Interview Questions: Windows/AD Administrator L2 with HCL

1. What is your daily task being a Windows Admin?

Daily tasks
[] Perform scheduled backups (if configured).
[] Check usage levels.
[] Check for runaway processes.

[] Check disk space.

[] Check mail functionality, connections.
[] Check printer status with lpstat -t.
[] Check auditing output, if activated.
[] Check UUCP communications links, if active.
[] Check for unattended login sessions.

2. What is PDC emulator?

PDC Emulator is one of the Domain wide FSMO role. It is also one of the most important
role. Here is the task list managed by PDC:
(a) Backward compatibility with NT 4.0
(b) It synchronizes time with the help of NTP (Network Time Protocol, Port No. 123)
with DC. As per Microsoft we cannot accept more than 22 seconds delay between DC
and client machines.
(c) Account related information like Account lockout, Password Expired, password
Changes etc. are managed by PDC.
(d) Group policy is managed by PDC. SYSVOL folder contains Domain wide group
policy that is shared between DCs.
(e) All login scripts is managed by PDC.

3. What is GPO?
It is a set of rules which is used to manage Domain Environment like User and Computer
configuration.
There are two types of policy Local computer policy and Domain policy.
Creation of policy- Local computers, Site, Domain, OU (LSDOU)
Applicable policy- OU, Domain, Site, Local computer (OUDSL)

4. What is SYSVOL?
SYSVOL folder contains Domain wide group policy that is shared between DCs. It
requires NTFS partition and it replicates with other DCs with the help of File Replication
service in windows 2003 server. In windows server 2008, DFSR is responsible to
replicate SYSVOL folder and SYSVOL folder is known as SYSVOL_DFSR.

5. What is command to see cluster log?

(a) Use the cluster /log /g command at the command prompt. This command generates the
cluster logs to the \windows\cluster\reports directory on each WSFC node. The advantage of this
method is that you can specify the level of detail in the generated logs by using
 the /level option. The disadvantage is that you cannot specify the destination directory for the
generated cluster logs
(b) Use the Get-ClusterLog PowerShell cmdlet. The advantage of this method is that you can
generate the cluster log from all nodes to one destination directory on the node that you run the
cmdlet. The disadvantage is that you cannot specify the level of detail in the generated logs

6. How to demote a server without running DCPROMO?

If DCPROMO fails to demote DC then we can do metadata cleanup.
There are three ways to perform Metadata cleanup:

 Clean up server metadata by using GUI tools

 Clean up server metadata using the command line

 Clean up server metadata by using a script
 http://msexchangeteam.in/metadata-cleanup-unsuccessful-demotion-of-domain-controller/

7. How to map shared drive for users from server?

We can use Group Policy to map shared drive for users. We can create a new OU and
move all users those wants access for that shared drive and assign group policy User
Configuration\Preferences\Windows settings\Drive Maps and
follow the wizard to provide shared folder path and put a
check mark show this drive. Run gpupdate /force to apply
this policy and user will be able to access without any
error after reboot/log off.
https://technet.microsoft.com/en-us/library/cc770902.aspx

8. What is Home Folders?

A home folder is a private network location where users can store personal files.
It is stored in a shared folder on a network server. When you create the home
folder on a network server, users can access it from any computer on the
network.

Assign a home folder to a domain user

Note: To specify a network path for the home folder, you must first create the network
share and set permissions that permit the user access. You can do this with Shared Folders
in Computer Management on the server computer.

To assign a home folder to a domain user:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Users and Computers.

2. In the console tree, click Users.

3. In the Details pane, right-click the user account, and then click Properties.
4. In the Properties dialog box, click Profile.
5. Under the Home folder, type the folder information. To do this, follow these steps:
a. To assign a home folder on a network server, click Connect, and then specify
a drive letter.
b. In the To box, type a path. This path can be any one of the following types:

 Network path, for example:

\\server\users\tester

 You can substitute username for the last subfolder in the path, for example:

\\server\users\username

6. Note In these examples, server is the name of the file server housing the home
folders, and users is the shared folder.

2 Click OK.

https://support.microsoft.com/en-us/kb/816313#bookmark-3

9. What are different types of groups? What is Group scope and what are the different types
of group scopes?

There are two types of groups- Security Groups and Distribution Groups
Security Groups: Security groups are used to group domain users into a single
administrative unit. Security groups can be assigned permissions and can also be used as e-mail
distribution lists. Users placed into a group inherit the permissions assigned to the group for as
long as they remain members of that group. Windows itself uses only security groups.

Distribution groups: These are used to nonsecurity purposes by applications other than Windows.
One of the primary uses is within an e-mail.
As with user accounts, there are both local and domain-level groups. Local groups are stored in a
local computer’s security database and are intended to control resources access on that computer.
Domain groups are stored in Active Directory and let you gather users and control resources
access in a domain and on domain controllers.

Groups Scope: Group scopes determine where in the Active Directory forest a group is
accessible and what objects can be placed into the group.
There are three different group scopes; domain local, global and universal. The scope decides who
can be member of the group and where the group can be used. These are the three group scopes
and a "Can Contain Matrix" for each:
1. Domain Local Groups: These groups are only visible in their own domain. For that reason, domain
Local Security groups can be used to grant rights and permissions only on resources that reside in
the same domain where the domain local group is located. Domain local groups can contain domain
local groups only from the same domain, but users, computers and all other group-types from the
same domain and trusted domains (all domains in the forest). Use domain local groups for assigning
permissions to resources in their home domain.

CAN CONTAIN: Domain Local Groups from the own domain, Global Groups from trusted domains
and any domain in the forest, Universal groups from trusted domains and any domain in the forest.

2. Global Groups: These groups are visible through-out the forest, but can only contain accounts and
global groups from the same domain. The group itself can be a member of universal and domain
local groups in any domain, and global groups of its own domain. The groups should be used to
organize users who share the same job tasks or department etc. You should not assign permissions
directly to global groups – domain local groups are more appropriate for that.

CAN CONTAIN: Global Groups from the OWN domain.

3. Universal groups: These groups are visible through-out the forest and can contain accounts, global
groups and other universal groups from any domain in the forest (they cannot contain domain local
groups). Universal groups should be used to nest global groups. By doing that, the group can assign
permissions to resources in multiple domains.

CAN CONTAIN: Global Groups from any domain in the forest, Universal Groups from any domain in
the forest.

10. What is cost?

Site link cost can be used to determine which domain controller is contacted by clients located in
one site if the domain controller for the specified domain does not exist at that site. The client
contacts the domain controller by using the site link that has the lowest cost assigned to it.

It is recommended that the cost value be defined on a site-wide basis. Cost is usually based not
only on the total bandwidth of the link but also on the availability, latency, and monetary cost of
the link. https://technet.microsoft.com/en-us/library/cc782827(v=ws.10).aspx

11. Why do we need to authorize DHCP?

If the DHCP server is not authorized, it will not lease IP addresses to DHCP clients. When configured
correctly and authorized for use on a network, Dynamic Host Configuration Protocol (DHCP)
servers provide a useful administrative service. However, a misconfigured or unauthorized DHCP
server can cause problems. For example, if an unauthorized DHCP server starts, it might begin
either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients that
attempt to renew current address leases. To resolve these issues, DHCP servers are verified as
authorized in Active Directory Domain Services before they can service clients and unauthorized,
or rogue, servers are detected. This prevents most of the accidental damage caused by either
misconfigured DHCP servers or correctly configured DHCP servers running on the wrong network.

To authorize a DHCP server in AD DS

1. Click Start, point to Administrative Tools and then click DHCP
2. In the console tree, click DHCP
3. On the Action menu, click Manage authorized servers.The Manage Authorized Servers dialog
box appears.
4. Click Authorize.
5. When prompted, type the name or IP address of the DHCP server to be authorized, and then
click OK.

12. What is command for replication? Give some example.

Repadmin /kcc - Forces the Knowledge Consistency Checker (KCC) on each targeted domain
controller to immediately recalculate the inbound replication topology.
Repadmin /prp - Lists and modifies the Password Replication Policy (PRP) for read-only domain
controllers (RODCs).

Repadmin /queue - Displays inbound replication requests that the domain controller has to issue to
become consistent with its source replication partners.
Growth in the number of items in the queue of an online domain controller can be caused by any of the
following factors:

 Too many concurrent replication partners

 High change rates to objects in Active Directory Domain Services (AD DS)
 Insufficient CPU or network bandwidth for the amount of data that the domain controller is
replicating

Repadmin /replicate - Triggers the immediate replication of the specified directory partition to a
destination domain controller from a source domain controller.
Repadmin /replsingleobj - Replicates a single object between any two domain controllers that
have common directory partitions.
The two domain controllers do not have a replication agreement. That is, neither domain controller has an
inbound connection object for the other domain controller.
You can use the repadmin /showrepl or the repadmin /showconn command to show replication
agreements.

Repadmin /replsummary - Identifies domain controllers that are failing inbound replication or
outbound replication, and summarizes the results in a report.

Repadmin /rodcpwdrepl - Triggers replication of passwords for the specified users from a writable
Windows Server 2008 source domain controller to one or more read-only domain controllers (RODCs).
For each destination RODC, the source domain controller enforces the Password Replication Policy (PRP)
before it performs the operation. If the PRP does not permit replicating the password to an RODC for a
specified user, the operation for that user and RODC combination fails.

Repadmin /showattr - Although the repadmin /showobjmeta command displays the number of
times that the attributes on an object have changed and which domain controller made those changes,
the repadmin /showattr command displays the actual values for an object. The repadmin
/showattr command can also display the values for objects that are returned by a command-line
Lightweight Directory Access Protocol (LDAP) query.
An object can be referenced by its distinguished name or by its object globally unique identifier (GUID).
By default, repadmin /showattr uses Lightweight Directory Access Protocol (LDAP) port 389 to query
writable directory partitions. However, repadmin /showattr can optionally use LDAP port 3268 to query
the read-only partitions of a global catalog server.

Repadmin /showobjmeta - Displays the replication metadata for a specified object stored in
Active Directory Domain Services (AD DS), such as the attribute ID, a version number, the originating and
local Update Sequence Numbers (USNs), the globally unique identifier (GUID) of the originating server,
and the date and time stamp. By comparing the replication metadata for the same object on different
domain controllers, you can determine whether replication has occurred or which domain controller
added, modified, or deleted an attribute or object. You can reference an object by its distinguished name
path, object GUID, or security identifier (SID). If the distinguished name path includes a space, enclose it in
quotation marks.

Repadmin /showrepl - Displays the replication status when the specified domain controller last
attempted to perform inbound replication of Active Directory partitions.
The repadmin /showrepl command helps you understand the replication topology and replication
failures. It reports status for each source domain controller from which the destination has an inbound
connection object. The status report is categorized by directory partition.
Repadmin /showutdvec - Displays the highest committed Update Sequence Number (USN) that
Active Directory Domain Services (AD DS) on the targeted domain controller shows as committed for itself
and its transitive partners.
The up-to-dateness vector (UTDVEC) shows the highest USN that the destination domain controller has
received by replication, in the form of changes it has received from its direct and transitive replication
partners for the specified partition.

Repadmin /syncall - Synchronizes a specified domain controller with all of its replication partners.

13. What is Quorum and how it works?

A cluster quorum disk is the storage medium on which the configuration database is
stored for a cluster computing network. The cluster configuration database, also called
the quorum, tells the cluster which physical server(s) should be active at any given time.
The quorum disk comprises a shared block device that allows concurrent read/write
access by all nodes in a cluster.

When network problems occur, they can interfere with communication between cluster nodes. A small set
of nodes might be able to communicate together across a functioning part of a network but not be able
to communicate with a different set of nodes in another part of the network. This can cause serious issues.
In this "split" situation, at least one of the sets of nodes must stop running as a cluster.
To prevent the issues that are caused by a split in the cluster, the cluster software requires that any set of
nodes running as a cluster must use a voting algorithm to determine whether, at a given time, that set has
quorum. Because a given cluster has a specific set of nodes and a specific quorum configuration, the
cluster will know how many "votes" constitutes a majority (that is, a quorum). If the number drops below
the majority, the cluster stops running. Nodes will still listen for the presence of other nodes, in case
another node appears again on the network, but the nodes will not begin to function as a cluster until the
quorum exists again.

14. What is Forwarders & conditional forwarders?

A forwarder is a Domain Name System (DNS) server on a network that forwards DNS queries for
external DNS names to DNS servers outside that network.

Conditional forwarders are DNS servers that forward queries according to domain names. Rather than
having a DNS server forward all queries it cannot resolve locally to a forwarder, you can configure DNS
servers to forward queries to different forwarders according to the specific domain names that are
contained in the queries. Forwarding according to domain names improves conventional forwarding by
adding a name-based condition to the forwarding process.
The conditional forwarder setting for a DNS server consists of the following:

 The domain names for which the DNS server will forward queries

 One or more DNS server IP addresses for each domain name that is specified
 15. How PDC emulator works with NT 4.0?

 The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0
Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.

This part of the PDC emulator role becomes unnecessary when all workstations,
member servers, and domain controllers that are running Windows NT 4.0 or earlier
are all upgraded to Windows 2000. The PDC emulator still performs the other
functions as described in a Windows 2000 environment.

Project Related Interview Questions at HCL (Bekeart Project):

1. What was your role/task in previous organization?

Daily Monitoring Tasks
Tasks

Verify that all domain controllers are communicating with the central monitoring console or collector.

View and examine all new alerts on each domain controller, resolving them in a timely fashion.

Resolve alerts indicating the following services are not running: FRS, Net Logon, KDC, W32Time, ISMSERV.
MOM reports these as Active Directory Essential Services.

Resolve alerts indicating SYSVOL is not shared.

Resolve alerts indicating that the domain controller is not advertising itself.

Resolve alerts indicating time synchronization problems.

Resolve all other alerts in order of severity. If alerts are given error, warning, and information status similar to
the event log, resolve alerts marked error first.

Importance

Communication failure between the domain controller and the monitoring infrastructure prevents you
from receiving alerts so you can examine and resolve them.
This precaution helps you avoid service outages.

Active Directory depends on these services. They must be running on every domain controller.

Active Directory cannot apply Group Policy unless SYSVOL is shared.

Domain controllers must register DNS records to be able to respond to LDAP and other service requests.

The Kerberos authentication protocol requires that time be synchronized between all domain controllers
and clients that use it.

The highest priority alerts indicate the most serious risk to your service level..

https://technet.microsoft.com/en-us/library/bb727046.aspx#ECAA

2. How to check AD performance/Health of server?

AD performance check-
 run dcdiag on all DCs .More about dcdiag.exe: http://technet.microsoft.com/en-
us/library/cc776854(WS.10).aspx
 run repadmin /syncall and check if there any reported issues. If an error was
detected then there should be something wrong
 Check logs in event viewer
 Run DNSLint to perform diagnosis about common DNS name resolution
problems. See that: http://support.microsoft.com/kb/321045
We can use few tools to check server performance like perfmon, poolmon, process
explorer, treesize etc.

3. How to check and perform task to free space in C drive?

(a) Treesize software to check space in C drive consumed by any specific
folder. We will not install any program in C drive except OS.
(b) Delete unknown user from user profile in system properties. Unknown
user account which is deleted from AD is known as Phantom account.
(c) Virus definition update file older than 15 days should be deleted from C
drive.
 (d) Microsoft Windows patches should be moved from C drive to any other
drive which is older than 1 Month.
(e) Extend the drive if still free space is not sufficient to run server smoothly
by using DISKPART.
Note: C drive cannot be extended if it has stored page file. In this
situation, we need to move page file to different location and then extend
the C drive. We can move back the page file after extending the C drive.

4. How to identify and check which process is utilizing Memory/CPU high?

(a) Check scheduled scan of Anti-Virus program.
(b) Check scheduled backup of server.
(c) Check windows update.
(d) Check Database/Application log file backup.
(e) Check scheduled task for any other tasks configured in specified time.
(f) Check file version of specific program/application by right click on
application/program then properties, Version tab.
(g) Check driver version for Hardware devices by right click on device. Properties
and driver version.
(h) Run process explorer to check any EXE.

5. How to create share folder for users and assign permissions?

open the users profile in ADUC, you will see that there is a field called
"Home Folder". You can use the "Connect to" option to map a drive to the
share on the file and print server eg \\fileserver\users\%UserName%

On the fileserver, create a folder called users and share it. Change the
permissions as follows:

1) Turn off inheritance on the folder and copy the permissions. You do this
by:

a. Click the Advanced button found on the Security tab.

b. Clear Allow inheritable permissions to propagate to this object check

box in the Advanced Security Settings dialog box.

c. Click Copy when prompted by the Security dialog box.

2) Click OK to return to the Security tab. Ensure we have the following

permissions set:

Administrators: Full Control

System: Full Control

Creator Owner: Full Control

Authenticated Users: Read & Execute, List Folder Contents, Read

3) Change permissions for Authenticated Users so they cannot access

other users’ folders. You do this by:

a. Click Advanced on the Security tab.

b. Click Authenticated Users, and then click Edit.

c. On the Permissions Entry for users dialog box, drop down the Apply
onto and select This folder only.

d. Click OK twice.

6. How to perform update and upgrade of firmware on HP servers?

http://h20565.www2.hp.com/hpsc/doc/public/display?
sp4ts.oid=428936&docId=emr_na-c00719376

Updating Firmware Using The Offline ROM Flash Method

Updating Firmware Using the Online ROM Flash Method

7. What is page file?

RAM is a limited resource, whereas for most practical purposes, virtual memory is
unlimited. There can be many processes, and each process has its own 2 GB of
private virtual address space. When the memory being used by all the existing
processes exceeds the available RAM, the operating system moves pages (4-KB
pieces) of one or more virtual address spaces to the computer’s hard disk. This
frees that RAM frame for other uses. In Windows systems, these “paged out”
pages are stored in one or more files (Pagefile.sys files) in the root of a partition.
There can be one such file in each disk partition. The location and size of the
page file is configured in System Properties (click Advanced, clickPerformance,
and then click the Settings button).

Users frequently ask "how big should I make the pagefile?" There is no single
answer to this question because it depends on the amount of installed RAM and
on how much virtual memory that workload requires. If there is no other
information available, the typical recommendation of 1.5 times the installed RAM
is a good starting point. On server systems, you typically want to have sufficient
RAM so that there is never a shortage and so that the pagefile is basically not
used. On these systems, it may serve no useful purpose to maintain a really large
 pagefile. On the other hand, if disk space is plentiful, maintaining a large pagefile
(for example, 1.5 times the installed RAM) does not cause a problem, and this
also eliminates the need to worry over how large to make it.

8. What is memory leakage and how will you check If memory leakage is happening or
not ?

A memory leak is caused by an application or by a process that allocates memory

for use but that does not free the memory when the application or process
finishes. Therefore, available memory is completely used over time. Frequently,
this condition causes the system to stop functioning correctly.

Or,

Memory leakage is a gradual loss of available computer memory. When a program

repeatedly fails to returns memory that it has obtained for temporary use, a result the
available memory for that application or that part of the operating system become
exhausted and program can no longer function. A memory leak is result of a program
bug. POOLMON is a tool which is used to check whether memory leakage is
happening or not. There are event Ids for memory leakage, if we got event ID 2019
and 2020 in event viewer then memory leakage is happening otherwise no memory
leakage is going on.

Event ID 2019- The server was unable to allocate from the system non-paged pool
because the pool was empty.

Event ID 2020- The server was unable to allocate from the system paged pool
because the pool was empty.

Source- SRV

https://support.microsoft.com/en-us/kb/177415

9. How to check server if it is not reachable after ping?

We can check Server by using HP ILO remote tool by using web based console or
standalone remote tool

10. How to Reset HP ILO?

Login to HP ILO web based console, go to diagnostic and then click on Reset. It will
take 30 seconds to reset the ILO.
 11. How to create print queue and add printers over the network and assign static IP?

https://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx

AD Interview question with Ericsson:

1. What is FSMO roles?

Flexible Single Master Operation Roles (FSMO) Active Directory has five
special roles which are vital for the smooth running of AD as a multimaster
system. Some functions of AD require there is an authoritative master to which
all Domain Controllers can refer to.

FSMO roles are divided into two parts.

Forest Wide- Schema Master and Domain Naming Master

Domain wide- PDC Emulator, RID Master and Infrastructure Master.

2. What is DN (Distinguished Name)?

All access to Active Directory is carried out through LDAP, and every object in
Active Directory has an LDAP distinguished name. An algorithm automatically
provides an LDAP distinguished name for each DNS domain name.

Or,

Each object in the directory has a distinguished name (DN) that is globally unique
and identifies not only the object itself, but also where the object resides in the
overall object hierarchy. We can think of the distinguished name as the relative
distinguished name of an object concatenated with the relative distinguished
names of all parent containers that make up the path to the object.

An example of a typical distinguished name would be:

CN=wjglenn,CN=Users,DC=contoso,DC=com.

This distinguished name would indicate that the user object wjglenn is in the
Users container, which in turn is located in the contoso.com domain. If the
wjglenn object is moved to another container, its DN will change to reflect its new
position in the hierarchy. Distinguished names are guaranteed to be unique in the
 forest, similar to the way that a fully qualified domain name uniquely identifies an
object’s placement in a DNS hierarchy. We cannot have two objects with the
same distinguished name.

3. What is BSOD & how to troubleshoot?

When the system encounters a hardware problem, data inconsistency, or similar error, it may
display a blue screen containing information that can be used to determine the cause of the error.
This information includes the STOP code and whether a crash dump file was created. It may also
include a list of loaded drivers and a stack trace.

We can use Windbg tool to rectify this problem.

There are three types of BSOD:

(A) Full/complete memory dump-It capture system plus operating system logs.
(B) Kernel memory dump- It capture kernel memory dumps.
(C) Small/Mini memory dump- It capture current used memory dumps.

There are 3 registry values for each memory dump which should be correct
otherwise no memory dump logs will be collected.

Go to Registy and check HKLM/System/CurrentControlSet/control/CrashControl

Crashdumpenabled

Value should be:

Full memory dump-3

Kernel memory dump- 2
Mini memory dump- 1

http://blogs.technet.com/b/askcore/archive/2008/11/01/how-to-debug-kernel-mode-blue-
screen-crashes-for-beginners.aspx

4. What is requirements to configure Clustering?

(a) Make sure that all servers that you want to add as cluster nodes are running the same
version of Windows Server.
(b) Review the hardware requirements to make sure that your configuration is supported.
(c) If you want to add clustered storage during cluster creation, make sure that all servers
can access the storage. (You can also add clustered storage after you create the cluster.)
(d) Make sure that all servers that you want to add as cluster nodes are joined to the same
Active Directory domain.
(e) (Optional) Create an organizational unit (OU) and move the computer accounts for the
servers that you want to add as cluster nodes into the OU. As a best practice, we
recommend that you place failover clusters in their own OU in AD DS. This can help you
 better control which Group Policy settings or security template settings affect the cluster
nodes. By isolating clusters in their own OU, it also helps prevent against accidental
deletion of cluster computer objects.
(f) Make sure that the account you want to use to create the cluster is a domain user who
has administrator rights on all servers that you want to add as cluster nodes.

https://technet.microsoft.com/en-us/library/dn505754.aspx#BKMK_ClusPrereq

5. What is Quorum disk?

A cluster quorum disk is the storage medium on which the configuration database is
stored for a cluster computing network. The cluster configuration database, also called
the quorum, tells the cluster which physical server(s) should be active at any given time.
The quorum disk comprises a shared block device that allows concurrent read/write
access by all nodes in a cluster.

Quorum configuration choices

You can choose from among four possible quorum configurations:

 Node Majority (recommended for clusters with an odd number of nodes)

Can sustain failures of half the nodes (rounding up) minus one. For example, a seven node cluster
can sustain three node failures.

 Node and Disk Majority (recommended for clusters with an even number of nodes)

Can sustain failures of half the nodes (rounding up) if the disk witness remains online. For
example, a six node cluster in which the disk witness is online could sustain three node failures.

Can sustain failures of half the nodes (rounding up) minus one if the disk witness goes offline or
fails. For example, a six node cluster with a failed disk witness could sustain two (3-1=2) node
failures.
 Node and File Share Majority (for clusters with special configurations)

Works in a similar way to Node and Disk Majority, but instead of a disk witness, this cluster uses a
file share witness.

Note that if you use Node and File Share Majority, at least one of the available cluster nodes must
contain a current copy of the cluster configuration before you can start the cluster. Otherwise, you
must force the starting of the cluster through a particular node. For more information, see
"Additional considerations" in Start or Stop the Cluster Service on a Cluster Node.
 No Majority: Disk Only (not recommended)

Can sustain failures of all nodes except one (if the disk is online). However, this configuration is
not recommended because the disk might be a single point of failure.
 6. What is Replication and How Inter site replication works?

Except for very small networks, directory data must reside in more than one place on the network to be
equally useful to all users. Through replication, the Active Directory® directory service maintains replicas
of directory data on multiple domain controllers, ensuring directory availability and performance for all
users. Active Directory uses a multimaster replication model, allowing you to make directory changes at
any domain controller, not just at a designated primary domain controller. Active Directory relies on the
concept of sites to help keep replication efficient, and on the Knowledge Consistency Checker (KCC) to
automatically determine the best replication topology for the network.

Intersite Replication- Active Directory Domain Services (AD DS) handles replication between
sites, or intersite replication, differently than replication within sites because bandwidth between
sites is usually limited. The Active Directory Knowledge Consistency Checker (KCC) builds the
intersite replication topology using a least-cost spanning tree design. Intersite replication is
optimized for bandwidth efficiency. Directory updates between sites occur automatically based on
a configurable schedule. Directory updates that are replicated between sites are compressed to
preserve bandwidth.

IP, SMTP protocol used for Intersite replication.

7. How will you schedule Replication between two Sites, if you have 5000 Employees in
each site and slower WAN links?

We can schedule replication during non-business hours or the specific time when
network/bandwidth utilization is very less.

8. What is KDC?

The Kerberos Key Distribution Center (KDC) is a network service that supplies
session tickets and temporary session keys to users and computers within
an Active Directory domain. The KDC runs on each domain controller as part
of Active Directory Domain Services (ADDS).

Or,

The Key Distribution Center (KDC) is implemented as a domain service. It

uses the Active Directory as its account database and the Global Catalog for
directing referrals to KDCs in other domains.

9. What is KCC?

The KCC (Knowledge Consistency Checker) is a built-in process that runs on all domain
controllers. It is a dynamic-link library that modifies data in the local directory in response to
system wide changes, which are made known to the KCC by changes to the data within Active
 Directory. The KCC generates and maintains the replication topology for replication within sites
and between sites..

The KCC has two major functions:

 Configures replication connections (connection objects) between domain controllers. Each
connection object defines incoming replication from a replication partner. Within a site, each KCC
generates its own connections. For replication between sites, a single KCC per site generates all
connections between sites.
 Converts the connection objects that represent inbound replication to the local domain controller
into the replication agreements that are actually used by the replication engine.
By default, the KCC reviews and makes modifications to the Active Directory replication topology every
15 minutes to ensure propagation of data, either directly or transitively, by creating and deleting
connection objects as needed. The KCC recognizes changes that occur in the environment and ensures
that domain controllers are not orphaned in the replication topology.

10. How to check Replication topology?

To check the replication topology

1. Open Active Directory Sites and Services.

2. In the console tree, click the domain controller you want to use to check replication topology.

Where?
o Active Directory Sites and Services/Sites/site that contains the domain controller whose
replication topology you want to check/Servers/server you want to use to check replication
topology
3. In the details pane, right-click NTDS Settings, point to All Tasks, and then click Check
Replication Topology.

The repadmin /showrepl command helps you understand the replication topology and
replication failures.

11. What is SPN?

A service principal name (SPN) is the name by which a client uniquely identifies
an instance of a service. If you install multiple instances of a service on
computers throughout a forest, each instance must have its own SPN.

12. What is USN?

An update sequence number (USN) is a 64-bit number in
Active Directory that increments time as changes
occur. Local counters on every domain controller
assign USNs

13. An administrator changed something in group policy and you have to find out, what was
changes and who made it, How will you approach for this?

We can monitor each and every changes made in Group policy by using Advanced Group
policy Management tool.

We can check event viewer for event ID 1704 source SceCli if group policy has been
applied or not.

https://technet.microsoft.com/en-us/windows/hh826067.aspx

14. What is difference between a user account and Service account?

User account is used to access files and folders perform day to day task as per end user
requirements however service account is used to start/run specific service and while
creating service account User password never expired and user cannot change password
should be checked, so that service can run without any interruption.

15. How many types of Backup available in Windows Server?

Copy backup
A copy backup copies all the files you select, but does not mark each file as having been backed up (in
other words, the archive attribute is not cleared). Copying is useful if you want to back up files between
normal and incremental backups because copying does not affect these other backup operations.

Daily backup
A daily backup copies all the files that you select that have been modified on the day the daily backup is
performed. The backed-up files are not marked as having been backed up (in other words, the archive
attribute is not cleared).

Differential backup
A differential backup copies files that have been created or changed since the last normal or incremental
backup. It does not mark files as having been backed up (in other words, the archive attribute is not
cleared). If you are performing a combination of normal and differential backups, restoring files and
folders requires that you have the last normal as well as the last differential backup.

Incremental backup
An incremental backup backs up only those files that have been created or changed since the last normal
or incremental backup. It marks files as having been backed up (in other words, the archive attribute is
cleared). If you use a combination of normal and incremental backups, you will need to have the last
normal backup set as well as all incremental backup sets to restore your data.

Normal backup
A normal backup copies all the files you select and marks each file as having been backed up (in other
words, the archive attribute is cleared). With normal backups, you only need the most recent copy of the
backup file or tape to restore all of the files. You usually perform a normal backup the first time you create
a backup set.
Backing up your data using a combination of normal backups and incremental backups requires the least
amount of storage space and is the quickest backup method. However, recovering files can be time-
consuming and difficult because the backup set might be stored on several disks or tapes.
Backing up your data using a combination of normal backups and differential backups is more time-
consuming, especially if your data changes frequently, but it is easier to restore the data because the
backup set is usually stored on only a few disks or tapes.

For Windows 2008 Server and above:

We need to install windows backup server role from server manager.

 Or, we can use Wbadmin command-line tool

https://technet.microsoft.com/en-us/library/cc770266(v=ws.10).aspx

16. We have two group scope Domain Local and Global. We have three domain controllers.
We have created both group on one DC and wanted to have access files stored from all
three DCs, do we need to change anything or how you will assign security or group
nesting accordingly?

17. Somehow an OU got deleted and we want to restore it how will you approach?

To restore a deleted Active Directory object using Ldp.exe

1. Open Ldp.exe from an elevated command prompt. Open a command prompt (Cmd.exe) as an
administrator. To open a command prompt as an administrator, clickStart. In Start Search,
type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then
click Run as administrator. If the User Account Control dialog box appears, enter the
appropriate credentials (if requested), confirm that the action it displays is what you want, and
then click Continue.
2. To connect and bind to the server that hosts the forest root domain of your AD DS environment,
under Connections, click Connect, and then click Bind.
3. On the Options menu, click Controls.
4. In the Controls dialog box, expand the Load Predefined drop-down list, click Return Deleted
Objects, and then click OK.
5. In the console tree, navigate to the CN=Deleted Objects container.
 6. Locate and right-click the deleted Active Directory object that you want to restore, and then
click Modify.
7. In the Modify dialog box:
a. In Edit Entry Attribute, type isDeleted.
b. Leave the Values box empty.
c. Under Operation, click Delete, and then click Enter.
d. In Edit Entry Attribute, type distinguishedName.
e. In Values, type the original distinguished name (also known as DN) of this
Active Directory object.
f. Under Operation, click Replace.
g. Make sure that the Extended check box is selected, click Enter, and then click Run.

18. What is difference between Windows Server 2003 & 2008 BSOD troubleshooting?

19. What is SCRM?

20. What is LDAP and how it works with Active Directory & Port number for LDAP,
SLDAP?
https://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx

21. A user is trying to login on a machine and getting server cannot be found what is the
cause behind this error?
DNS, Role and replication check.

22. A user want to configure both his LAN and WI-FI to connect with Internet but he wants
to configure it like one get connected then second connection would be
disabled/disconnected automatically, how will you approach for this?

23. What is Stale record?

The DNS Server service supports aging and scavenging features. These features are provided as a
mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone
data over time.
With dynamic update, resource records are automatically added to zones when computers start on the
network. However, in some cases, they are not automatically removed when computers leave the network.
For example, if a computer registers its own host (A) resource record at startup and is later improperly
disconnected from the network, its host (A) resource record might not be deleted. If your network has
mobile users and computers, this situation can occur frequently.
If left unmanaged, the presence of stale resource records in zone data may cause some problems:

 If a large number of stale resource records remain in zones, they can eventually take up server
disk space and cause unnecessarily long zone transfers.

 Domain Name System (DNS) servers that load zones that contain stale resource records might
use outdated information to answer client queries, potentially causing the clients to experience
name resolution problems on the network.
 The accumulation of stale resource records at the DNS server can degrade its performance and
responsiveness.
 In some cases, the presence of a stale resource record in a zone can prevent a DNS domain name
from being used by another computer or host device.

If any object is not is use by default 7 days then it will be considered as stale record.

24. How Active directory database stored Objects, explain its Hierarchy?

 Four interfaces:

o Lightweight Directory Access Protocol (LDAP)

o Replication (REPL) and domain controller management interface
o Messaging API (MAPI)
o Security Accounts Manager (SAM)
 Three service components:
o Directory System Agent (DSA)
o The database layer
o Extensible Storage Engine (ESE)
 The directory database where the data is actually stored

https://technet.microsoft.com/en-us/library/cc759186(v=ws.10).aspx

25. How can we perform patching on servers?

https://technet.microsoft.com/en-us/library/Cc708536(v=WS.10).aspx
Using Group policy and WSUS.

26. In which form Group policy stored in SYSVOL folder?

GPC (Group Policy Container) and GPT (Group Policy Template)
GPO has string name which is known as GUID (Globally Unique Identifier)

27. What process works in background when a newly created domain user logged into the
system? Explain step by step.
MSGINA, LDAP, KDC, Kerberos

28. What is the version of Kerberos in Windows 2008 server?

Version 5
29. What is new in Active Directory 2012?
https://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA312
30. Active Directory user account is locking out again and again. How will you troubleshoot?
 There is Microsoft tool called Account Lockout and Management
Tools through which we can check the same and with the help of
event viewer we can find cause of this problem.
31. How to install recycle bin in windows server 2008 R2?

By using Command Shell Enable ADOptional feature command

First we need to raise forest functional level to windows 2008 R2

32. What is recursive and Iterative query?

With a recursive name query , the DNS client requires that the DNS server respond to the
client with either the requested resource record or an error message stating that the record
or domain name does not exist. The DNS server cannot just refer the DNS client to a
different DNS server.
Thus, if a DNS server does not have the requested information when it receives a
recursive query, it queries other servers until it gets the information, or until the name
query fails.
Recursive name queries are generally made by a DNS client to a DNS server, or by a
DNS server that is configured to pass unresolved name queries to another DNS server, in
the case of a DNS server configured to use a forwarder.

An iterative name query is one in which a DNS client allows the DNS server to return the
best answer it can give based on its cache or zone data. If the queried DNS server does
not have an exact match for the queried name, the best possible information it can return
is a referral (that is, a pointer to a DNS server authoritative for a lower level of the
domain namespace). The DNS client can then query the DNS server for which it obtained
a referral. It continues this process until it locates a DNS server that is authoritative for
the queried name, or until an error or time-out condition is met.
This process is sometimes referred to as "walking the tree," and this type of query is
typically initiated by a DNS server that attempts to resolve a recursive name query for a
DNS client.

33. Dcdiag command

Analyzes the state of domain controllers in a forest or enterprise and reports any problems to
help in troubleshooting.

34. What is DORA process in DHCP?

35. What is MBR & what is size of it?
36. What are difference between HP G6 and G7 generations?

Features of the G6 server:

• It is highly automated and claims to manage seamlessly no matter where or what time.
• It optimizes system performance with the help of the Intel xenon Processors 5600 or
5500. These processors have enables it to give higher performance and better power
efficiency.

• It gives great ease of service.

• Expandability or flexibility: It can expand the storage support of maximum 24 small

form factors / 12 large ones.

• It claims to give up to 92% of efficiency. It has got power capping system to reduce the
wastage of power.

New in the G7:

• Generation 7 has been optimized taking into consideration the large amount of
memory needed for all the expansion (Input or Output –I/O expansion)

• It is having 8-12 core processors with cache of up to 12MB or L3 cache

• DIMM slots of 24DDR3 and 1333MHz

• Hard drives with either 2 large form factors or four factors of small form.

• 2 slots for expansion of upto2 PCI Express generation.

Difference between HP G6 and G7 Servers

Following are some of the features where G7 differences and equalizes G6 and proves

it to be better than others

• G7 has new iLo3 – Integrated Lights-Out Advanced, HP Insight control and Intelligent

Power discovery.

• Both contain technology to cap on the power usage.

• Thus combining all it gives a state of automation with energy saving which claims to

reduce the energy cost by up to 96 percent.

• It has got the ability to spare memory in the virtual machine to repair it even without

physical server and other virtual machines down.

• It has less complexity at network handling because of automation in server

connectivity to data and to the storage networks.

37. A user have 2TB space assigned on file server and he wants one more TB space and there
is Storage disk, so do we need to change anything on file Server?
38. How will troubleshoot performance issue in Servers?
39. What is windows backup, explain?
40. RAID 5
41. What is lingerie object in AD?
42. What is Tombstone?
43. What is Bridgehead Server?
44. We have 100 server in an OU and there is policy applied on that OU. You want to block
that policy on specific five server, you don’t have to use Block Policy Inheritance option.
How will you approach?
45. What is Clustering?
46. What is Fine grained password policy?
47. What is page file?
48. What is PERFMON and how to set counter for RAM usage?
49.
 DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK

Summary of system administration tasks

A system administrator has numerous tasks to perform. They can be divided into
groups according to how often they are carried out. The following list of tasks ranges
from those that must be performed more often than once a day to those that need be
performed less often than once a month. The administrator may have to do some of
the tasks in the following list more or less often, depending upon the size and
complexity of the system.

Task list

As needed tasks For more information:

[] Create/modify user accounts. ``Adding and modifying user accounts''
[] Record all system modifications and events in log. ``Keeping a system log''
[] Be on call to restart the system after panics, crashes, ``Starting the system'' and ``System
power spikes. crashes''
[] Maintain security of hardware, software, data file ``Maintaining system security''
access.
Daily tasks For more information:
[] Perform scheduled backups (if configured). ``Running scheduled backups''
[] Check usage levels. ``ps -- check process activity''
[] Check for runaway processes. ``Runaway processes''

[] Check disk space. ``Maintaining free space in filesystems''

[] Check mail functionality, connections. ``Checking for MMDF problems''
[] Check printer status with lpstat -t. Man page for lpstat(C)
[] Check auditing output, if activated. ``Generating audit reports''
[] Check UUCP communications links, if active. ``Generating log reports on usage: uulog''
[] Check for unattended login sessions. manual page for who(C)
Weekly tasks For more information:
[] Verify system software (checks permissions, links, ``Verifying software''
and missing or corrupted files) -- best done after work
hours.
[] Check printer spooler status report. Check lp(C) account mailbox for
messages
[] Check log files such as /etc/wtmp and those ``Checking and clearing system log
in /usr/adm and /usr/spool and clear, trim, or truncate. files''
[] Use sar(ADM) to generate a report of activity. ``sar -- system activity reporter''
[] Generate detailed report of user disk utilization. ``Displaying filesystem and directory
usage statistics'' -- see description
of quot(ADM)
[] Remove temporary files including lost+found files ``Finding temporary files''
and .out files.
Monthly tasks For more information:
[] If you are not doing scheduled backups, perform an ``Running unscheduled
unscheduled (level 0) backup. filesystem backups''
[] Re-tune system and re-allocate resources, if necessary. ``Managing performance''
[] Perform tape drive maintenance: clean heads and retension tape(C) manual page
drive using tape reten command
[] Change dial-in passwords, if necessary. ``Setting passwords for dial-in
lines''
[] Change root password, if necessary. ``Setting or changing a user
password''
Occasional tasks For more information:
[] Upgrade system and application software, Late News and Getting Started Guide
as needed.
[] Check for configuration errors, including ``Checking system configuration''
verification of system software
[] Re-distribute space in filesystems. ``Adding disk space and restructuring
filesystems'' or ``Maintaining free space in
filesystems''
[] Find SUID or SGID files, check owner, ``Locating files''
size. Locate huge (over 64 Mbyte) files and
verify their purpose.
[] Find ``orphan'' files (files belonging to ``Changing ownership of files with an obsolete
deleted users). UID/GID''

Previous topic: Hardware considerations

© 2003 Caldera International, Inc. All rights reserved.

SCO OpenServer Release 5.0.7 -- 11 February 2003
ADSI Edit (Adsiedit.msc)
Opens and edits the Active Directory Services Interface for domain, schema, and configuration
containers.

Active Directory Administration Tool (Ldp.exe)

Performs Lightweight Directory Access Protocol (LDAP) operations on Active Directory.

Directory Services Access Control Lists Utility (Dsacls.exe)

Manages access control lists (ACLs) for objects in Active Directory.

Distributed File System Utility (Dfsutil.exe)

Manages the Distributed File System (DFS) and displays DFS information.

DNS Server Troubleshooting Tool (Dnscmd.exe)

Manages properties of Domain Name System (DNS) servers, zones, and resource records.

Replication Diagnostics Tool (Repadmin.exe)

Manages and monitors replication using the command line.

Windows Domain Manager (Netdom.exe)

Allows domain and trust relationships management from the command line.

*********************************************
Microsoft Free tools for AD:
1. Active Directory Best Practices Analyzer
2. MPS Reports
3. Repadmin and Replsum
4. DCDiag /Test:DNS
5. DNSCMD Command-Line Tool

Event Source Event ID Reference

FRS 13508, 13509, 13512, 13522, 13567, 13568 See "Troubleshooting FRS."

Netlogon 5774, 5775, 5781, 5783, 5805 See "Troubleshooting Active DirectoryR

NTDS 1083, 1265, 1388, 1645 "See Troubleshooting Active Directory R

UserEnv 1085 "See Troubleshooting Active Directory R

W32Time 13, 14, 52-56, 60-64 "See Troubleshooting Windows Time Se

Tool Location Function

Active Directory Domains and Windows 2000 Administrative Tools Pack Administer domain trusts, add user principal na
Trusts snap-in

Active Directory Sites and Windows 2000 Administrative Tools Pack Administer the replication of directory data.
Services snap-in

Active Directory Users and Windows 2000 Administrative Tools Pack Administer and publish information in the direc
Computers snap-in

ADSI Edit, MMC snap-in Windows 2000 Support Tools View, modify, and set access control lists (ACLs)

Backup Wizard Windows 2000 operating system tool Back up and restore data.

Control Panel Windows 2000 View and modify computer, application, and ne

Dcdiag.exe Windows 2000 Support Tools andWindows Analyze the state of domain controllers in a for
2000 Server Resource Kit reporting any problems.

DNS snap-in Windows 2000 Administrative Tools Pack Manage DNS.

Dsastat.exe Windows 2000 Support Tools Compare directory information on domain cont

Event viewer Windows 2000 Administrative Tools Pack Monitor events recorded in event logs.

Ipconfig.exe Windows 2000 operating system tool View and manage network configuration.

Ldp.exe Windows 2000 Support Tools Perform Lightweight Directory Access Protocol

Linkd.exe Windows 2000 Server Resource Kit Create, delete, update, and view the links that a

MMC Windows 2000 Create, save, and open administrative tools (cal
software, and network components.

Netdiag.exe Windows 2000 Server Resource Kit and Check end-to-end network connectivity and dis
Windows 2000 Support Tools

Netdom.exe Windows 2000 Support Tools Allow batch management of trusts, joining com
secure channels.

Net use, start, stop, del, copy, Windows 2000 operating system tool Perform common tasks on network services, inc
time network resources.
 Nltest.exe Windows 2000 Support Tools Verify that the locator and secure channel are fu

Ntdsutil.exe Windows 2000 operating system tool Manage Active Directory, manage single maste

Ntfrsutl.exe Windows 2000 Server Resource Kit View and manage FRS configuration.

Performance Monitor Windows 2000 operating system tool View system performance data, performance lo

Pathping.exe Windows 2000 operating system tool Trace a route from a source to a destination on
packet loss.

Ping.exe Windows 2000 operating system tool Verify network connectivity.

Regedit.exe Windows 2000 operating system tool View and modify registry settings.

Repadmin.exe Windows 2000 Support Tools Verify replication consistency between replicati
replication metadata, and force replication even

Replmon.exe Windows 2000 Support Tools Display replication topology, monitor replicatio
topology recalculation.

Secedit.exe Windows 2000 operating system tool Manage Group Policy settings.

Services snap-in Windows 2000 Administrative Tools Pack Start, stop, pause, or resume system services on
startup and recovery options for each service.

Setspn.exe Windows 2000 Support Tools Manage security principal names (SPNs).

Task Manager Windows 2000 View processes and performance data.

Terminal Services Windows 2000 Access and manage computers remotely.

W32tm Windows 2000 operating system tool Manage Windows Time Service.

Windows Explorer Windows 2000 Access files, Web pages, and network locations

1. Difference between Basic and Dynamic disks.

The following operations can be performed only on basic disks:

 Create and delete primary and extended partitions.
 Create and delete logical drives within an extended partition.
 Format a partition and mark it as active.

The following operations can be performed only on dynamic disks:

 Create and delete simple, spanned, striped, mirrored, and RAID-5 volumes.
 Extend a simple or spanned volume.
 Remove a mirror from a mirrored volume or break the mirrored volume into two volumes.
 Repair mirrored or RAID-5 volumes.
 Reactivate a missing or offline disk.

The operations common to basic and dynamic disks are the following:
 Support both MBR and GPT partition styles.
 Check disk properties, such as capacity, available free space, and current status.
 View partition properties, such as offset, length, type, and if the partition can be used as the
system volume at boot.
 View volume properties, such as size, drive-letter assignment, label, type, Win32 path name,
partition type, and file system.
 Establish drive-letter assignments for disk volumes or partitions, and for CD-ROM devices.
 Convert a basic disk to a dynamic disk, or a dynamic disk to a basic disk.

 A basic disk uses primary partitions, extended partitions, and logical drives to organize data. A
formatted partition is also called a volume (the terms volume and partition are often used
interchangeably). In this version of Windows, basic disks can have either four primary partitions or
three primary and one extended partition. The extended partition can contain multiple logical
drives (up to 128 logical drives are supported). The partitions on a basic disk cannot share or split
data with other partitions. Each partition on a basic disk is a separate entity on the disk.

 Dynamic disks can contain a large number of dynamic volumes (approximately 2000) that
function like the primary partitions used on basic disks. In some versions of Windows, you can
combine separate dynamic hard disks into a single dynamic volume (called spanning), split data
among several hard disks (called striping) for increased performance, or duplicate data among
several hard disks (called mirroring) for increased reliability.

2. Difference between Windows Server PowerShell version:

Windows PowerShell 4.0:

 Windows Server 2012 R2

  Windows Server 2012
 Windows Server 2008 R2
 Windows 8.1
 Windows 7 with SP1

Windows PowerShell 3.0:

 Windows Server 2012

 Windows Server 2008 R2
 Windows Server 2008 SP2
 Windows 8
 Windows 7 with SP1