Technical Interview Questions - Active
Directory
What is domain ? Correct Answer: In Windows NT and Windows 2000, a domain is a set of network
resources (applications,
printers, and so forth) for a group of users. The user need only to log in to the domain to gain
access to the resources, which may be located on a number of different servers in the network.
The 'domain' is simply your computer address not to confused with an URL. A domain address might
look something like 211.170.469
What is domain controller ? Correct Answer: Primary domain controller (PDC) and backup domain
controller (BDC) are roles that can be assigned to aserver in a network of computers that use the
Windows NT operating system. Windows NT uses the idea of a domain to manage access to a set of
network resources (applications, printers, and so forth) for a group of users. The user need only to log in
to the domain to gain access to the resources, which may be located on a number of different servers in
the network. One server, known as the primary domain controller, manages the master user database
for the domain. One or more other servers are designated as backup domain controllers. The primary
domain controller periodically sends copies of the database to the backup domain controllers. A backup
domain controller can step in as primary domain controller if the PDC server fails and can also help
balance the workload if the network is busy enough. Setting up and maintaining PDCs and BDCs and
domain information is a major activity for the administrator of a Windows NT network. In Windows
2000, the domain controller concept is retained but the PDC and BDC server roles are generally replaced
by the Active Directory
What are domain trees? Correct Answer: A domain tree comprises several domains that share a
common schema and configuration, forming a contiguous namespace. Domains in a tree are also linked
together by trust relationships. Active Directory is a set of one or more trees. Trees can be viewed two
ways. One view is the trust relationships between domains. The other view is the namespace of the
domain tree.
What are forests? Correct Answer: A collection of one or moredomain trees with a common schema
and implicit trust
relationships between them. This arrangement would be used if you have multiple root DNS
addresses.
What is LDAP? Correct Answer: The Lightweight Directory Access Protocol, or LDAP , is an application
protocol for querying and modifying data using directory services running over TCP/IP.
Can you connect Active Directory to other 3rd-party Directory Services? Name a few options. Correct
Answer: Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries
used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server )
you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell).
,Where is the AD database held? What other folders are related to AD? Correct Answer: AD Database is
saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files
controlling the AD structure
ntds.dit
edb.log
res1.log
res2.log
edb.chk
When a change is made to the Win2K database, triggering a write operation, Win2K records the
transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD
database. System performance determines how fast the system writes the data to the AD database from
the log file. Any time the system is shut down, all transactions are saved to the database.
During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is
10MB. These files are used to ensure that changes can be written to disk should the system run out of
free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database
(ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file. Then, during a
reboot, AD determines that all transactions in the edb.log file have been committed to the AD database.
If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD
will use the edb.log file to update the AD database.
The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\
NTDS, along with the other files we've discussed
What is the SYSVOL folder? Correct Answer: All active directory data base security related information
store in SYSVOL folder and its only created on NTFS partition.
B:
The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain
controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system
(NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS)
forest.
This is a quote from microsoft themselves, basically the domain controller info stored in files like your
group policy stuff is replicated through this folder structure.
Name the AD NCs and replication issues for each NC Correct Answer: *Schema NC, *Configuration NC, *
Domain NC
Schema NC This NC is replicated to every other domain controller in the forest. It contains information
about the Active Directory schema, which in turn defines the different object classes and attributes
within Active Directory.
Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide
configuration information pertaining to the physical layout of Active Directory, as well as information
about display specifiers and forest-wide Active Directory quotas.
Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the NC
that contains the most commonly-accessed Active Directory data: the actual users, groups, computers,
and other objects that reside within a particular Active Directory domain.
What are application partitions? When do I use them? Correct Answer: An application directory
partition is a directory partition that is replicated only to specific domain controllers. A domain
controller that participates in the replication of a particular application directory partition hosts a replica
, of that partition. Only domain controllers running Windows Server 2003 can host a replica of an
application directory partition.
Application directory partitions are usually created by the applications that will use them to store and
replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can
manually create or manage application directory partitions using the Ntdsutil command-line tool.
One of the benefits of an application directory partition is that, for redundancy, availability, or fault
tolerance, the data in it can be replicated to different domain controllers in a forest.
How do you create a new application partition? Correct Answer: When you create an application
directory partition, you are creating the first instance of this partition. You can create an application
directory partition by using the create nc option in the domain management menu of Ntdsutil. When
creating an application directory partition using LDP or ADSI, provide a description in the description
attribute of the domain DNS object that indicates the specific application that will use the partition. For
example, if the application directory partition will be used to store data for a Microsoft accounting
program, the description could be Microsoft accounting application. Ntdsutil does not facilitate the
creation of a description.
To create or delete an application directory partition
1. Open Command Prompt.
2. Type:
ntdsutil
3. At the ntdsutil command prompt, type:
domain management
4. At the domain management command prompt, do one of the following:
· To create an application directory partition, type:
create ncApplicationDirectoryPartitionDomainCo...
Answer:
Start >> RUN>> CMD >> type there "NTDSUTIL" Press Enter
Ntdsutil: domain management Press Enter
Domain Management: Create NC dc=, dc=, dc=com <>
ANSWER B
Create an application directory partition by using the DnsCmd command
Use the DnsCmd command to create an application directory partition. To do this, use the following
syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
To create an application directory partition that is named CustomDNSPartition on a domain controller
that is named DC-1, follow these steps:
Click Start, click Run, type cmd, and then click OK.
Type the following command, and then press ENTER:dnscmd DC-1 /createdirectorypartition
CustomDNSPartition.contoso.com
When the application directory partition has been successfully created, the following information
appears:
DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed
successfully.
Configure an additional domain controller DNS server to host the application directory partition
Configure an additional domain controller that is acting as a DNS server to host the new application
directory partition that you created. To do this, use the following syntax with the DnsCmd command:
Directory
What is domain ? Correct Answer: In Windows NT and Windows 2000, a domain is a set of network
resources (applications,
printers, and so forth) for a group of users. The user need only to log in to the domain to gain
access to the resources, which may be located on a number of different servers in the network.
The 'domain' is simply your computer address not to confused with an URL. A domain address might
look something like 211.170.469
What is domain controller ? Correct Answer: Primary domain controller (PDC) and backup domain
controller (BDC) are roles that can be assigned to aserver in a network of computers that use the
Windows NT operating system. Windows NT uses the idea of a domain to manage access to a set of
network resources (applications, printers, and so forth) for a group of users. The user need only to log in
to the domain to gain access to the resources, which may be located on a number of different servers in
the network. One server, known as the primary domain controller, manages the master user database
for the domain. One or more other servers are designated as backup domain controllers. The primary
domain controller periodically sends copies of the database to the backup domain controllers. A backup
domain controller can step in as primary domain controller if the PDC server fails and can also help
balance the workload if the network is busy enough. Setting up and maintaining PDCs and BDCs and
domain information is a major activity for the administrator of a Windows NT network. In Windows
2000, the domain controller concept is retained but the PDC and BDC server roles are generally replaced
by the Active Directory
What are domain trees? Correct Answer: A domain tree comprises several domains that share a
common schema and configuration, forming a contiguous namespace. Domains in a tree are also linked
together by trust relationships. Active Directory is a set of one or more trees. Trees can be viewed two
ways. One view is the trust relationships between domains. The other view is the namespace of the
domain tree.
What are forests? Correct Answer: A collection of one or moredomain trees with a common schema
and implicit trust
relationships between them. This arrangement would be used if you have multiple root DNS
addresses.
What is LDAP? Correct Answer: The Lightweight Directory Access Protocol, or LDAP , is an application
protocol for querying and modifying data using directory services running over TCP/IP.
Can you connect Active Directory to other 3rd-party Directory Services? Name a few options. Correct
Answer: Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries
used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server )
you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell).
,Where is the AD database held? What other folders are related to AD? Correct Answer: AD Database is
saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files
controlling the AD structure
ntds.dit
edb.log
res1.log
res2.log
edb.chk
When a change is made to the Win2K database, triggering a write operation, Win2K records the
transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD
database. System performance determines how fast the system writes the data to the AD database from
the log file. Any time the system is shut down, all transactions are saved to the database.
During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is
10MB. These files are used to ensure that changes can be written to disk should the system run out of
free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database
(ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file. Then, during a
reboot, AD determines that all transactions in the edb.log file have been committed to the AD database.
If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD
will use the edb.log file to update the AD database.
The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\
NTDS, along with the other files we've discussed
What is the SYSVOL folder? Correct Answer: All active directory data base security related information
store in SYSVOL folder and its only created on NTFS partition.
B:
The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain
controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system
(NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS)
forest.
This is a quote from microsoft themselves, basically the domain controller info stored in files like your
group policy stuff is replicated through this folder structure.
Name the AD NCs and replication issues for each NC Correct Answer: *Schema NC, *Configuration NC, *
Domain NC
Schema NC This NC is replicated to every other domain controller in the forest. It contains information
about the Active Directory schema, which in turn defines the different object classes and attributes
within Active Directory.
Configuration NC Also replicated to every other DC in the forest, this NC contains forest-wide
configuration information pertaining to the physical layout of Active Directory, as well as information
about display specifiers and forest-wide Active Directory quotas.
Domain NC This NC is replicated to every other DC within a single Active Directory domain. This is the NC
that contains the most commonly-accessed Active Directory data: the actual users, groups, computers,
and other objects that reside within a particular Active Directory domain.
What are application partitions? When do I use them? Correct Answer: An application directory
partition is a directory partition that is replicated only to specific domain controllers. A domain
controller that participates in the replication of a particular application directory partition hosts a replica
, of that partition. Only domain controllers running Windows Server 2003 can host a replica of an
application directory partition.
Application directory partitions are usually created by the applications that will use them to store and
replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can
manually create or manage application directory partitions using the Ntdsutil command-line tool.
One of the benefits of an application directory partition is that, for redundancy, availability, or fault
tolerance, the data in it can be replicated to different domain controllers in a forest.
How do you create a new application partition? Correct Answer: When you create an application
directory partition, you are creating the first instance of this partition. You can create an application
directory partition by using the create nc option in the domain management menu of Ntdsutil. When
creating an application directory partition using LDP or ADSI, provide a description in the description
attribute of the domain DNS object that indicates the specific application that will use the partition. For
example, if the application directory partition will be used to store data for a Microsoft accounting
program, the description could be Microsoft accounting application. Ntdsutil does not facilitate the
creation of a description.
To create or delete an application directory partition
1. Open Command Prompt.
2. Type:
ntdsutil
3. At the ntdsutil command prompt, type:
domain management
4. At the domain management command prompt, do one of the following:
· To create an application directory partition, type:
create ncApplicationDirectoryPartitionDomainCo...
Answer:
Start >> RUN>> CMD >> type there "NTDSUTIL" Press Enter
Ntdsutil: domain management Press Enter
Domain Management: Create NC dc=, dc=, dc=com <>
ANSWER B
Create an application directory partition by using the DnsCmd command
Use the DnsCmd command to create an application directory partition. To do this, use the following
syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
To create an application directory partition that is named CustomDNSPartition on a domain controller
that is named DC-1, follow these steps:
Click Start, click Run, type cmd, and then click OK.
Type the following command, and then press ENTER:dnscmd DC-1 /createdirectorypartition
CustomDNSPartition.contoso.com
When the application directory partition has been successfully created, the following information
appears:
DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed
successfully.
Configure an additional domain controller DNS server to host the application directory partition
Configure an additional domain controller that is acting as a DNS server to host the new application
directory partition that you created. To do this, use the following syntax with the DnsCmd command:
