Friday, March 16, 2012

Answers to Microsoft Active Directory Interview Questions - Part 2

Sponsored Links

Answers to Microsoft Active Directory Interview Questions - Part 2. Answers to Microsoft Active Directory Interview Questions from 57 to 100. Here are the second part of answers for my previous post  'Active Directory Interview Questions and Answers'. If you are directly landing to this page, please visit the post with questions.

  1. In a forest that contains only a single Active Directory domain, there is no harm in placing both GC and Infrastructure master in same DC, because Infrastructure master does not have any work to do in a single domain environment. But in a forest with multiple and complex domain structure, the infrastructure master should be located on a DC which is not a Global Catalog server. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold.
  2. Command line method:  nslookup gc._msdcs.<forest root DNS Domain Name>, nltest /dsgetdc:corp /GC. GUI method: Open DNS management, and under ‘Forward Lookup Zone’, click on GC container. To check if a server is GC or not, go to Active Directory Sites and Services MMC and under ‘Servers’ folder, take properties of NTDS settings of the desired DC and find Global Catalog option is checked.
  3. As per Microsoft, a single AD domain controller can create around 2.15 billion objects during its lifetime.
  4. When a user enters a user name and password, the computer sends the user name to the KDC. The KDC contains a master database of unique long term keys for every principal in its realm. The KDC looks up the user's master key (KA), which is based on the user's password. The KDC then creates two items: a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expiration time. The KDC encrypts this ticket by using its own master key (KKDC), which only the KDC knows. The client computer receives the information from the KDC and runs the user's password through a one-way hashing function, which converts the password into the user's KA. The client computer now has a session key and a TGT so that it can securely communicate with the KDC. The client is now authenticated to the domain and is ready to access other resources in the domain by using the Kerberos protocol.
  5. Lightweight Directory Access Protocol (LDAP) is an Internet standard protocol which is used as a standard protocol for Active Directory functions. It runs directly over TCP, and can be used to access a standalone LDAP directory service or to access a directory service that is back-ended by X.500.
  6. Active Directory related files are by default located at %SystemRoot%\ntds folder. NTDS.DIT is the main Active Directory database file. Apart from this other files such as EDB.LOG, EDB.CHK, RES1.LOG, TEMP.EDB etc. are also located at the same folder.
  7. Global Catalog servers produce huge traffic related to the replication process.There for making all the domain controllers in the forest as Global Catalog servers will cause network bandwidth poroblem. GCs should be placed based on Network bandwidth and user or application requirement.
For the next Part of answers please visit the  below page:

blog comments powered by Disqus
Related Posts Plugin for WordPress, Blogger...