Active Directory (AD) Interview Questions and Answers- Part-3

45. Where is Gpt Stored?

Answer-%SystemRoot%SYSVOLsysvoldomainnamePoliciesGUID

46. Tell Me What Should I Do If The Dc Points To Itself For Dns, But The Srv Records Still Do Not Appear In The Zone?

Answer-Check for a disjointed namespace, and then run Netdiag.exe /fix. You must install Support Tools from the Windows 2008 R2 Server CD-ROM to run Netdiag.exe.

47. What is GPT And GPC?

Answer-GPT : Group policy template.
              GPC : Group policy container.

48. Tell Me What If My Windows 2000 Or Windows Server 2003 Dns Server Is Behind A Proxy Server Or Firewall?

Answer-If you are able to query the ISP’s DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.

49. Explain What Is The Difference Between Local, Global And Universal Groups?

Answer-Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.

50. Do You Know What Is The “.” Zone In My Forward Lookup Zone?

Answer-This setting designates the Windows 2000 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

51. Define Lsdou?

Answer-It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units

52.  Define Attribute Value?

Answer-An object’s attribute is set concurrently to one value at one master, and another value at a second master.

53. What is Netdom?

Answer-NETDOM is a command-line tool that allows management of Windows domains and trust relationships

54. Do You Know How Kerberos V5 Works?

Answer-The Kerberos V5 authentication mechanism issues tickets (A set of identification data for a security principle, issued by a DC for purposes of user authentication. Two forms of tickets in Windows 2000 are ticket-granting tickets (TGTs) and service tickets) for accessing network services. These tickets contain encrypted data, including an encrypted password, which confirms the user’s identity to the requested service.

55. What is Adsiedit?

Answer-ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory tool lets you view objects and attributes that are not exposed in the Active Directory Management Console.

56. What is Kerberos V5 Authentication Process?

Answer-Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos V5 protocol verifies both the identity of the user and network services. This dual verification is known as mutual authentication.

57. Define The Schema Master Failure?

Answer-Temporary loss of the schema operations master will be visible only if we are trying to modify the schema or install an application that modifies the schema during installation. A DC whose schema master role has been seized must never be brought back online.

58. What is Replmon?

Answer-Replmon is the first tool you should use when troubleshooting Active Directory replication issues

59. How To Find Fsmo Roles?

Answer-Netdom query fsmo OR Replmon.exe

60. Describe The Infrastructure Fsmo Role?

Answer-When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference.

61. What are The Advantages Of Active Directory Sites?

Answer-Active Directory Sites and Services allow you to specify site information. Active Directory uses this information to determine how best to use available network resources.

62. Define Edb.chk?

Answer-This is the checkpoint file used to track the data not yet written to database file. This indicates the starting point from which data is to be recovered from the log file, in case of failure.

63. Define Edb.log?

Answer-This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to EDBnnnn.log. Where nnnn is the increasing number starting from 1.

64. How To View All The Gcs In The Forest?

Answer-repadmin.exe /options * and use IS_GC for current domain options.
nltest /dsgetdc:corp /GC

65 . What Is The Kcc (knowledge Consistency Checker)?

Answer-The KCC generates and maintains the replication topology for replication within sites and between sites. KCC runs every 15 minutes.

66. What Is Schema Information In Active Directory?

Answer-Definitional details about objects and attributes that one CAN store in the AD. Replicates to all DCs. Static in nature.

If you have any questions feel free to contact me on admin@windowstechno.com also follow me on facebook @windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

Leave a Reply