Saturday, November 1, 2014

Microsoft Active Directory: Questions and Answers for Interview.

Sponsored Links

This is the last part of the series, 'Active Directory Interview Questions and Answers.' These Questions and Answers will help candidates attending Interviews for their Microsoft Windows and Active Directory related job profiles. Please go through all the previous Questions and answers session for the complete coverage. Index to Questions and answers has been provided below:

Answers Part 1 : 1 to 56
Answers Part 2 :  57 to 63
Answers Part 3 : 64 to 80

Answers Part 4 : 81 to 100

81. Replication within a site occurs automatically on the basis of change notification. Intrasite replication begins when you make a directory update on a domain controller. By default, the source domain controller waits 15 seconds and then sends an update notification to its closest replication partner. If the source domain controller has more than one replication partner, subsequent notifications go out by default at 3 second intervals to each partner.By default, intersite replication across each site link occurs every 180 minutes (3 hours). You can adjust  this frequency to match your specific needs. 

82. Open Active Directory Users and Computers. In the console tree, right-click Active Directory Users and Computers, and then click Connect to Domain Controller. In Enter the name of another domain controller, type the name of the domain controller you want to hold the RID master role. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Masters. Click the RID tab, and then click Change. 

83. We can use ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, Active Directory Backup restoration and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. 

84. Active Directory Domain Services, Active Directory Web Services, Netlogon Service, Windows Time Service. 

85. Immediate impact if PDC Emulator fails. RID master impact only when RID pool finishes. Will not be able to create new domain if domain naming master fails. Last impact will be due to schema master role. Schema extension will not be possible. 

86. Active Directory database has a habit of becoming fragmented through normal use. The process of adding and removing objects obviously creates fragmentation. The process of reclaiming lost space in the database due to fragmentation is called Active directory defragmentation. There are two types of defragmentation; offline defragmentation and online defragmentation. To perform offline defragmentation you have to start domain controller in Directory Service Restore Mode and then run ntdsutil command. 

87. Online Defragmentation: Active Directory database automatically performs online defragmentation during its normal operation in every 12 hours interval. 
Offline Defragmentation: this is manually performed by an administrator after taking Domain controller to Directory Services Restore Mode and running ntdsutil command. 

88. Active Directory can be uninstalled using dcpromo command. Before uninstalling Active Directory, we have to verify that this domain controller is not the only global catalog and it does not hold an operations master role. 

89. Check the network connection on the desktop. Try to ping to the domain controller. Run nslookup and check if name resolution is working. Check Active Directory for the computer account of the desktop. Compare the time settings on the desktop and Domain controller. Remove the desktop from domain and rejoin to domain. 

90. Active Directory replication issue can occur due to variety of reasons. For example, DNS issue, network problems, security issues etc. Troubleshooting can start by verifying DNS records. Then remove and recreate Domain Controller replication link. Check the time settings on both replication partners. Command line repadmin and replmon tools can be used to troubleshoot replication issues. 

91. Check for any automatic programs or devices which use Exchange actives sync, which will use old password even after user changes the password. Advise the user to reconfigure all the programs and devices which use AD credential. Check and verify any scheduled tasks using old passwords. Verify persistent drive mapping with old password. Disconnect terminal service sessions. Reconfigure account lockout threshold if required; if it is set to very narrow.  
 92. Check the Network Adapter settings and verify the DNS IP address. Configure proper DNS IP address to lookup the Domain Controller. 

93. DFSR (Distributed File System Replication) DNS service, RPC Service etc. 

94. Application directory partitions are typically created by the applications that will use them to store and replicate data. For testing and troubleshooting needs, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool. 

95. When checking from System perspective, verify that the Domain Controller in the site where user desktops are located is up and connected. If the users still facing the latency there is a probability of network issue and need to be discussed with the team who works with network. 

96. A compilation of Microsoft Active Directory related products are generally described as Identity and Access (IDA) solution. This terminology started when Windows Server 2008 released. IDA includes Active Directory Domain Services (AD DS), Active Directory Lightweight Directory (AD LDS), Active Directory Certificate Services (AD CS), Active Directory Rights Managements Services (AD RMS) etc. 

97. To view AD Schema, Firstly you need to register dll. Start-run- regsvr32. Then run schmmgmt.dll. Go to run and type mmc and add the Active Directory Schema Snap in to the mmc. 

98. Some of the built in groups are: Administrators, Backup Operators, Account Operators, Remote Desktop Users, Server Operators, and Users etc.  

99. Enterprise Admins group is a group that performs only in the forest root domain and members of this group have full administrative control on all domains that are in your forest. Domain Admins group is group that is present in each domain. Members of this group have a full administrative control on the domain. 

100. PowerShell scripts can be used to created bulk users. There is an Active Directory User Creation tool by Rich Prescott which is very popular. 

 Hope these Interview Questions and Answers will be helpful to you. Please update your questions and suggestions on the below comment column. 

blog comments powered by Disqus
Related Posts Plugin for WordPress, Blogger...