Interview Questions.

Q1. Non-authoritative Restore Of Active Directory?

Non-authoritative restore is restore the domain controller to its kingdom on the time of backup, and permits everyday replication to overwrite restored domain controller with any adjustments which have befell after the backup.

After device state repair, domain controller queries its replication partners and get the changes after backup date, to ensure that the domain controller has an accurate and up to date reproduction of the Active Directory database.

Non-authoritative repair is the default method for restoring Active Directory, just a restore of gadget nation is non-authoritative repair and on the whole we use this for Active Directory data loss or corruption.

Q2. Gpo Apply Order When Multiple Group Policy Objects Are Assigned, The Group Policies Are Applied In The Following Order:?

The nearby organization policy object is implemented first

Then, the organization policy objects related to websites are applied

If multiple GPOs exist for a site, they may be implemented within the order distinctive with the aid of an administrator

GPOs linked to the domain names are implemented inside the designated order

Finally, GPOs related to OUs are carried out

The OU institution coverage gadgets are set from the biggest to the smallest organizational unit, i.E., first the figure OU and then the kid OU.

By default, a coverage applied later overwrites a policy that became applied in advance. Hence, the settings in a toddler OU can override the settings inside the figure OU

Group coverage settings are cumulative if they're well matched with each other. In case they conflict with each other, the GPO processed later takes precedence.

Q3. Can We Restore A Schema Partition?

Http://www.Windowstricks.In/2014/01/can-i-repair-schema-partition.Html

Q4. What Are Prerequisites To Do The Dns Scavenging?

Scavenging should be enabled on DNS server and on the quarter you want to scavenging.

DNS information must be dynamically introduced to zones or you may manually modified the timestamp configuration.

Q5. What Are Active Directory Partitions Can Be Restored?

You can authoritatively repair handiest gadgets from configuration and domain partition. Authoritative restores of schema-naming contexts are not supported.

Q6. What Is Gpo?

Group coverage item (GPO) is a set of institution coverage settings. It can be created using a Windows software called the Group Policy snap-in. GPO influences the user and pc debts located in sites, domains, and organizational gadgets (OUs). The Windows 2000/2003 working systems help two varieties of GPOs, local and non-nearby (Active Directory-based totally) GPOs.

Q7. What Is No Override? Block Policy Inheritance?

The following are the exceptions in regards to the above-cited settings:

 No Override:

Any GPO may be set to No Override. If the No Override configuration is set to a GPO, no coverage configured within the GPO may be overridden. If more than one GPO has been set to No Override, then the one that is the very best in the Active Directory hierarchy takes precedence

Block Policy Inheritance: 

The Block Policy Inheritance choice may be carried out to the web page, area, or OU. It deflects all group coverage settings that reach the web site, area, or OU from the item higher within the hierarchy. However, the GPOs configured with the No Override option are always implemented.

Q8. What Is Netlogon Folder?

Netlogon folder comprise logon/logoff/startup/shutdown scripts which is in the Sysvol folder.

Q9. Following Are The Rules Regarding Group Policy Inheritance:

A policy placing is configured (Enabled or Disabled) for a determine OU, and the identical coverage putting is not configured for its baby OUs. The toddler OUs inherit the figure’s policy

A policy setting is configured (Enabled or Disabled) for a parent OU, and the same policy putting is configured for its infant OUs. The toddler OUs settings override the settings inherited from the figure’s OU

If any policy isn't always configured, no inheritance takes area

Compatible coverage settings configured on the determine and toddler OUs are accumulated.

Incompatible coverage settings from the figure OU aren't inherited.

Q10. How To Take Active Directory Backup?

System nation backup will backup the Active Directory, NTbackup can be used to backup lively directory.

Q11. Authoritative Restore Of Active Directory?

An authoritative restore is next step of the non-authoritative restore method. We have do non-authoritative restore before you could carry out an authoritative repair. The primary difference is that an authoritative restore has the capability to increment the model wide variety of the attributes of all gadgets or an individual item in an entire listing, this will make it authoritative repair an object within the listing. This can be used to restore a single deleted consumer/institution and occasion an entire OU.

In a non-authoritative repair, after a website controller is lower back on line, it will touch its replication partners to decide any changes since the time of the remaining backup. However the model wide variety of the object attributes which you need to be authoritative could be higher than the existing model numbers of the attribute, the item at the restored domain controller will appear like extra latest and consequently, restored object will be replicated to other area controllers in the Domain.

Q12. When The Record Refreshes Happen? (dynamic Updates Of Record)?

Every DNS document time stamp been up to date While the time of pc restart

A periodic refresh is despatched with the aid of the pc each 24 hours.

Network offerings make refresh attempts, like DHCP servers, which renew client address, cluster servers, which sign up and update statistics for a cluster, and the Net Logon provider, which can register and update aid information which might be utilized by AD area controllers So that the file no longer taken as a stale DNS report.

Q13. Tel Me About Non-authoritative Restore Of Sysvol Or D2 Restore?

D2 is the default technique for restoring SYSVOL and happens mechanically when you do a non-authoritative repair of the Active Directory

When you non-authoritatively repair the SYSVOL, the neighborhood replica of SYSVOL at the restored domain controller is in comparison with that of its replication companions. After the domain controller restarts, it replicates the any necessary changes, bringing it up to date with the other domain controllers inside the area.

Q14. What Is Schema?

Active directory schema is the set of definitions that define the types of object and the form of statistics about the ones items that may be stored in Active Directory

Active directory schema is Collection of item class and there attributes

Object Class = User

Attributes = first name, ultimate call, e mail, and others

Q15. What Is Use Active Directory Partitions? And How To Find The Active Directory Partitions And There Location?

Schema Partition – It shop information about objects and attributes. Replicates to all area controllers inside the Forest

DN area is CN=Schema,CN=Configuration,DC=Domainname, DC=com

Configuration Partition – It store details about the AD configuration records like, Site, web site-hyperlink, subnet and different replication topology facts. Replicates to all domain controllers in the Forest

DN Location is CN=Configuration,DC=Domainname,DC=com

Domain Partitions – item facts for a site like person, pc, institution, printer and other Domain specific statistics. Replicates to all domain controllers within a domain

DN Location is DC=Domainname,DC=com

Application Partition – information approximately packages in Active Directory. Like AD included DNS is used there are  utility walls for DNS zones – ForestDNSZones and DomainDNSZones, see greater

Q16. What Is Active Directory?

Active Directory (AD) is a directory carrier evolved through Microsoft and used to save items like User, Computer, printer, Network statistics, It facilitate to control your network efficiently with a couple of Domain Controllers in specific place with AD database, capable of control/trade AD from any Domain Controllers and this will be replicated to all other DC’s, centralized Administration with more than one geographical region and authenticates users and computers in a Windows domain.

Q17. How To Force The Dns Dynamic Update?

Simple way is restart the gadget which trigger the DNS Dynamic Update, we will user the below command to force DNS Dynamic Update

Ipconfig /registerdns

You can also restart the netlogon provider on carrier.Msc

Q18. What Are All The Active Directory Partitions?

Schema

Configuration

Domain

Application partition

Q19. What Is Dynamic Dns Record?

The report created dynamically by means of patron/server on DNS region, mechanically introduced to zones whilst computers start on the community.

Q20. Any Sysvol Issues Which You Have Faced In Your Environment?

USN journal wrap Error on sysvol

Morphed folder on Sysvol

FRS replication troubles

Sysvol share no longer sharing on.

Q21. Tel Me About Active Directory Database And List The Active Directory Database Files?

NTDS.DIT

EDB.Log

EDB.Che

Res1.Log and Res2.Log

All AD adjustments didn’t write directly to NTDS.DIT database file, first write to EDB.Log and from log file to database, EDB.Che used to tune the database update from log record, to understand what changes are copied to database document.

NTDS.DIT: NTDS.DIT is the AD database and keep all AD items, Default area is the %machine rootpercentnrdsnrds.Dit, Active Directory database engine is the extensible garage engine which us based on the Jet database

EDB.Log: EDB.Log is the transaction log file when EDB.Log is complete, it's far renamed to EDB Num.Log wherein num is the growing quantity beginning from 1, like EDB1.Log

EDB.Che: EDB.Che is the checkpoint report used to hint the information not but written to database file this suggest the place to begin from which statistics is to be recovered from the log record in case if failure

Res1.Log and Res2.Log:  Res is reserved transaction log document which provide the transaction log record enough time to shutdown if the disk didn’t have enough area.

Q22. What Is Domain?

Active Directory Domain Services is Microsoft’s Directory Server. It gives authentication and authorization mechanisms as well as a framework inside which other associated offerings can be deployed.

Q23. What Is Scavenging Period?

Default value for Scavenging is seven days (the minimum allowed fee for this is one hour)

scavenging time on DNS quarter is the server to decide while a region will become to be had for scavenging

So 7 + 7, each 14 days

Q24. Tel Me About Authoritative Restore Of Sysvol Or D4 Restore?

IN D4 restore a replica of SYSVOL this is restored from backup is authoritative for the domain. After the essential configurations had been made, Active Directory marks the neighborhood SYSVOL as authoritative and it's miles replicated to the alternative domain controllers in the area.

Q25. Is Group Policy From Parent Domain Can Be Inherited To Child Domain?

Group Policy Inheritance:

The institution rules are inherited from discern to toddler inside a site. They aren't inherited from determine domain to child area.

Q26. Active Directory Restores Types?

Authoritative restore

Non-authoritative restore

Q27. How Perform A Non-authoritative Restore?

Just start the area controller in Directory Services Restore Mode and carry out machine kingdom restore from backup

Q28. How Many Domain Controllers Need To Back Up? Or Which Domain Controllers To Back Up?

Minimum requirement is to again up two area controllers in each domain, one should be an operations master role holder DC, no need to backup RID Master (relative ID) due to the fact RID master must now not be restored.

Q29. What Is Scavenging Servers? Is Dns Scavenging Configured In All Domain Controllers?

Not all DNS servers are Scavenging servers, you may configure/sell DNS server to Scavenging servers.

Zone parameter on superior settings that allows you to specify a constrained list of IP addresses for DNS servers which might be enabled to perform scavenging.

Q30. What Is Active Directory Partitions?

Active Directory partition is how and in which the AD information logically saved.

Q31. What Is Tree?

Tree is a hierarchical association of home windows Domain that percentage a contiguous call space.

Q32. What Is Forest?

Forest includes more than one Domains bushes. The Domain timber in a forest do now not shape a contiguous call space but proportion a not unusual schema and worldwide catalog (GC)

 

Q33. What Are Group Policies?

Group guidelines specify how programs, community assets, and the operating system paintings for users and computer systems in an business enterprise. They are collections of user and laptop configuration settings which are applied on the users and computers (now not on organizations). For higher administration of organization guidelines within the Windows environment, the group coverage items (GPOs) are used.

Q34. What Is Local Gpos/policy?

Local GPOs are used to manipulate policies on a local server jogging Windows 2000/2003 Server. On every Windows 2000/2003 server, a local GPO is stored. The neighborhood GPO impacts handiest the pc on which it's miles stored.

By default, best Security Settings nodes are configured. The relaxation of the settings are both disabled or not enabled. The neighborhood GPO is saved inside the %systemrootp.CSYSTEM32GROUPPOLICY folder.

Q35. What Is Non-nearby Policy?

Non-local GPOs are used to manipulate policies on an Active Directory-based totally network. A Windows 2000/2003 server wishes to be configured as a website controller on the network to use a non-nearby GPO. The non-neighborhood GPOs ought to be linked to a site, area, or organizational unit (OU) to use organization regulations to the person or pc objects.

The non-local GPOs are stored in %systemroot%SYSVOLPOLICIESADM, wherein is the GPO’s globally precise identifier. Two non-nearby GPOs are created by using default when the Active Directory is mounted:

@Default Domain Policy: This GPO is related to the area and it influences all customers and computers inside the domain.

@Default Domain Controllers Policy: This GPO is related to the Domain Controllers OU and it influences all area controllers positioned on this OU. Multiple GPOs.

Q36. How To Check Which Server Holds Which Role?

Netdom query FSMO.

Q37. Can We Restore Backup Of Domain Controller To Other/exclusive Domain Controller?

Backup of 1 area controller can’t be restoring to other area controller, have to be restored to equal domain controller.

Q38. What Is Dns Scavenging?

DNS Scavenging is to cleanup and elimination of stale DNS records, like house responsibilities activity to delete undesirable or unused DNS entries in DNS server/region, it simplest cleanup the dynamic DNS file no longer the document created manually.

Q39. What Is Security Filtering? Filtering Scope Of Gpos?

Although GPOs are connected to the web site, domain, or OUs, and they can't be related to the security agencies directly, making use of permissions to the GPO can filter its scope. The regulations in a non-neighborhood GPO apply best to customers who've the Read and Apply Group Policy permissions set to Allow By specifying appropriate permissions to the safety organizations, the administrators can filter a GPO’s scope for the computer systems and users.

Q40. Tel Me About The Fsmo Roles?

Schema Master

Domain Naming Master

Infrastructure Master

RID Master

PDC

Schema Master and Domain Naming Master are forest wide role and simplest available one on every Forest, Other roles are Domain extensive and one for each Domain.

AD replication is multi grasp replication and trade may be performed in any Domain Controller and could get replicated to others Domain Controllers, except above document roles, this could be flexible single master operations (FSMO), those adjustments only be accomplished on dedicated Domain Controller so it’s unmarried grasp replication.

Q41. How To D2 And D4 Restore?

Enable BurFlags registry to D2 or D4

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNtFrsParametersBackup/RestoreProcess at Startup

BurFlags

D2, for nonauthoritative mode repair

D4, for an authoritative mode restore

Q42. What Is Active Directory Domain Controller (dc)?

Domain Controller is the server which holds the AD database, All AD adjustments get replicated to different DC and vise vase.

Q43. How To Configure Active Directory Partitions?

You can handiest configure the Application partition manually to use with AD integrated packages.

Q44. If Dns Dynamic Updates Not Working What Are The Checks Needs To Do?

Check the primary DNS configuration on the device, Primary DNS server should be accessible from patron if you want to check in DNS report.

Register this connections addresses in DNS must be decided on on network card homes (enhance alternatives where you configure the IP Address).

Also Check the DHCP configuration if the controlled through DHCP.