0
Active Directory
Active Directory is a set of networking services made by Microsoft. Questions about using and configuring Active Directory belong here.
849 Questions
Can the physical machine domain login in virtual server?
Yes,
You can
COndition: both should be able to ping each other ie subnet should be recognized by each other
if in a domain or workgroup they will be able to communicate
Does a domain controller always run on a dedicated server?
YES a DC needs a dedicated server to function
Admin Role Separation
How do you change Win2003 Active Directory user name alias?
type dsa.msc on run command
, open the user profile and change the alias for user name
Server Core
What are the components of DNS?
DNS COMPONENTS:
The DNS consists of three components. The first is a "Name Space" that establishes the syntactical rules for creating and structuring legal DNS names. The second is a "Globally Distributed Database" implemented on a network of "Name Servers". The third is "Resolver" software, which understands how to formulate a DNS query and is built into practically every Internet-capable application.
(A) Name Space:
The DNS "Name Space" is the familiar inverted tree hierarchy with a null node named "" at the top. The child nodes of the root node are the Top Level Domains (TLDs)-.com, .net, .org, .gov, .mil-and the country code TLDs, including .jp, .uk, .us, .ca, and so forth. Node names, known as labels, can be as many as 63 characters long, with upper- and lower-case alphabetical letters, numerals, and the hyphen symbol constituting the complete list of legal characters. Labels cannot begin with a hyphen. Upper- and lower-case letters are treated equivalently. A label can appear in multiple places within the name space, but no two nodes with the same label can have the same parent node: A node name must be unique among its siblings.
(B) Name Servers:
The second key component of the DNS is a globally connected network of "name servers". Each zone has a primary or master name server, which is the authoritative source for the zone's resource records. The primary name server is the only server that can be updated by means of local administrative activity. Secondary or slave name servers hold replicated copies of the primary server's data in order to provide redundancy and reduce the primary server's workload.
Furthermore, name servers generally cache data they have looked up, which can greatly speed up subsequent queries for the same data. Name servers also have a built-in agent mechanism that knows where to ask for data it lacks. If a name server can't find a domain within its zone, it sends the query a step closer to the root, which will resend it yet a step closer if it can't find the domain itself. The process repeats until it reaches a TLD, which ensures that the entire depth of the name space will be queried if necessary.
The combination of all the DNS name servers and the architecture of the system creates a remarkable database. There are more than 32 million domain names in the popular TLDs for which the whois utility works. Nominum, whose chief scientist, Paul Mockapetris, invented DNS, claims that there are more than 100 million domain names stored and that the system can easily handle 24,000 queries per second. The database is distributed-no single computer contains all the data. Nevertheless, data is maintained locally even though it's distributed globally, and any device connected to the IP network can perform lookups. The update serial number mechanism in each zone ensures a form of loose coherency on the network-if a record is out of date, the querier knows to check a more authoritative name server.
(C) Resolver:
The third component of the DNS is the "resolver". The resolver is a piece of software that's implemented in the IP stack of every destination point, or "host" in IETF-speak. When a host is configured, manually or through DHCP, it's assigned at least one default name server along with its IP address and subnet mask. This name server is the first place that the host looks in order to resolve a domain name into an IP address. If the domain name is in the local zone, the default name server can handle the request. Otherwise, the default name server queries one of the root servers. The root server responds with a list of name servers that contain data for the TLD of the query. This response is known as a referral. The name server now queries the TLD name server and receives a list of name servers for the second-level domain name. The process repeats until the local name server receives the address for the domain name. The local server then caches the record and returns the address or other DNS data to the original querier.
The is responsible for managing time synchronization within a domain?
The PDC Emulator page 86 of you 2008 server book, Mr. ITT student.
Infrastructure master
What is the default path for the folder where the active directory log file will be stored?
program file in c:\ drive
What are the two default GPOs that are created when active directory is installed?
Default Domain Policy and Default Domain Controller Policy
Describe and explain an authentication protocol?
http://technet.microsoft.com/en-us/library/bb742516.aspx
Which special identity group controls anonymous access to resources in Window Server 2008?
Anonymous Logon
What is authoritative restore?
An authoritative restore brings a domain or a container back to the state it was in at the time of backup and overwrites all changes made since the backup. If you do not want to replicate the changes that have been made subsequent to the last backup operation, you must perform an authoritative restore. In this one needs to stop the inbound replication first before performing the An authoritative restore.
What is soa in active directory?
SOA Resource Records
Every zone contains a Start of Authority (SOA) resource record at the beginning of the zone. SOA resource records include the following fields:
*
The Owner , TTL , Class , and Type fields, as described in "Resource Record Format" earlier in this chapter.
*
The authoritative server field shows the primary DNS server authoritative for the zone.
*
The responsible person field shows the e-mail address of the administrator responsible for the zone. It uses a period (.) instead of an at symbol (@).
*
The serial number field shows how many times the zone has been updated. When a zone's secondary server contacts the master server for that zone to determine whether it needs to initiate a zone transfer, the zone's secondary server compares its own serial number with that of the master. If the serial number of the master is higher, the secondary server initiates a zone transfer.
*
The refresh field shows how often the secondary server for the zone checks to see whether the zone has been changed.
*
The retry field shows how long after sending a zone transfer request the secondary server for the zone waits for a response from the master server before retrying.
*
The expire field shows how long after the previous zone transfer the secondary server for the zone continues to respond to queries for the zone before discarding its own zone as invalid.
*
The minimum TTL field applies to all the resource records in the zone whenever a time to live value is not specified in a resource record. Whenever a resolver queries the server, the server sends back resource records along with the minimum time to live. Negative responses are cached for the minimum TTL of the SOA resource record of the authoritative zone.
What term is used for transferring active directory information among domain controllers?
replication
What is the name of the directory database that controls access to a Windows Server domain?
Active Directory
A) functional
B) forward
C) backward
D) existing
Does Active Directory use DNS to maintain domain-naming structures and locate network resources?
Yes, when you install Active Directory you must also install DNS (if you haven't already done so). DNS will be consulted for name resolution but it doesn't have to be consulted for all network resources.
What happens if you fail your IGCSE?
If you are studying in a school , you can give the exam the same year. But if you are giving the exam in British council than wait for the next year.
What are the FSMO roles Who has them by default What happens when each one fails?
FSMO stands for the Flexible single Master Operation It has 5 Roles: - * Schema Master: : The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. * Domain naming master: : The domain naming master domain controller controls the addition or removal of domains in the forest. This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. There can be only one domain naming master in the whole forest. * Infrastructure Master:: When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain. : Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross-domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role. * Relative ID (RID) Master: : The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only one domain controller acting as the RID master in the domain. * PDC Emulator: : The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage. : The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner. : :: In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions: : :: Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator. :: Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user. :: Account lockout is processed on the PDC emulator. :: Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator's SYSVOL share, unless configured not to do so by the administrator. :: The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients. :: This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000/2003. The PDC emulator still performs the other functions as described in a Windows 2000/2003 environment. :
Which of the following is true of the tree directory structure?
Trees are collections of one or more domains that allow global resource sharing.
A tree may consist of a single domain or multiple domains in a contiguous namespace. Adding a domain to a tree becomes a child of the tree root domain.
Domain will be called as parent domain to which child domain is attached. A child domain can also have its multiple child domains. Child domain uses the name followed by parent domain name and gets a unique Domain Name System (
For example, if tech.com is the root domain, you can create one or more Child domains to tech.com such as north.tech.com and or south.tech.com. These "children" may also have child domains created under them, such as sales.north.tech.com.
The domains in a tree have two-way, Kerberos transitive trust relationships. A Kerberos transitive trust simply means that if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. Therefore, a domain joining a tree immediately has trust relationships established with every domain in the tree.
In which domain functional level you can rename domain name?
domain functional level should be win2k3 only then you can rename domain controller
(like abc.microsoft.com)
forest functional level should be win2k3 only then you can rename domain name like (microsoft.com)
