Active Directory (AD) Interview Questions and Answers- Part-5

77. What is Active Directory Partitions?

Answer-Active Directory database divided in logical parts and each logical parts called as Active directory partitions.

78. What are all the Active Directory Partitions?


Application partition

89. What is use Active Directory Partitions? Or
How to find the Active Directory Partitions and there location?

Answer-Schema Partition – It store details about objects and attributes. Replicates to all domain controllers in the Forest

DN location is CN=Schema,CN=Configuration,DC=Domainname, DC=com

Configuration Partition – It store details about the AD configuration information like, Site, site-link, subnet and other replication topology information. Replicates to all domain controllers in the Forest

DN Location is CN=Configuration,DC=Domainname,DC=com

Domain Partitions – object information for a domain like user, computer, group, printer and other Domain specific information. Replicates to all domain controllers within a domain

DN Location is DC=Domainname,DC=com

Application Partition – information about applications in Active Directory. Like AD integrated DNS is used there are two application partitions for DNS zones – ForestDNSZones and DomainDNSZones.

90. How to configure Active Directory Partitions?
Answer-You can only configure the Application partition manually to use with AD integrated applications, refer to this article for details on that

91. How to take active directory backup?
Answer-System state backup will backup the Active Directory, NTbackup can be used to backup active directory

92. What does System state contains.

Answer- A System State backup includes the following components:

  • Boot files, including the system files, and all files protected by Windows File Protection (WFP)
  • Active Directory (on a domain controller only)
  • Sysvol (on a domain controller only)
  • Certificate Services (on certification authority only)
  • Cluster database (on a cluster node only)
  • The registry
  • Performance counter configuration information
  • Component Services Class registration database

93. Active Directory restores types?


Authoritative restore
Non-authoritative restore

Authoritative restore
An authoritative restore is next step of the non-authoritative restore process. We have do non-authoritative restore before you can perform an authoritative restore. The main difference is that an authoritative restore has the ability to increment the version number of the attributes of all objects or an individual object in an entire directory, this will make it authoritative restore an object in the directory. This can be used to restore a single deleted user/group and event an entire OU.

In a non-authoritative restore, after a domain controller is back online, it will contact its replication partners to determine any changes since the time of the last backup. However the version number of the object attributes that you want to be authoritative will be higher than the existing version numbers of the attribute, the object on the restored domain controller will appear to be more recent and therefore, restored object will be replicated to other domain controllers in the Domain

Non-authoritative restore
Non-authoritative restore is restore the domain controller to its state at the time of backup, and allows normal replication to overwrite restored domain controller with any changes that have occurred after the backup. After system state restore, domain controller queries its replication partners and get the changes after backup date, to ensure that the domain controller has an accurate and updated copy of the Active Directory database.
Non-authoritative restore is the default method for restoring Active Directory, just a restore of system state is non-authoritative restore and mostly we use this for Active Directory data loss or corruption.

94. How perform a non-authoritative restore?
Answer-Just start the domain controller in Directory Services Restore Mode and perform system state restore from backup

95. How perform a authoritative restore?
Answer- Unlike a non-authoritative restore, an authoritative restores need to Ntdsutil.exe to increment the version number of the object attributes

96. What are Active Directory Partitions can be restored?
Answer- You can authoritatively restore only objects from configuration and domain partition. Authoritative restores of schema-naming contexts are not supported.

97. How many domain controllers need to back up? Or which domain controllers to back up?
Answer-Minimum requirement is to back up two domain controllers in each domain, one should be an operations master role holder DC, no need to backup RID Master (relative ID) because RID master should not be restored

98. Can we restore backup of domain controller to other/different domain controller?
Answer-Backup of one domain controller can’t be restoring to other domain controller, should be restored to same domain controller

If you have any questions feel free to contact me on also follow me on facebook @windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

Leave a Reply