is a protocol that is used to provide access to the shared resources located at the file servers. Sometimes SMB is also known as Common Internet File System or CIFS. SMB is an application layer protocol.
50. Why offline files are important?
Ans. Offline files are important if an organization has multiple users who work on part time basis and their job includes working from homes as well. In such cases administrators configure off-line files so that these mobile users can save cached copies of the files on their local machines on which they can work even when they are not connected to the office network
51. What are RAID volumes?
Ans. RAID volumes arc the hard disk drives that are logically bundled together to work as a single entity so as to provide fault tolerance and additional storage capacity. In order to implement RAIDs, hard disks must be converted to dynamic disk types.
52. What is Network File System (NFS)?
Ans. Network File System (NFS) is a protocol used to access shared resources efficiently. When any object or resource is accessed from a remote location, because of NFS the operating system looks at the remote entities as local objects or resources stored on a local storage media.
53. What is Cluster Shared Volumes (CSV)?
Ans. Cluster Shared Volumes is a feature which is introduced in Windows Server 2008 R2 and is used in conjunction with Hyper-V. With the help of this feature administrators can access multiple virtual hard disk files from all cluster nodes simultaneously.
54. What is dynamic routing?
Ans. When entries in routing table are managed through protocols such as Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) the process is known as dynamic routing. When dynamic routing is configured, routers automatically choose best path to forward packets to their destinations.
55. What do you understand by NAT?
Ans. Network Address Translation or NAT is the process through which, in most cases, a single public IP address is shared among multiple computers on a local area network that have been assigned with the private IP addresses by the administrators.
56. What is OSI reference model?
Ans. The Open System Interconnection (OSI) reference model was first developed by the International Standard Organizations in early 1980's. It was designed to allow communication between two computers efficiently and in a secure way. The OSI reference model defines the process of how data should be transferred between two networking devices of different vendors. According to OSI reference model, data that is transferred between two computers or networking devices is manipulated on all its seven layers accordingly.
57. How many layers does OSI reference model contain?
Ans. OSI reference model has seven layers in all, namely:
a) Physical Layer
b) Data Link Layer
c) Network Layer
d) Transport Layer
e) Session Layer
f) Presentation Layer
g) Application Layer
58. What is the difference between TCP and UDP?
Ans. TCP stands for Transmission Control Protocol and is connection oriented which means that it verifies if the destination computer is connected before it starts sending the packets. UDP or User Datagram Protocol on the other hand is connectionless protocol that sends packets to the destination computer without checking the connection state.
59. How many layers does TCP/IP Protocol Stack contain?
Ans. TCP/IP Protocol Stack contains lout layers, namely Application, Transport, Internet and Network
60. Routers function at which layer of OSI reference model?
Ans. Since routers mostly deal with IP addresses, they function at third layer of OSI reference model.
61. What are routing protocols?
Ans. Routing protocols are the protocols that help routers communicate with each other and share their routing tables.
62. What are port numbers?
Ans. Port numbers are the logical gates identified by numeric characters. These logical gates are used when a computer receives or sends information. Because of port numbers computers accept or deny the packets depending on the configuration in the firewalls or routers. For example if an administrator has blocked port number 23 on a router, it cannot accept telnet requests whatsoever.
63. Name the types of wireless topologies.
Ans. There are two wireless topologies that can be used while establishing WLAN infrastructure, namely Ad-hoc and Infrastructure.
64. What do you understand by the term VLAN?
Ans.VLAN or Virtual LAN is a term and configuration mostly used in Cisco platforms. With the help of VLAN, a managed LAN switch is divided into multiple logical switches. Technically every LAN port of a switch has its own broadcast domain. VLANS are mostly configured in large production environment and where multiple subnets are deployed by the administrators.
65. What is the difference between network and subnet?
Ans. Network can be considered a container for single or multiple subnets of different IP address ranges whereas a subnet is a part of a network that has a specific IP address range. For example a network may have an IP address 192.168.0.0/26 and 192.168.0.0. 192.168.0.63/26 is a subnet in the network.
66. What is the major difference between Tracert and Pathping command?
Ans. Tracert is a tool that is used to determine the route of the packets. It only gives the information about the routers (hops) through which the packet passes to reach its destination. On the other hand, Pathping not only traces the route but also shows the time taken by the packets sent to each hop (router), hence checking the connection state as well. It gives complete information about the number of packets which are dropped and also about the packets that successfully reached their destinations.
67. What is the difference between Multicast and Broadcast?
Ans. Multicast is the process in which a message is transmitted to a group or set of computers whereas in Broadcast the message is transmitted to all computers.
68. Which protocol does IPv4 use to resolve broadcast addresses into Media Access Control (MAC) addresses of NICs?
Ans. Address Resolution Protocol (ARP) is used to resolve broadcast addresses into MAC addresses.
69. You want to promote one of your Windows Server 2008 R2 machine as a Domain Controller. Which command you will type to do so?
Ans. You can initiate this process by adding the Active Directory Domain Services server role to the server and then you can execute DCPromo command. Alternatively you can type DCPROMO.EXE command directly in the Run command box to kick start AD DS installation wizard.
70. Which command would you use to add or remove roles in Windows Server 2008 R2 Server Core?
Ans. Ocsetup.exe command is used to add or remove roles in Windows Server 2008 R2 Server Core Edition except for Active Directory Domain Services (AD DS), which is added by using Dcpromo.exe command.
71. You are the Administrator of a company named DATACORP.COM. It contains Windows Server 2008 R2 promoted as a Domain Controller and configured as Global Catalog (GC) which also holds all five operation master roles. You have also deployed another Domain Controller in your domain. However, it is not configured as GC. What Flexible Single Master Operations (FSMO) Role should you transfer to the non-GC domain controller?
Ans. Infrastructure Master Role must be transferred to the non-GC domain controller. This step is mandatory because if Infrastructure Master and Global Catalog remain on the same server, Infrastructure Master would not update NTDS.dit file when GC updates itself. This role transfer step is not necessary if there is only one Domain Controller in the network.
72. What are the pre-requisites to add a computer to the domain?
Ans. A computer must have physical connection to the network, it must have IP address and appropriate DNS address assigned to it, user who wishes to add the computer to a domain must have administrative privileges on the local computer and must have any domain user account credentials for domain authentication while adding.
Ans. When entries in routing table are managed through protocols such as Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) the process is known as dynamic routing. When dynamic routing is configured, routers automatically choose best path to forward packets to their destinations.
55. What do you understand by NAT?
Ans. Network Address Translation or NAT is the process through which, in most cases, a single public IP address is shared among multiple computers on a local area network that have been assigned with the private IP addresses by the administrators.
56. What is OSI reference model?
Ans. The Open System Interconnection (OSI) reference model was first developed by the International Standard Organizations in early 1980's. It was designed to allow communication between two computers efficiently and in a secure way. The OSI reference model defines the process of how data should be transferred between two networking devices of different vendors. According to OSI reference model, data that is transferred between two computers or networking devices is manipulated on all its seven layers accordingly.
57. How many layers does OSI reference model contain?
Ans. OSI reference model has seven layers in all, namely:
a) Physical Layer
b) Data Link Layer
c) Network Layer
d) Transport Layer
e) Session Layer
f) Presentation Layer
g) Application Layer
58. What is the difference between TCP and UDP?
Ans. TCP stands for Transmission Control Protocol and is connection oriented which means that it verifies if the destination computer is connected before it starts sending the packets. UDP or User Datagram Protocol on the other hand is connectionless protocol that sends packets to the destination computer without checking the connection state.
59. How many layers does TCP/IP Protocol Stack contain?
Ans. TCP/IP Protocol Stack contains lout layers, namely Application, Transport, Internet and Network
60. Routers function at which layer of OSI reference model?
Ans. Since routers mostly deal with IP addresses, they function at third layer of OSI reference model.
61. What are routing protocols?
Ans. Routing protocols are the protocols that help routers communicate with each other and share their routing tables.
62. What are port numbers?
Ans. Port numbers are the logical gates identified by numeric characters. These logical gates are used when a computer receives or sends information. Because of port numbers computers accept or deny the packets depending on the configuration in the firewalls or routers. For example if an administrator has blocked port number 23 on a router, it cannot accept telnet requests whatsoever.
63. Name the types of wireless topologies.
Ans. There are two wireless topologies that can be used while establishing WLAN infrastructure, namely Ad-hoc and Infrastructure.
64. What do you understand by the term VLAN?
Ans.VLAN or Virtual LAN is a term and configuration mostly used in Cisco platforms. With the help of VLAN, a managed LAN switch is divided into multiple logical switches. Technically every LAN port of a switch has its own broadcast domain. VLANS are mostly configured in large production environment and where multiple subnets are deployed by the administrators.
65. What is the difference between network and subnet?
Ans. Network can be considered a container for single or multiple subnets of different IP address ranges whereas a subnet is a part of a network that has a specific IP address range. For example a network may have an IP address 192.168.0.0/26 and 192.168.0.0. 192.168.0.63/26 is a subnet in the network.
66. What is the major difference between Tracert and Pathping command?
Ans. Tracert is a tool that is used to determine the route of the packets. It only gives the information about the routers (hops) through which the packet passes to reach its destination. On the other hand, Pathping not only traces the route but also shows the time taken by the packets sent to each hop (router), hence checking the connection state as well. It gives complete information about the number of packets which are dropped and also about the packets that successfully reached their destinations.
67. What is the difference between Multicast and Broadcast?
Ans. Multicast is the process in which a message is transmitted to a group or set of computers whereas in Broadcast the message is transmitted to all computers.
68. Which protocol does IPv4 use to resolve broadcast addresses into Media Access Control (MAC) addresses of NICs?
Ans. Address Resolution Protocol (ARP) is used to resolve broadcast addresses into MAC addresses.
69. You want to promote one of your Windows Server 2008 R2 machine as a Domain Controller. Which command you will type to do so?
Ans. You can initiate this process by adding the Active Directory Domain Services server role to the server and then you can execute DCPromo command. Alternatively you can type DCPROMO.EXE command directly in the Run command box to kick start AD DS installation wizard.
70. Which command would you use to add or remove roles in Windows Server 2008 R2 Server Core?
Ans. Ocsetup.exe command is used to add or remove roles in Windows Server 2008 R2 Server Core Edition except for Active Directory Domain Services (AD DS), which is added by using Dcpromo.exe command.
71. You are the Administrator of a company named DATACORP.COM. It contains Windows Server 2008 R2 promoted as a Domain Controller and configured as Global Catalog (GC) which also holds all five operation master roles. You have also deployed another Domain Controller in your domain. However, it is not configured as GC. What Flexible Single Master Operations (FSMO) Role should you transfer to the non-GC domain controller?
Ans. Infrastructure Master Role must be transferred to the non-GC domain controller. This step is mandatory because if Infrastructure Master and Global Catalog remain on the same server, Infrastructure Master would not update NTDS.dit file when GC updates itself. This role transfer step is not necessary if there is only one Domain Controller in the network.
72. What are the pre-requisites to add a computer to the domain?
Ans. A computer must have physical connection to the network, it must have IP address and appropriate DNS address assigned to it, user who wishes to add the computer to a domain must have administrative privileges on the local computer and must have any domain user account credentials for domain authentication while adding.
73. What is pre-staging?
Ans. Pre-staging means a computer account is manually created in a domain before the client computer is actually added to it. This helps administrators place computer accounts in the desired OU and apply appropriate group policies on them.
74. How many types of Operation Master Roles are there in a forest?
Ans. There are five Operation Master Roles in an Active Directory forest and are divided in two main categories.
a) Forest Wide Roles:
i) Schema Master: Schema Master is responsible for the changes that are made to the schema of the forest.
ii)Domain Naming Master: Domain Naming Master is responsible for adding or removing domains in the forest. It also checks if any domain name already exists in the forest while creating a new domain.
b) Domain Wide Roles:
i) PDC Emulator: Primary Domain Controller (PDC) Emulator is responsible for password updates, time synchronization and manages Group Policy updates within a Domain.
ii) RID Master: RID (Relative ID) Master is responsible for issuing Security Identifiers (SIDs) for the objects in the domain. SIDs are issued by RID Master in the lot of 500.
iii) Infrastructure Master: Infrastructure Master maintains the records of modifications of the groups or users of other domains in the forest.
75. How many types of Active Directory partitions are there?
Ans. Active Directory has four partitions namely:
a) Domain Partition: Contains information about all the domain objects including Users, Groups, Published Folders, etc.
b) Schema Partition: It maintains records for all attributes of all object classes forest wide.
c) Application Directory Partition: Creates and manages active directory replication topologies it also maintains records for DNS replication scopes.
d) Configuration Partition: Maintains and manages the logical structure of the forests. Logical structure may include structures of domains, etc. Configuration partition also contains information about physical structure such as subnets, sites, etc.
76. In which case you should enable Universal Group Membership Caching (UGMC) in a site?
Ans. When a domain or forest is expanded at distant geographical locations multiple sites are created and configured accordingly. It is recommended that Global Catalog server must be present in every site but sometimes if the two branches are connected to each other via slow WAN link, synchronization between two Global Catalog servers consumes a decent amount of time and Internet bandwidth. To avoid such situations Universal Group Membership Caching should be enabled on the servers located at branch offices which can then cache the information of Global Catalog server present in the main branch.
77. How many Forest Functional Levels does Windows Server 2008 R2 have?
Ans. Windows Server 2008 R2 has four Forest Functional Levels as written below:
a) Windows 2000: This FFL must be configured on Windows Server 2008 R2 if the forest contains Domain Controllers that run Windows 2000 Servers, Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2.
b) Windows Server 2003: This FFL must be configured if Windows Server 2008 R2 domain controller is to be installed in the forest that already has domain controllers that run Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 operating systems.
c) Windows Server 2008: This FFL can be configured when the forest has existing Windows Server 2008 and Windows Server 2008 R2 domain controllers.
d) Windows Server 2008 R2: This FFL can be used if the forest has existing Windows Server 2008 R2 domain controllers only. This can also be configured if administrators plan to use Windows Server 2008 R2 operating systems only for future expansions.
78. Which Operation Master role is responsible for time synchronization and password changing?
Ans. PDC Emulator is the Operation Master Role in Windows Server 2008 R2 Active Directory infrastructure that is responsible for time synchronization and password changes.
77. What do you understand by the term Certificate Revocation?
Ans.Certificate Revocation is when a certificate is either expired or is revoked manually by the ad. ministrators because of inappropriate acts initiated by the users. When a certificate is revoked its information is updated in Certificate Revocation List or CRL.
78. What is the function of Infrastructure Master Role?
Ans. Infrastructure Master regularly communicates with Global Catalog server on the network and updates itself with the latest partial information of the objects located in other domains. If there are multiple domain controllers present in a network, server holding Infrastructure Master role must not be the same computer that is also a Global Catalog server.
79. What is symmetric encryption?
Ans. Symmetric encryption is the encryption method where same encryption key is used to encrypt and decrypt data.
80. What is Asymmetric encryption?
Ans. Asymmetric encryption is the process of encryption where a key pair is used to encrypt or decrypt data. In asymmetric encryption type public and private keys are used for encryption and decryption and information encrypted using public key can only be decrypted using the corresponding private key and vice versa.
81. What do you understand by single sign on (SSO)?
Ans. Single Sign On or SSO is a feature that administrators use to allow users to access objects on different domains or forests without providing credentials every time they access them. Active Directory Federation Services or ADFS must be installed to configure SSO. Example may include some sites that also allow users to logon using Facebook credentials.
82. What do you understand by Network Device Enrollment Service (NDES)?
Ans. Network Device Enrollment Service is a service through which Routers and Switches can also be a part of Public Key Infrastructure (PKI). It uses a protocol known as Simple Certificate Enrollment Protocol (SCEP) developed by Cisco which helps devices and users to auto-enroll digital certificates for authentication purposes.
83. What is the difference between trusted domain and trusting domain?
Ans. A trusting domain is the one that allows users from trusted domains to access its objects whereas trusted domains are the ones users of which are allowed to access the objects that reside in trusting domains. By default two-way trust is automatically established between the two domains that reside in a single Active Directory forest.
84. What is a pre-shared key?
Ans. Pre-shared key is a numeric and alphanumeric key combination that is stored in clear text (unencrypted format) and is used to pair or authenticate two devices before actual communication takes place between them. In most production environments use of pre-shared key is not at all recommended however it can be used for testing purposes.
85. What is Integrated Windows Authentication?
Ans. Integrated Windows Authentication is a process through which Microsoft products use Windows user accounts to allow access to the users. Integrated Windows Authentication is mostly used in IIS where credentials of active directory user accounts are used.
86. What are bridgehead servers?
Ans. A Bridgehead server is a dedicated domain controller in every site that communicates with the bridgehead server of other site for active directory replication.
87. What is the function of Key Recovery Agent (KRA)?
Ans. While encrypting files or folders encryption keys are used. Encryption keys are also used to decrypt files or folders when users need access to them. If because of any reason encryption keys are lost encrypted files or folders become permanently inaccessible. To avoid these situations Key Recovery Agents or KRAs are configured which are capable of recovering the lost encryption keys.
88. What is Client Certificate Authentication method?
Ans. Client Certificate Authentication is a method that enables Web-based Client computers to verify themselves on the Web servers. In this method client computers are authenticated by the Web server through the security certificate installed on them. Certificates are issued to the client computers either by local or third-party trusted Certificate Authorities (CAs), e.g. VeriSign.
89. What is Selective Authentication?
Ans. Selective Authentication is the feature in Windows Server 2008 R2 which, when enabled, allows administrators to specify which user accounts are authorized to access shared resources from other forests while establishing trust relationships between them.
90. What is a trust?
Ans. In an active directory forest, trust is when two domains or forests allow users from other domains or forests to access their objects. In an active directory forest, if there are multiple domains, a two-way trust is automatically established between the domains. If an organization has multiple forests, administrators must manually establish trusts between them.
91. What are the prerequisites for deploying AD FS (Active Directory Federation Services)?
Ans. Each participating active directory forest must have the following prerequisites for deploying AD FS:
a) Domain Controller = 1
b) Member server hosting internal AD FS = 1
c) Member server hosting AD FS proxy server = 1
d) Microsoft SQL Server 2005 = 1
92. What is the use of Active Directory Recycle Bin in Windows Server 2008 R2?
Ans. Active Directory Recycle Bin is the new feature in Windows Server 2008 R2. It allows administrators to recover Active Directory objects when they are deleted accidentally.
93. What is Distinguished Name?
Ans. Distinguished Name is a combination of strings and attributes, mainly used by LDAP for recognizing LDAP objects. It is a sequence of Relative Distinguished Names (RDN), which is separated by commas. An e.g. of Distinguished Name is DN = CN=John,OU=Sales,DC=Abc,DC=Com where CN=John, OU=Sales, DC=Abc and DC=Com are individual RDNs for above DN.
94. What is Auto Enrollment?
Ans. Auto Enrollment is a process by which computers and users automatically enroll themselves for certificates and smart cards. Auto Enrollment can be configured through group policy.
95. What are the two types of Replication Transport Protocols in Active Directory Sites and Services snap-in?
Ans. Directory Service Remote Procedure Call (DS-RPC): DS- RPC is used for Intrasite and Intersite Replication and it appears as IP subcontainer under Inter-Site Transports container in Active Directory Sites and Services snap-in. InterSite Messaging-Simple Mail Transfer Protocol (ISM-SMTP): ISM-SMTP is used for intersite messaging.
96. What is a Global Catalog Server?
Ans. A Global Catalog Server contains partial information and/or replica of every active directory object in every domain in a forest.
97. What is the function of Schema Master?
Ans. Schema Master Role is responsible for the changes in schema in a Forest. It controls and maintains all modification and updates to the schema. An example may be the additional attribute for e-mail address that becomes available once Exchange Server is installed in an Active Directory forest.
98. Which protocol is used by AD LDS?
Ans. Lightweight Directory Access Protocol (LDAP) is used by AD LDS that works on port TCP 389.
89. What is Selective Authentication?
Ans. Selective Authentication is the feature in Windows Server 2008 R2 which, when enabled, allows administrators to specify which user accounts are authorized to access shared resources from other forests while establishing trust relationships between them.
90. What is a trust?
Ans. In an active directory forest, trust is when two domains or forests allow users from other domains or forests to access their objects. In an active directory forest, if there are multiple domains, a two-way trust is automatically established between the domains. If an organization has multiple forests, administrators must manually establish trusts between them.
91. What are the prerequisites for deploying AD FS (Active Directory Federation Services)?
Ans. Each participating active directory forest must have the following prerequisites for deploying AD FS:
a) Domain Controller = 1
b) Member server hosting internal AD FS = 1
c) Member server hosting AD FS proxy server = 1
d) Microsoft SQL Server 2005 = 1
92. What is the use of Active Directory Recycle Bin in Windows Server 2008 R2?
Ans. Active Directory Recycle Bin is the new feature in Windows Server 2008 R2. It allows administrators to recover Active Directory objects when they are deleted accidentally.
93. What is Distinguished Name?
Ans. Distinguished Name is a combination of strings and attributes, mainly used by LDAP for recognizing LDAP objects. It is a sequence of Relative Distinguished Names (RDN), which is separated by commas. An e.g. of Distinguished Name is DN = CN=John,OU=Sales,DC=Abc,DC=Com where CN=John, OU=Sales, DC=Abc and DC=Com are individual RDNs for above DN.
94. What is Auto Enrollment?
Ans. Auto Enrollment is a process by which computers and users automatically enroll themselves for certificates and smart cards. Auto Enrollment can be configured through group policy.
95. What are the two types of Replication Transport Protocols in Active Directory Sites and Services snap-in?
Ans. Directory Service Remote Procedure Call (DS-RPC): DS- RPC is used for Intrasite and Intersite Replication and it appears as IP subcontainer under Inter-Site Transports container in Active Directory Sites and Services snap-in. InterSite Messaging-Simple Mail Transfer Protocol (ISM-SMTP): ISM-SMTP is used for intersite messaging.
96. What is a Global Catalog Server?
Ans. A Global Catalog Server contains partial information and/or replica of every active directory object in every domain in a forest.
97. What is the function of Schema Master?
Ans. Schema Master Role is responsible for the changes in schema in a Forest. It controls and maintains all modification and updates to the schema. An example may be the additional attribute for e-mail address that becomes available once Exchange Server is installed in an Active Directory forest.
98. Which protocol is used by AD LDS?
Ans. Lightweight Directory Access Protocol (LDAP) is used by AD LDS that works on port TCP 389.
99. What is UPN suffix?
Ans. User Principal Name or UPN Suffix is an alternate suffix that can be added to a domain user name. If there are multiple domains and domain trees in an active directory forest, a user account may have a lengthy UPN suffix, for example usernamekarootdomain.childdomain.com. With the help of alternate UPN suffix it can be usemarne@aiternateupnsufa.com. This makes it simpler for users to type their credentials.
100. What is the difference between local users and domain users?
Ans. In any computer when user accounts are stored and authenticated from the local Security Accounts Manager or SAM file they are known as local user accounts. On the other hand when the account credentials are sent to the domain controllers for authentication, such type of user accounts are known as domain user accounts.
However, I was able to accumulate only 100 questions, but Windows/AD is not at all limited to above questionnaire. It is so vast and ever expanding, so please take above set of interview questions as an example ONLY and don't limit your knowledge to above mentioned questions.
Disclaimer- Don't held me responsible, if you fail any Windows/AD interview, after reading above questions. Also, refer Microsoft Technical Documentation for updated and correct information.
No comments:
Post a Comment