What is Group Policy?
Group Policy is to apply one or more desired configurations or policy settings to a set of targeted users and computers within an Active Directory environment.
No Override - This prevents child containers from overriding policies set at higher levels
Block Inheritance - Stops containers inheriting policies from parent containers
What is the KCC (Knowledge consistency checker)
The KCC generates and maintains the replication topology for replication within sites and between sites. KCC runs every 15 minutes.
What is the ISTG - Intersite topology generator?
DHCP Superscope:
A stub zone
It is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
What is a Flexible Single Master Operation?
It is a role that only one DC can (or should) hold at any given time within its boundary.
Schema Master - Use MMC "Active Directory Schema Snap-in". The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory.
Domain Naming Master - Use "Active Directory Domains and Trusts". It controls the addition or removal of domains in the forest.
Primary Domain Controller (PDC) Emulator - Use the "ADUC" . The PDC emulator is necessary to synchronize time in an enterprise.
Relative ID Master (RID Master) - Use "ADUC". All objects have a SID and a domain SID. The RID assigns relative IDs to each domain controller.
Infrastructure Master - Use the "ADUC". Updates group membership information when users from other domains are moved or renamed.
The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold.
How to transfer FSMO Roles?
ntdsutil - type roles - connections - connect servername - q - type transfer role - at the fsmo maintenance prompt - type trasfer rid master
How to Seize FSMO Roles?
ntdsutil - type roles - connections - connect servername - q - type seize role - at the fsmo maintenance prompt - type seize rid master
What the the Directory Partitions?
Schema Partition:
Only one schema partition exists per forest. The schema partition is stored on all domain controllers in a forest. It contains definitions of all objects and attributes that can be created in the directory.
Configuration Partition:
There is only one configuration partition per forest. the configuration partition contains information about the forest-wide active directory structure.
Domain Partition:
Many domain partitions can exist per forest. Domain partitions are stored on each domain controller in a given domain. A domain partition contains information about users, groups, computers, and organizational units.
Application Partition:
It stores information about applications in Active Directory. It is replicated only to specific domain controllers.
How do you create a new application partition?
dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com
How do you view replication properties for AD partitions and DCs?
Replmon
What is the Global Catalog?
A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest
Global group's membership is limited to accounts from the same domain. The membership is replicated in its own domain only.
Universal group's memership is limited to accounts from the same forest.The membership is replicated across the forest
How do you view all the GCs in the forest?
repadmin.exe /options * and use IS_GC for current domain options.
nltest /dsgetdc:corp /GC
How to find FSMO roles?
Netdom query fsmo OR Replmon.exe
What is REPLMON?
Replmon is the first tool you should use when troubleshooting Active Directory replication issues
What is ADSIEDIT?
ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory tool lets you view objects and attributes that are not exposed in the Active Directory Management Console.
What is NETDOM?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships
What is REPADMIN?
is a command line tool used to monitor and troubleshoot replication on a computer running Windows.
• Checks replication consistency between replication partners.
• Monitors replication status.
• Displays replication metadata.
• Forces replication events.
What is LSDOU?
It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units
What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.
Where are group policies stored?
%SystemRoot%System32\GroupPolicy
What is GPT and GPC?
Group policy template and group policy container.
Where is GPT stored?
%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
Explan the List Folder Contents permission on the folder in NTFS?
Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.
What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
What’s the number of permitted unsuccessful logons on Administrator account?
Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.
How frequently is the group policy refreshed?
90 minutes give or take.
What is the SYSVOL folder?
The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. %systemroot%\SYSVOL
What are RODCs? And what are the major benefits of using RODCs?
Read only Domain Controller, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed.
What’s New in Windows Server 2008 Active Directory Domain Services?
AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain Controllers,Restartable Active Directory Domain Services
How do you upgrade from Windows 2003 DC to Windows 2008 DC?
Windows 2003 must be running with SP2
Run adprep /forestprep
Run adprep /domainprep
Start the installation from Windows 2008 DVD
Domain level must be in Native Mode
Installation must be started from windows 2003 OS
Where is the AD database held? What other folders are related to AD?
%SystemRoot%\ntds\NTDS.DIT.
Edb*.log is the transaction log file. Each transaction file is 10 megabytes (MB). When Edb.log file is full, active directory renames it to Edbnnnnn.log, where nnnnn is an increasing number starts from 1.
Edb.chk is a checkpoint file which is use by database engine to track the data which is not yet written to the active directory database file. The checkpoint file act as a pointer that maintains the status between memory and database file on disk. It indicates the starting point in the log file from which the information must be recovered if a failure occurs.
Res1.log and Res2.log: These are reserved transaction log files. The amount of disk space that is reserved on a drive or folder for this log is 20 MB. This reserved disk space provides a sufficient space to shut down if all the other disk space is being used.
What is DNS Scavenging?
Scavenging will help you clean up old unused records in DNS.
What are the standard Port numbers?
What is Kerberos?
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
Group Policy is to apply one or more desired configurations or policy settings to a set of targeted users and computers within an Active Directory environment.
No Override - This prevents child containers from overriding policies set at higher levels
Block Inheritance - Stops containers inheriting policies from parent containers
What is the KCC (Knowledge consistency checker)
The KCC generates and maintains the replication topology for replication within sites and between sites. KCC runs every 15 minutes.
What is the ISTG - Intersite topology generator?
ISTG is responsible for creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. Intersite replication can utilize either RPC over IP or SMTP to convey replication data.
Bridgehead server - A domain controller that is used to send replication information to one or more other sitesDHCP Superscope:
A rage of IP address that span several subnets. The DHCP server can assign these address to clients that are on several subnets.
DHCP Scope:
A range of IP address that the DHCP server can assign to clients that are on one subnetA stub zone
It is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
A stub zone consists of: SOA, NS, A Records
It is a role that only one DC can (or should) hold at any given time within its boundary.
Schema Master - Use MMC "Active Directory Schema Snap-in". The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory.
Domain Naming Master - Use "Active Directory Domains and Trusts". It controls the addition or removal of domains in the forest.
Primary Domain Controller (PDC) Emulator - Use the "ADUC" . The PDC emulator is necessary to synchronize time in an enterprise.
Relative ID Master (RID Master) - Use "ADUC". All objects have a SID and a domain SID. The RID assigns relative IDs to each domain controller.
Infrastructure Master - Use the "ADUC". Updates group membership information when users from other domains are moved or renamed.
The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold.
How to transfer FSMO Roles?
ntdsutil - type roles - connections - connect servername - q - type transfer role - at the fsmo maintenance prompt - type trasfer rid master
How to Seize FSMO Roles?
ntdsutil - type roles - connections - connect servername - q - type seize role - at the fsmo maintenance prompt - type seize rid master
What the the Directory Partitions?
Schema Partition:
Only one schema partition exists per forest. The schema partition is stored on all domain controllers in a forest. It contains definitions of all objects and attributes that can be created in the directory.
Configuration Partition:
There is only one configuration partition per forest. the configuration partition contains information about the forest-wide active directory structure.
Domain Partition:
Many domain partitions can exist per forest. Domain partitions are stored on each domain controller in a given domain. A domain partition contains information about users, groups, computers, and organizational units.
Application Partition:
It stores information about applications in Active Directory. It is replicated only to specific domain controllers.
How do you create a new application partition?
dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com
How do you view replication properties for AD partitions and DCs?
Replmon
What is the Global Catalog?
A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest
Global group's membership is limited to accounts from the same domain. The membership is replicated in its own domain only.
Universal group's memership is limited to accounts from the same forest.The membership is replicated across the forest
How do you view all the GCs in the forest?
repadmin.exe /options * and use IS_GC for current domain options.
nltest /dsgetdc:corp /GC
How to find FSMO roles?
Netdom query fsmo OR Replmon.exe
What is REPLMON?
Replmon is the first tool you should use when troubleshooting Active Directory replication issues
What is ADSIEDIT?
ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory tool lets you view objects and attributes that are not exposed in the Active Directory Management Console.
What is NETDOM?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships
What is REPADMIN?
is a command line tool used to monitor and troubleshoot replication on a computer running Windows.
• Checks replication consistency between replication partners.
• Monitors replication status.
• Displays replication metadata.
• Forces replication events.
What is LSDOU?
It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units
What’s the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted domains.
Where are group policies stored?
%SystemRoot%System32\GroupPolicy
What is GPT and GPC?
Group policy template and group policy container.
Where is GPT stored?
%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID
Explan the List Folder Contents permission on the folder in NTFS?
Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.
What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
What’s the number of permitted unsuccessful logons on Administrator account?
Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.
How frequently is the group policy refreshed?
90 minutes give or take.
What is the SYSVOL folder?
The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. %systemroot%\SYSVOL
What are RODCs? And what are the major benefits of using RODCs?
Read only Domain Controller, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed.
What’s New in Windows Server 2008 Active Directory Domain Services?
AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain Controllers,Restartable Active Directory Domain Services
How do you upgrade from Windows 2003 DC to Windows 2008 DC?
Windows 2003 must be running with SP2
Run adprep /forestprep
Run adprep /domainprep
Start the installation from Windows 2008 DVD
Domain level must be in Native Mode
Installation must be started from windows 2003 OS
Where is the AD database held? What other folders are related to AD?
%SystemRoot%\ntds\NTDS.DIT.
Edb*.log is the transaction log file. Each transaction file is 10 megabytes (MB). When Edb.log file is full, active directory renames it to Edbnnnnn.log, where nnnnn is an increasing number starts from 1.
Edb.chk is a checkpoint file which is use by database engine to track the data which is not yet written to the active directory database file. The checkpoint file act as a pointer that maintains the status between memory and database file on disk. It indicates the starting point in the log file from which the information must be recovered if a failure occurs.
Res1.log and Res2.log: These are reserved transaction log files. The amount of disk space that is reserved on a drive or folder for this log is 20 MB. This reserved disk space provides a sufficient space to shut down if all the other disk space is being used.
What is DNS Scavenging?
Scavenging will help you clean up old unused records in DNS.
What are the standard Port numbers?
SMTP - 25, POP3 - 110, IMAP4 - 143, RPC - 135, LDAP - 389, SSL - 443, HTTP - 80, RDP - 3389, DNS - 53, DHCP - 67,68, FTP-21, GC-3268, Secure LDAP - 636, Kerberos - 88, NNTP - 119, TFTP - 69, SNMP - 161.
Why Netlogon?
Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services, and the domain controller cannot register DNS records."What is Kerberos?
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
What is Active Directory?
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.
What is Domain Controller?
In an Active directory forest, the domain controller is a server that contains a writable copy of the Active Directory Database participates in Active directory replication and controls access to network resource.
What is LDAP?
The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying data using directory services running over TCP/IP
A site link defines the direction of Active Directory replication between sites.
Site Cost: The Active Directory uses cost to determine which site links have precedent over other site links. Lower-cost site links are favored over higher-cost site links
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.
What is Domain Controller?
In an Active directory forest, the domain controller is a server that contains a writable copy of the Active Directory Database participates in Active directory replication and controls access to network resource.
What is LDAP?
The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying data using directory services running over TCP/IP
A site link defines the direction of Active Directory replication between sites.
Site Cost: The Active Directory uses cost to determine which site links have precedent over other site links. Lower-cost site links are favored over higher-cost site links
0 comments:
Post a Comment