0
Active Directory
Active Directory is a set of networking services made by Microsoft. Questions about using and configuring Active Directory belong here.
849 Questions
What is the difference between inter domain routing and intra domain routing and what are they for?
Routing algorithms that are restricted to only work within the domain are referred as intera-domain routing algorithms and if they are not restricted only within the domains then they are inter-domain algorithms.
What does the sysvol folder stores in an active directory?
The sysVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.
The sysvol folder must be located on an NTFS volume The article describes how to use the Burflags registry entry to rebuild each domain controller's copy of the system volume (SYSVOL) tree on all domain controllers in a common Active Directory directory service domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS).
Network clients access the contents of the SYSVOL tree by using the following shared folders:
What is active directory schema?
All databases have a schema which is a formal definition (set of rules) which govern the database structure and types of objects and attributes which can be contained in the database. The schema contains a list of all classes and attributes in the forest.
The schema keeps track of:
- Classes
- Class attributes
- Class relationships such as subclasses (Child classes that inherit attributes from the super class) and super classes (Parent classes).
- Object relationships such as what objects are contained by other objects or what objects contain other objects.
There is a class Schema object for each class in the Active Directory database. For each object attribute in the database, there is an attributeSchema object.
PartitionsActive Directory objects are stored in the Directory Information Tree (DIT) which is broken into the following partitions:
- Schema partition - Defines rules for object creation and modification for all objects in the forest. Replicated to all domain controllers in the forest. Replicated to all domain controllers in the forest, it is known as an enterprise partition.
- Configuration partition - Information about the forest directory structure is defined including trees, domains, domain trust relationships, and sites (TCP/IP subnet group). Replicated to all domain controllers in the forest, it is known as an enterprise partition.
- Domain partition - Has complete information about all domain objects (Objects that are part of the domain including OUs, groups, users and others). Replicated only to domain controllers in the same domain.
- Partial domain directory partition - Has a list of all objects in the directory with a partial list of attributes for each object.
The DIT holds a subset of Active Directory information and stores enough information to start and run the Active Directory service
All reachable computers on the Internet has a IP address like 208.80.152.2
DNS servers are like phone books that store a mapping between a user friendly name like "www.wikipedia.org" so that you don't have to write the servers IP manually.
This is all done automatically by the computer so when you point your browser to www.wikipedia.org, it asks a Domain Name Server (DNS) for the address which is 208.80.152.2, and the browser gets the webpage from the server at that address
Clock Skew
What are the partitions in Active Directory?
1.-schema partition
2.-configuration partition
3.-domain partition
4.-application partition
objectGUID property
unique security identifiers (SIDs)
Each object represents a single entity-whether a user, a computer, a printer, or a group-and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes-the characteristics and information that the object represents- defined by a schema, which also determines the kinds of objects that can be stored in Active Directory.
What shared folder is replicated to each domain controller and stores domain wide information?
SYSVOL folder has all the settings.its a share folder which has database ntds.dit
grp policies/templete, logon procedures etc
What happens when each fsmo fails?
f each one of them fails then below are the effects of the same:-
Schema Master - Schema updates are not available - These are generally planned changes and the first step when doing a schema change is normally something like "make sure your environment is healthy". There isn't any urgency if the schema master fails, having it offline is largely irrelevant until you want to make a schema change.
Domain Naming Master - No new domains or application partitions can be added - This sort of falls into the same "healthy environment" bucket as the schema master. When we upgraded the first DC to a beta Server 2003 OS which included the code to create the DNS application partitions, we couldn't figure why they weren't instantiated until we realized that the server hosting the DNM was offline (being upgraded) at the same time. Infrastructure Master - No cross domain updates, can't run any domain preps - Domain preps are planned (again). But no cross-domain updates. That could be important if you have a multi-domain environment with a lot of changes occurring.
RID Master - New RID pools unable to be issued to DC's - This gets a bit more complicated, but let me see if I can make it easy. Every DC is initially issued 500 RID's. When it gets down to 50% (250) it requests a second pool of RID's from the RID master. So when the RID master goes offline, every DC has anywhere between 250 and 750 RIDs available (depending on whether it's hit 50% and received the new pool).
PDC - Time, logins, password changes, trusts - So we made it to the bottom of the list, and by this point you've figured that the PDC has to be the most urgent FSMO role holder to get back online. The rest of them can be offline for varying amounts of time with no impact at all. Users may see funky behavior if they changed their password, but replication will probably have completed before they call the help desk so nothing to worry about, and trust go back to that whole "healthy forest" thing again.
<a href="http://windows7.iyogi.com/support/tips/windows-7-loader.html">windows 7 loader</a> is a program that will make a non-genuine copy of Windows 7 activated permanently. Windows 7 RTM Ultimate Activation with OEM Information
This activator works only for RTM ULTIMATE (Retail and OEM Edition)
It does NOT work on Ultimate 'E' (European) Edition.
Tested and working on both x86 and x64.
Works in Virtual Environment.
Works with dual-boot
No key is needed for install or activation.
The activation adds the OEM master key for you.
Select your OEM Information
No BIOS modification needed.
It has no boot text.
Uses OEM SLP method.
Supports SLIC and non-SLIC enabled BIOS:
Emulate a SLIC 2.1 enabled BIOS on a PC without SLIC 2.1 present...
Use 'Install 7Loader' to install the certificate & key to activate offline...
Difference between a Local Group Policy and a Domain Group Policy?
Microsoft recommends that access control to computer resources be administered by using groups. In this way, many users that have similar needs for resources can be dropped into a group that has the correct permissions already configured instead of individually modifying each user account.
Group permissions to access resources are configured using group policy. A policy usually addresses one very specific aspect of a system's configuration. There are many policies that can be configured for a group to control system access and behavior.
Local group policy addresses only users who are physically logging into one particular machine such as the server itself or a stand alone operating system. To log into a machine locally, a user must create a unique ID/Password pair that authenticates the local user to the local physical system. Once authenticated to the local physical machine, group policy according to which local group the user is assigned is initiated.
Domain authentication as well as domain group policy is maintained centrally by the server for the domain. Even if a user has configured a local ID/Password pair for their local physical computer, a different and unique ID/Password pair is created to log onto the domain. When a domain user is created, they also must be assigned to a domain group. Once the server for the domain authenticates the domain user, the policy for the domain group the user belongs to is initiated. These policies are centrally administered by the domain administrator instead of each computer in the domain being configured separately for each user. Domain group policy can be configured to control access and behavior for any resource on the entire domain including resources on client computers. Local group policy can only control what is on the local machine at which a user is sitting. Finally, domain group policy supersedes any local group policy.
What authentication protocol is used in Windows Server 2008?
NTLM AND kerberos
Microsoft adopted Kerberos as the preferred authentication protocol for Windows 2000 and subsequent Active Directory domains.[5] Kerberos is typically used when a server belongs to a Windows Server domain, or if a trust relationship with a Windows Server Domain is established in some other way (such as Linux to Windows AD authentication).[citation needed]
NTLM is still used in the following situations:
* The client is authenticating to a server using an IP address.
* The client is authenticating to a server that belongs to a different Active Directory forest that has a legacy NTLM trust instead of a transitive inter-forest trust
* The client is authenticating to a server that doesn't belong to a domain.
* No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer").
* Where a firewall would otherwise restrict the ports required by Kerberos (of which there are quite a few)
In Windows Vista and above, neither LM nor NTLM are used by default[citation needed]. NTLM is still supported for inbound authentication, but for outbound authentication a newer version of NTLM, called NTLMv2, is sent by default instead. Prior versions of Windows (back as far as Windows NT 4.0 Service Pack 4) could be configured to behave this way, but it was not the default.
What is the default authentication protocol in an Active Directory network?
kerberos version 5
NTLM
protocols are used by AD
Why crossover cable is used for peer to peer network connection?
we used cross over cable ,coz cross over cable has two ends one end for tranmitting data and one end for receiving data ,thats why cross over used in peer to peer data connection.
What does active directory require and which components must be installed?
An NTFS partition with enough free space (250MB minimum)
· An Administrator's username and password
· The correct operating system version
· A NIC
· Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)
· A network connection (to a hub or to another computer via a crossover cable)
· An operational DNS server (which can be installed on the DC itself)
· A Domain name that you want to use
· The Windows 2000 or Windows Server 2003 or Windows Server 2008 CD media
What valid transmission is recorded to later be used to fraudulently authenticate to a server?
Identify the form of attack where a valid transmission is recorded to later be used to fraudulently authenticate to a server.
What command should you use to query a dns server?
nslookup command is used
C:\>nslookup ?
Usage:
nslookup [-opt ...] # interactive mode using default server
nslookup [-opt ...] - server # interactive mode using 'server'
nslookup [-opt ...] host # just look up 'host' using default server
nslookup [-opt ...] host server # just look up 'host' using 'server'
What is the security boundary within Active Directory?
the Domain is called as the security boundary with in the active directory.
A Windows domain is a logical group of computers running versions of the Microsoft Windows operating system that share a central directory database.
domain governs the way user access resources of the network
What are the two types of groups that can be created in a Windows active directory domain?
There are two types of groups in Active Directory: distribution groups : You can use distribution groups to create e-mail distribution lists security groups. security groups to assign permissions to shared resources like printers ,scanners ,servers etc.
Where can you find whitepages directory?
Whitepages is listed online and is available for all the countries and territories that it covers. It is also available in printed form and most newsagents and bookshops should be able to supply a copy.
What are the two most popular authentication protocols?
one way authentication and mutual authentication
What is the purpose of a web directory?
Blue Host is one of the world's largest web hosting companies & providers of online solutions. Bluehost is a top recommended host by WordPress and also proudly supports many other open-source programs.
cutt.ly/sjkVuLa
What is a container object in active directory?
A container object is one that can other objects housed within it. These can be additional container objects or leaf objects.
What are the features of Active Directory Services?
Windows Server 2012 R2
Protected Users Security Group
Authentication Policy and Authentication Policy Silos
Windows Server 2012
Virtualization safeguards and Virtualized domain controller cloning
Improved upgrade preparation and installation
Dynamic Access Control
DirectAccess Offline Domain Join
AD FS built in as a server role
Windows PowerShell History Viewer
Fine-grained password Policy UI
Active Directory Recycle Bin UI
Active Directory Replication and Topology Windows PowerShell cmdlets
Active Directory-based Activation
Group Managed Service Accounts
RID Improvements
Deferred Index Creation
Kerberos enhancements
Windows Server 2008 R2
Active Directory Recycle Bin (requires Windows Server 2008 R2 forest functional level)
Active Directory module for Windows PowerShell and Windows PowerShell cmdlets
Active Directory Best Practices Analyzer
Active Directory Web Services
Active Directory Administrative Center
Authentication mechanism assurance
Offline domain join
Managed Service Accounts
New logic for bridgehead server selection
Windows Server 2008
Auditing Improvements
Fine-grained password policies (requires Windows Server 2008 domain functional level)
Read-only domain controllers (requires Windows Server 2003 functional level)
Restartable Active Directory
AD database mounting tool
UI improvements
Owner rights
DFSR replication of SYSVOL (requires Windows Server 2008 domain functional level)
DSRM password sync
Active Directory Application Mode (ADAM) rebranded as Active Directory Lightweight Directory Service (AD LDS) and included in Windows Server 2008 as a server role.
Windows Server 2003
Multiple selection of user objects
Drag and drop functionality
Efficient search capabilities
Saved queries
New Active Directory command-line tools, such as adprep.exe
InetOrgPerson class
Application directory partitions
Ability to add additional domain controllers by using backup media
Universal group membership caching
Secure Lightweight Directory Access Protocol (LDAP) traffic
Partial synchronization of the global catalog
Active Directory quotas
