New System Administrator Interview Question With Answer
-
Upload
sujeet-singh -
Category
Documents
-
view
227 -
download
1
Transcript of New System Administrator Interview Question With Answer
-
8/4/2019 New System Administrator Interview Question With Answer
1/28
SystemAdministratorinterviewquestionwithanswer
KCC
TheKCCisabuilt-inprocessthatrunsonalldomaincontrollersandgeneratesreplication
topologyfortheActiveDirectoryforest.TheKCCcreatesseparatereplicationtopologiesdepending
onwhetherreplicationisoccurringwithinasite(intrasite)orbetweensites(intersite).TheKCC
alsodynamicallyadjuststhetopologytoaccommodatenewdomaincontrollers,domaincontrollers
movedtoandfromsites,changingcostsandschedules,anddomaincontrollersthatare
temporarilyunavailable.
How do you view replication properties for AD?
ByusingActiveDirectoryReplicationMonitor.
Start>Run>Replmon
What are sites What are they used for?
Oneormorewell-connected(highlyreliableandfast)TCP/IPsubnets.Asiteallowsadministrators
toconfigureActiveDirectoryaccessandreplicationtopologytotakeadvantageofthephysical
network.
Name some OU design considerations?
OUdesignrequiresbalancingrequirementsfordelegatingadministrativerights independentof
GroupPolicyneedsandtheneedtoscopetheapplicationofGroupPolicy.ThefollowingOU
designrecommendationsaddressdelegationandscopeissues:
ApplyingGroupPolicyAnOUisthelowest-levelActiveDirectorycontainertowhichyoucan
assignGroupPolicysettings.Delegatingadministrativeauthorityusuallydontgomorethan3OU
levels
http://technet.microsoft.com/en-us/library/cc783140.aspx
What are FMSO Roles? List them.
FsmorolesareserverrolesinaForest
TherearefivetypesofFSMOroles
1-Schemamaster
2-Domainnamingmaster
3-Ridmaster
4-PDCEmullator
5-Infrastructuremaster
Logical Diagram of Active Directory ?, What is the difference between child domain & additional domain
Server?
Well,ifyouknowwhatadomainisthenyouhavehalftheanswer.SayyouhavethedomainMicrosoft.com.Nowmicrosofthasaservernamedserver1inthatdomain,whichhappenstothe
beparentdomain.SoitsFQDNisserver1.microsoft.com.Ifyouaddanadditionaldomainserver
andnameitserver2,thenitsFQDNisserver2.microsoft.com.
NowMicrosoftisbigsoithasofficesinEuropeandAsia.Sotheymakechilddomainsforthem
andtheirFQDNwouldlooklikethis:europe.microsoft.com&asia.microsoft.com.Nowletssayeach
http://systadmin.blogspot.com/search/label/Active%20Directoryhttp://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.blogspot.com/search/label/Active%20Directory -
8/4/2019 New System Administrator Interview Question With Answer
2/28
ofthemhaveaserverinthosechilddomainsnamedserver1.TheirFQDNwouldthenlooklike
this:server1.europe.microsoft.com&server1.asia.microsoft.com..
What are Active Directory Groups?
Groupsarecontainersthatcontainuserandcomputerobjectswithinthemasmembers.When
securitypermissionsaresetforagroupintheAccessControlListonaresource,allmembersof
thatgroupreceivethosepermissions.DomainGroupsenablecentralizedadministrationinadomain.
Alldomaingroupsarecreatedonadomaincontroller.
Inadomain,ActiveDirectoryprovidessupportfordifferenttypesofgroupsandgroupscopes.The
grouptypedeterminesthetypeoftaskthatyoumanagewiththegroup.Thegroupscope
determineswhetherthegroupcanhavemembersfrommultipledomainsorasingledomain.
Group Types
*Security groups:UseSecuritygroupsforgrantingpermissionstogainaccesstoresources.
Sendingane-mailmessagetoagroupsendsthemessagetoallmembersofthegroup.
Thereforesecuritygroupssharethecapabilitiesofdistributiongroups.
*Distribution groups:Distributiongroupsareusedforsendinge-mainmessagestogroupsofusers.
Youcannotgrantpermissionstosecuritygroups.Eventhoughsecuritygroupshaveallthecapabilitiesofdistributiongroups,distributiongroupsstillrequires,becausesomeapplicationscan
onlyreaddistributiongroups.
Group Scopes
Groupscopenormallydescribewhichtypeofusersshouldbeclubbedtogetherinawaywhichis
easyforthereadministration.Therefore,indomain,groupsplayanimportantpart.Onegroupcan
beamemberofothergroup(s)whichisnormallyknownasGroupnesting.Oneormoregroups
canbememberofanygroupintheentiredomain(s)withinaforest.
*Domain Local Group:Usethisscopetograntpermissionstodomainresourcesthatarelocated
inthesamedomaininwhichyoucreatedthedomainlocalgroup.Domainlocalgroupscanexist
inallmixed,nativeandinterimfunctionallevelofdomainsandforests.Domainlocalgroupmembershipsarenotlimitedasyoucanaddmembersasuseraccounts,universalandglobal
groupsfromanydomain.Justtoremember,nestingcannotbedoneindomainlocalgroup.A
domainlocalgroupwillnotbeamemberofanotherDomainLocaloranyothergroupsinthe
samedomain.
*Global Group:Userswithsimilarfunctioncanbegroupedunderglobalscopeandcanbegiven
permissiontoaccessaresource(likeaprinterorsharedfolderandfiles)availableinlocalor
anotherdomaininsameforest.Tosayinsimplewords,Globalgroupscanbeusetogrant
permissionstogainaccesstoresourceswhicharelocatedinanydomainbutinasingleforest
astheirmembershipsarelimited.Useraccountsandglobalgroupscanbeaddedonlyfromthe
domaininwhichglobalgroupiscreated.NestingispossibleinGlobalgroupswithinothergroups
asyoucanaddaglobalgroupintoanotherglobalgroupfromanydomain.Finallytoprovide
permissiontodomainspecificresources(likeprintersandpublishedfolder),theycanbemembers
ofaDomainLocalgroup.Globalgroupsexistinallmixed,nativeandinterimfunctionallevelof
domainsandforests.
*Universal Group Scope:thesegroupsarepreciselyusedforemaildistributionandcanbegranted
accesstoresourcesinalltrusteddomainasthesegroupscanonlybeusedasasecurity
principal(securitygrouptype)inawindows2000nativeorwindowsserver2003domainfunctional
-
8/4/2019 New System Administrator Interview Question With Answer
3/28
leveldomain.Universalgroupmembershipsarenotlimitedlikeglobalgroups.Alldomainuser
accountsandgroupscanbeamemberofuniversalgroup.Universalgroupscanbenestedunder
aglobalorDomainLocalgroupinanydomain.
What are the types ofbackup? Explain each?
Incremental
Anormalincrementalbackupwillonlybackupfilesthathavebeenchangedsincethelast
backupofanytype.Thisprovidesthequickestmeansofbackup,sinceitonlymakescopiesof
filesthathavenotyetbeenbackedup.Forinstance,followingourfullbackuponFriday,
MondaystapewillcontainonlythosefileschangedsinceFriday.Tuesdaystapecontainsonly
thosefileschangedsinceMonday,andsoon.Thedownsidetothisisobviouslythatinorderto
performafullrestore,youneedtorestorethelastfullbackupfirst,followedbyeachofthe
subsequentincrementalbackupstothepresentdayinthecorrectorder.Shouldanyoneofthese
backupcopiesbedamaged(particularlythefullbackup),therestorewillbeincomplete.
Differential
Acumulativebackupofallchangesmadeafterthelastfullbackup.Theadvantagetothisisthe
quickerrecoverytime,requiringonlyafullbackupandthelatestdifferentialbackuptorestorethesystem.Thedisadvantageisthatforeachdayelapsedsincethelastfullbackup,moredata
needstobebackedup,especiallyifamajorityofthedatahasbeenchanged.
What is the SYSVOL folder?
TheWindowsServer2003SystemVolume(SYSVOL)isacollectionoffoldersandreparsepoints
inthefilesystemsthatexistoneachdomaincontrollerinadomain.SYSVOLprovidesastandard
locationtostoreimportantelementsofGroupPolicyobjects(GPOs)andscriptssothattheFile
Replicationservice(FRS)candistributethemtootherdomaincontrollerswithinthatdomain.
YoucangotoSYSVOLfolderbytyping:%systemroot%/sysvol
What is the ISTG Who has that role by default?
ThefirstserverinthesitebecomestheISTGforthesite,Thedomaincontrollerholdingthisrolemaynotnecessarilyalsobeabridgeheadserver.
What is the order in which GPOs are applied?
Local,Site,Domain,OU
1.Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?
Ifweareusingpublicipaddress,wecanbrowsetheinternet.Ifitishavinganintranetaddress
agatewayisneededasarouterorfirewalltocommunicatewithinternet.
2. What is CIDR?
CIDR(ClasslessInter-DomainRouting,sometimesknownassupernetting)isawaytoallocateand
specifytheInternetaddressesusedininter-domainroutingmoreflexiblythanwiththeoriginal
systemofInternetProtocol(IP)addressclasses.Asaresult,thenumberofavailableInternet
addresseshasbeengreatlyincreased.CIDRisnowtheroutingsystemusedbyvirtuallyall
gatewayhostsontheInternetsbackbonenetwork.TheInternetsregulatingauthoritiesnowexpect
everyInternetserviceprovider(ISP)touseitforrouting.
3.What is DHCP? What are the benefits and drawbacks of using it?
DHCPisDynamicHostConfigurationProtocol.Inanetworkedenvironmentitisamethodto
assignanaddresstoacomputerwhenitbootsup.
http://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/group%20policyhttp://systadmin.blogspot.com/search/label/group%20policyhttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backup -
8/4/2019 New System Administrator Interview Question With Answer
4/28
Advantages
AlltheIPconfigurationinformationgetsautomaticallyconfiguredforyourclientmachinebythe
DHCPserver.
Ifyoumoveyourclientmachinetoadifferentsubnet,theclientwillsendoutitsdiscover
messageatboottimeandworkasusual.However,whenyoufirstbootupthereyouwillnotbe
abletogetbacktheIPaddressyouhadatyourpreviouslocationregardlessofhowlittletime
haspassed.
Disadvantage
YourmachinenamedoesnotchangewhenyougetanewIPaddress.TheDNS(DomainName
System)nameisassociatedwithyourIPaddressandthereforedoeschange.Thisonlypresents
aproblemifotherclientstrytoaccessyourmachinebyitsDNSname.
4.How do you manually create SRV records in DNS?
TocreateSRVrecordsinDNSdobelowsteps:-
OpenDNS
ClickonZoneSelectdomainabc.local-
RightClicktodomainandgotoOtherNewRecords Andchooseservicelocation(SRV)
5. Name 3 benefits of using AD-integrated zones.
Benefitsasfollows
a.youcangiveeasynameresolutiontourclients.
b.BycreatingAD-integratedzoneyoucanalsotracehackerandspammerbycreatingreverse
zone.
c.ADintegratedzonedallforincrementalzonetransferswhichontransferchangesandnotthe
entirezone.Thisreduceszonetransfertraffic.
d.ADIntegratedzonessuportbothsecureanddmanicupdates.
e.ADintegratedzonesarestoredaspartoftheactivedirectoryandsupportdomain-wideorforest-widereplicationthroughapplicationpertitionsinAD.
6. How do I clear the DNS cache on the DNS server?
Gotocmdpromptandtypeipconfig/flushdnswithoutquotes
7. What is NAT?
NAT(NetworkAddressTranslation)isatechniqueforpreservingscarceInternetIPaddresses.For
moredetailsgotoMicrosoftlink
8. How do you configure NAT on Windows 2003?
Foraboveanswergotobelowlink
ConfigureNAT
9. How to configure special ports to allow inbound connections?
a.ClickStart,AdministrativeTools,andthenclickRoutingandRemoteAccesstoopenthe
RoutingandRemoteAccessmanagementconsole.
b.Locatetheinterfacethatyouwanttoconfigure.
c.Right-clicktheinterfaceandthenselectPropertiesfromtheshortcutmenu.
d.ClicktheSpecialPortstab.
e.UnderProtocol,selectTCPorUDPandthenclicktheAddbutton.
f.EntertheportnumberoftheincomingtrafficinIncomingPort.
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.htmlhttp://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html -
8/4/2019 New System Administrator Interview Question With Answer
5/28
g.SelectOnThisAddressPoolEntry,andprovidethepublicIPaddressoftheincomingtraffic.
h.EntertheportnumberoftheprivatenetworkresourceinOutgoingPort.
i.EntertheprivatenetworkresourcesprivateIPaddressinPrivateAddress.
j.ClickOK.
What is Active Directory Domain Services 2008?
-
8/4/2019 New System Administrator Interview Question With Answer
6/28
ActiveDirectoryDomainServices(ADDS),formerlyknownasActiveDirectory
DirectoryServices,isthecentrallocationforconfigurationinformation,authentication
requests,andinformationaboutalloftheobjectsthatarestoredwithinyourforest.
UsingActiveDirectory,youcanefficientlymanageusers,computers,groups,printers,
applications,andotherdirectory-enabledobjectsfromonesecure,centralizedlocation.
What is the SYSVOL folder?
TheSysvolfolderonaWindowsdomaincontrollerisusedtoreplicatefile-based
dataamongdomaincontrollers.BecausejunctionsareusedwithintheSysvolfolder
structure,WindowsNTfilesystem(NTFS)version5.0isrequiredondomain
controllersthroughoutaWindowsdistributedfilesystem(DFS)forest.
Thisisaquotefrommicrosoftthemselves,basicallythedomaincontrollerinfostored
infileslikeyourgrouppolicystuffisreplicatedthroughthisfolderstructure
Whats New in Windows Server 2008 Active Directory Domain Services?
ActiveDirectoryDomainServicesinWindowsServer2008providesanumberof
enhancementsoverpreviousversions,includingthese:
AuditingADDSauditinghasbeenenhancedsignificantlyinWindowsServer2008.
Theenhancementsprovidemoregranularauditingcapabilitiesthroughfournew
auditingcategories:DirectoryServicesAccess,DirectoryServicesChanges,Directory
ServicesReplication,andDetailedDirectoryServicesReplication.Additionally,auditing
nowprovidesthecapabilitytologoldandnewvaluesofanattributewhena
successfulchangeismadetothatattribute.
Fine-Grained Password PoliciesADDSinWindowsServer2008nowprovidesthe
capabilitytocreatedifferentpasswordandaccountlockoutpoliciesfordifferentsets
ofusersinadomain.Userandgrouppasswordandaccountlockoutpoliciesare
definedandappliedviaaPasswordSettingObject(PSO).APSOhasattributesfor
allthesettingsthatcanbedefinedintheDefaultDomainPolicy,exceptKerberos
settings.PSOscanbeappliedtobothusersandgroups.
Read-Only Domain ControllersADDSinWindowsServer2008introducesanewtype
ofdomaincontrollercalledaread-onlydomaincontroller(RODC).RODCscontaina
read-onlycopyoftheADDSdatabase.RODCsarecoveredinmoredetailin
Chapter6,ManageSitesandReplication.
Restartable Active Directory Domain ServicesADDSinWindowsServer2008cannow
bestoppedandrestartedthroughMMCsnap-insandthecommandline.The
restartableADDSservicereducesthetimerequiredtoperformcertainmaintenanceandrestoreoperations.Additionally,otherservicesrunningontheserverremain
availabletosatisfyclientrequestswhileADDSisstopped.
-
8/4/2019 New System Administrator Interview Question With Answer
7/28
AD DS Database Mounting ToolADDSinWindowsServer2008comeswithaAD
DSdatabasemountingtool,whichprovidesameanstocomparedataasitexists
insnapshotsorbackupstakenatdifferenttimes.TheADDSdatabasemounting
eliminatestheneedtorestoremultiplebackupstocomparetheADdatathatthey
containandprovidesthecapabilitytoexamineanychangemadetodatastoredin
ADDS.
-
8/4/2019 New System Administrator Interview Question With Answer
8/28
What is the Global Catalog?
Aglobalcatalogserverisadomaincontroller.Itisamastersearchabledatabase
thatcontainsinformationabouteveryobjectineverydomaininaforest.Theglobal
catalogcontainsacompletereplicaofallobjectsinActiveDirectoryforitshost
domain,andcontainsapartialreplicaofallobjectsinActiveDirectoryforevery
otherdomainintheforest.
Ithastwoimportantfunctions:
Providesgroupmembershipinformationduringlogonandauthentication
HelpsuserslocateresourcesinActiveDirectory
What are RODCs? And what are the major benefits of using RODCs?
Aread-onlydomaincontroller(RODC)isanewtypeofdomaincontrollerinthe
WindowsServer2008operatingsystem.WithanRODC,organizationscaneasily
deployadomaincontrollerinlocationswherephysicalsecuritycannotbeguaranteed.
AnRODChostsread-onlypartitionsoftheActiveDirectoryDomainServices(AD
DS)database.
BeforethereleaseofWindowsServer2008,ifusershadtoauthenticatewitha
domaincontrolleroverawideareanetwork(WAN),therewasnorealalternative.In
manycases,thiswasnotanefficientsolution.Branchofficesoftencannotprovide
theadequatephysicalsecuritythatisrequiredforawritabledomaincontroller.
Furthermore,branchofficesoftenhavepoornetworkbandwidthwhentheyare
connectedtoahubsite.Thiscanincreasetheamountoftimethatisrequiredto
logon.Itcanalsohamperaccesstonetworkresources.
BeginningwithWindowsServer2008,anorganizationcandeployanRODCto
addresstheseproblems.Asaresult,usersinthissituationcanreceivethefollowingbenefits:
*Improvedsecurity
*Fasterlogontimes
*Moreefficientaccesstoresourcesonthenetwork
What does an RODC do?
Inadequatephysicalsecurityisthemostcommonreasontoconsiderdeployingan
RODC.AnRODCprovidesawaytodeployadomaincontrollermoresecurelyin
locationsthatrequirefastandreliableauthenticationservicesbutcannotensure
physicalsecurityforawritabledomaincontroller.However,yourorganizationmayalsochoosetodeployanRODCforspecial
administrativerequirements.Forexample,aline-of-business(LOB)applicationmayrun
successfullyonlyifitisinstalledonadomaincontroller.Or,thedomaincontroller
mightbetheonlyserverinthebranchoffice,anditmayhavetohostserver
applications.
-
8/4/2019 New System Administrator Interview Question With Answer
9/28
Insuchcases,theLOBapplicationownermustoftenlogontothedomain
controllerinteractivelyoruseTerminalServicestoconfigureandmanagethe
application.Thissituationcreatesasecurityriskthatmaybeunacceptableona
writabledomaincontroller.
AnRODCprovidesamoresecuremechanismfordeployingadomaincontrollerin
thisscenario.Youcangrantanonadministrativedomainusertherighttologonto
anRODCwhileminimizingthesecurityrisktotheActiveDirectoryforest.
YoumightalsodeployanRODCinotherscenarioswherelocalstorageofall
domainuserpasswordsisaprimarythreat,forexample,inanextranetor
application-facingrole.
What is REPADMIN?
Repadmin.exe:ReplicationDiagnosticsTool
Thiscommand-linetoolassistsadministratorsindiagnosingreplicationproblemsbetweenWindows
domaincontrollers.
AdministratorscanuseRepadmintoviewthereplicationtopology(sometimesreferredtoasRepsFromandRepsTo)asseenfromtheperspectiveofeachdomaincontroller.Inaddition,
Repadmincanbeusedtomanuallycreatethereplicationtopology(althoughinnormalpracticethis
shouldnotbenecessary),toforcereplicationeventsbetweendomaincontrollers,andtoviewboth
thereplicationmetadataandup-to-datenessvectors.
Repadmin.execanalsobeusedformonitoringtherelativehealthofanActiveDirectoryforest.
Theoperationsreplsummary,showrepl,showrepl/csv,andshowvector/latencycanbeusedto
checkforreplicationproblems.
What is NETDOM?
NETDOMisacommand-linetoolthatallowsmanagementofWindowsdomainsandtrust
relationships.Itisusedforbatchmanagementoftrusts,joiningcomputerstodomains,verifying
trusts,andsecurechannels
What are some of the new tools and features provided by Windows Server 2008?
WindowsServer2008nowprovidesadesktopenvironmentsimilartoMicrosoftWindowsVistaand
includestoolsalsofoundinVista,suchasthenewbackupsnap-inandtheBitLockerdrive
encryptionfeature.WindowsServer2008alsoprovidesthenewIIS7webserverandtheWindows
DeploymentService.
WhatarethedifferenteditionsofWindowsServer2008?
Theentry-levelversionofWindowsServer2008istheStandardEdition.TheEnterpriseEditionprovidesaplatformforlargeenterprisewidenetworks.TheDatacenterEditionprovidessupportfor
unlimitedHyper-Vvirtualizationandadvancedclusteringservices.TheWebEditionisascaled-down
versionofWindowsServer2008intendedforuseasadedicatedwebserver.TheStandard,
Enterprise,andDatacenterEditionscanbepurchasedwithorwithouttheHyper-Vvirtualization
technology.
What two hardware considerations should be an important part of the planning process for a Windows
Server 2008 deployment?
-
8/4/2019 New System Administrator Interview Question With Answer
10/28
AnyserveronwhichyouwillinstallWindowsServer2008shouldhaveatleasttheminimum
hardwarerequirementforrunningthenetworkoperatingsystem.Serverhardwareshouldalsobeon
theWindowsServer2008HardwareCompatibilityListtoavoidthepossibilityofhardwareand
networkoperatingsystemincompatibility.
What are the options for installing Windows Server 2008?
YoucaninstallWindowsServer2008onaservernotcurrentlyconfiguredwithNOS,oryoucan
upgradeexistingserversrunningWindows2000ServerandWindowsServer2003.
How do you configure and manage a Windows Server 2008 core installation?
Thisstripped-downversionofWindowsServer2008ismanagedfromthecommandline.
Which Control Panel tool enables you to automate the running of server utilities and other applications?
TheTaskSchedulerenablesyoutoschedulethelaunchingoftoolssuchasWindowsBackupand
DiskDefragmenter.
What are some of the items that can be accessed via the System Properties dialog box?
YoucanaccessvirtualmemorysettingsandtheDeviceManagerviatheSystemPropertiesdialog
box.
When a child domain is created in the domain tree, what type of trust relationship exists between the newchild domain and the trees root domain?
Childdomainsandtherootdomainofatreeareassignedtransitivetrusts.Thismeansthatthe
rootdomainandchilddomaintrusteachotherandallowresourcesinanydomaininthetreeto
beaccessedbyusersinanydomaininthetree.
What is the primary function of domain controllers?
Theprimaryfunctionofdomaincontrollersistovalidateuserstothenetwork.However,domain
controllersalsoprovidethecatalogofActiveDirectoryobjectstousersonthenetwork.
What are some of the other roles that a server running Windows Server 2008 could fill on the network?
AserverrunningWindowsServer2008canbeconfiguredasadomaincontroller,afileserver,a
printserver,awebserver,oranapplicationserver.WindowsserverscanalsohaverolesandfeaturesthatprovideservicessuchasDNS,DHCP,andRoutingandRemoteAccess.
Which Windows Server 2008 tools make it easy to manage and configure a servers roles and features?
TheServerManagerwindowenablesyoutoviewtherolesandfeaturesinstalledonaserverand
alsotoquicklyaccessthetoolsusedtomanagethesevariousrolesandfeatures.TheServer
Managercanbeusedtoaddandremoverolesandfeaturesasneeded.
What Windows Server 2008 service is used to install client operating systems over the network?
WindowsDeploymentServices(WDS)enablesyoutoinstallclientandserveroperatingsystems
overthenetworktoanycomputerwithaPXE-enablednetworkinterface.
What domain services are necessary for you to deploy the Windows Deployment Services on your network?
WindowsDeploymentServicesrequiresthataDHCPserverandaDNSserverbeinstalledinthe
domain
How is WDS configured and managed on a server running Windows Server 2008?
TheWindowsDeploymentServicessnap-inenablesyoutoconfiguretheWDSserverandaddboot
andinstallimagestotheserver.
What is the difference between a basic and dynamic drive in the Windows Server 2008 environment?
AbasicdiskembracestheMS-DOSdiskstructure;abasicdiskcanbedividedintopartitions
(simplevolumes).
-
8/4/2019 New System Administrator Interview Question With Answer
11/28
Dynamicdisksconsistofasinglepartitionthatcanbedividedintoanynumberofvolumes.
DynamicdisksalsosupportWindowsServer2008RAIDimplementations.
What is RAID in Windows Server 2008?
RAID,orRedundantArrayofIndependentDisks,isastrategyforbuildingfaulttoleranceintoyour
fileservers.RAIDenablesyoutocombineoneormorevolumesonseparatedrivessothatthey
areaccessedbyasingledriveletter.WindowsServer2008enablesyoutoconfigureRAID0(a
stripedset),RAID1(amirrorset),andRAID5(diskstripingwithparity).
What conceptual model helps provide an understanding of how network protocol stacks such as TCP/IP
work?
TheOSImodel,consistingoftheapplication,presentation,session,transport,network,datalink,
andphysicallayers,helpsdescribehowdataissentandreceivedonthenetworkbyprotocol
stacks.
What protocol stack is installed by default when you install Windows Server 2008 on a network server?
TCP/IP(v4andv6)isthedefaultprotocolforWindowsServer2008.ItisrequiredforActive
Directoryimplementationsandprovidesforconnectivityonheterogeneousnetworks.
How is a server running Windows Server 2008 configured as a domain controller, such as the domaincontroller for the root domain or a child domain?
InstallingtheActiveDirectoryonaserverrunningWindowsServer2008providesyouwiththe
optionofcreatingarootdomainforadomaintreeorofcreatingchilddomainsinanexisting
tree.InstallingActiveDirectoryontheservermakestheserveradomaincontroller.
What are some of the tools used to manage Active Directory objects in a Windows Server 2008 domain?
WhentheActiveDirectoryisinstalledonaserver(makingitadomaincontroller),asetofActive
Directorysnap-insisprovided.TheActiveDirectoryUsersandComputerssnap-inisusedto
manageActiveDirectoryobjectssuchasuseraccounts,computers,andgroups.TheActive
DirectoryDomainsandTrustssnap-inenablesyoutomanagethetruststhataredefinedbetween
domains.TheActiveDirectorySitesandServicessnap-inprovidesforthemanagementofdomainsitesandsubnets.
How are domain user accounts created and managed?
TheActiveDirectoryUsersandComputerssnap-inprovidesthetoolsnecessaryforcreatinguser
accountsandmanagingaccountproperties.Propertiesforuseraccountsincludesettingsrelatedto
logonhours,thecomputerstowhichausercanlogon,andthesettingsrelatedtotheusers
password.
What type of Active Directory objects can be contained in a group?
Agroupcancontainusers,computers,contacts,andothernestedgroups.
What type of group is not available in a domain that is running at the mixed-mode functional level?
Universalgroupsarenotavailableinamixed-modedomain.Thefunctionallevelmustberaisedto
Windows2003orWindows2008tomakethesegroupsavailable.
What types of Active Directory objects can be contained in an Organizational Unit?
OrganizationalUnitscanholdusers,groups,computers,contacts,andotherOUs.The
OrganizationalUnitprovidesyouwithacontainerdirectlybelowthedomainlevelthatenablesyou
torefinethelogicalhierarchyofhowyourusersandotherresourcesarearrangedintheActive
Directory.
What are Active Directory sites in Windows Server 2008?
-
8/4/2019 New System Administrator Interview Question With Answer
12/28
ActiveDirectorysitesarephysicallocationsonthenetworksphysicaltopology.Eachregional
domainthatyoucreateisassignedtoasite.SitestypicallyrepresentoneormoreIPsubnets
thatareconnectedbyIProuters.Becausesitesareseparatedfromeachotherbyarouter,the
domaincontrollersoneachsiteperiodicallyreplicatetheActiveDirectorytoupdatetheGlobal
Catalogoneachsitesegment.
Can servers running Windows Server 2008 provide services to clients when they are not part of a domain?
ServersrunningWindowsServer2008canbeconfiguredtoparticipateinaworkgroup.Theserver
canprovidesomeservicestotheworkgrouppeersbutdoesnotprovidethesecurityand
managementtoolsprovidedtodomaincontrollers.
What does the use of Group Policy provide you as a network administrator?
GroupPolicyprovidesamethodofcontrollinguserandcomputerconfigurationsettingsforActive
Directorycontainerssuchassites,domains,andOUs.GPOsarelinkedtoaparticularcontainer,
andthenindividualpoliciesandadministrativetemplatesareenabledtocontroltheenvironmentfor
theusersorcomputerswithinthatparticularcontainer.
What tools are involved in managing and deploying Group Policy?
GPOsandtheirsettings,links,andotherinformationsuchaspermissionscanbeviewedintheGroupPolicyManagementsnap-in.
How do you deal with Group Policy inheritance issues?
GPOsareinheriteddownthroughtheActiveDirectorytreebydefault.Youcanblockthe
inheritanceofsettingsfromuplineGPOs(foraparticularcontainersuchasanOUoralocal
computer)byselectingBlockInheritanceforthatparticularobject.Ifyouwanttoenforceahigher-
levelGPOsothatitoverridesdirectlylinkedGPOs,youcanusetheEnforcecommandonthe
inherited(orupline)GPO.
How can you make sure that network clients have the most recent Windows updates installed and have other
important security features such as the Windows Firewall enabled before they can gain full network access?
YoucanconfigureaNetworkPolicyServer(aserviceavailableintheNetworkPolicyandAccessServicesrole).TheNetworkPolicyServercanbeconfiguredtocomparedesktopclientsettings
withhealthvalidatorstodeterminethelevelofnetworkaccessaffordedtotheclient.
What is the purpose of deploying local DNS servers?
AdomainDNSserverprovidesforthelocalmappingoffullyqualifieddomainnamestoIP
addresses.BecausetheDNSisadistributeddatabase,thelocalDNSserverscanproviderecord
informationtoremoteDNSserverstohelpresolveremoterequestsrelatedtofullyqualifieddomain
namesonyournetwork.
In terms of DNS, what is a caching-only server?
Acaching-onlyDNSserversuppliesinformationrelatedtoqueriesbasedonthedataitcontainsin
itsDNScache.Caching-onlyserversareoftenusedasDNSforwarders.Becausetheyarenot
configuredwithanyzones,theydonotgeneratenetworktrafficrelatedtozonetransfers.
How the range of IP addresses is defined for a Windows Server 2008 DHCP server?
TheIPaddressessuppliedbytheDHCPserverareheldinascope.Ascopethatcontainsmore
thanonesubnetofIPaddressesiscalledasuperscope.IPaddressesinascopethatyoudo
notwanttoleasecanbeincludedinanexclusionrange.
DNS Interview Questions and Answer
-
8/4/2019 New System Administrator Interview Question With Answer
13/28
1. Secure services in your network require reverse name resolution to make it more difficult to launchsuccessful attacks against the services. To set this up, you configure a reverse lookup zone and proceed
to add records. Which record types do you need to create?
Ans:PTRRecords
2. What is the main purpose of a DNS server?Ans:DNSserversareusedtoresolveFQDNhostnamesintoIPaddressesandviceversa
3. SOA records must be included in every zone. What are they used for?Ans:SOArecordscontainaTTLvalue,usedbydefaultinallresourcerecordsinthezone.
SOArecordscontainthee-mailaddressofthepersonwhoisresponsibleformaintainingthe
zone.SOArecordscontainthecurrentserialnumberofthezone,whichisusedinzone
transfers.
4. By default, if the name is not found in the cache or local hosts file, what is the first step the client takes toresolve the FQDN name into an IP address?
Ans:PerformsarecursivesearchthroughtheprimaryDNSserverbasedonthenetwork
interfaceconfiguration
5. What is the main purpose of SRV records?Ans:SRVrecordsareusedinlocatinghoststhatprovidecertainnetworkservices.
6. Before installing your first domain controller in the network, you installed a DNS server and created azone, naming it as you would name your AD domain. However, after the installation of the domain
controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the most
likely cause of this failure?
Ans:Thezoneyoucreatedwasnotconfiguredtoallowdynamicupdates.Thelocalinterface
ontheDNSserverwasnotconfiguredtoallowdynamicupdates.
7. Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy clients?Ans:Thezonetobeusedfordynamicupdatesmustbeconfiguredtoallowdynamicupdates.TheDHCPservermustsupport,andbeconfiguredtoallow,dynamicupdatesforlegacyclients.
8. At some point during the name resolution process, the requesting party received authoritative reply.Which further actions are likely to be taken after this reply?
Ans: Afterreceivingtheauthoritativereply,theresolutionprocessiseffectivelyover.
9. Your company uses ten domain controllers, three of which are also used as DNS servers. You have onecompanywide AD-integrated zone, which contains several thousand resource records. This zone also
allows dynamic updates, and it is critical to keep this zone up-to-date.
Replication between domain controllers takes up a significant amount of bandwidth. You are looking to
cut bandwidth usage for the purpose of replication. What should you do?
Ans:ChangethereplicationscopetoallDNSserversinthedomain.
10.You are administering a network connected to the Internet. Your users complain that everything is slow.Preliminary research of the problem indicates that it takes a considerable amount of time to resolve
names of resources on the Internet. What is the most likely reason for this?
Ans:DNSserversarenotcachingreplies..LocalclientcomputersarenotcachingrepliesThe
cache.dnsfilemayhavebeencorruptedontheserver.
-
8/4/2019 New System Administrator Interview Question With Answer
14/28
DNSRecords
MARCH19,2009BYVASIMMEMON2COMMENTS
DNSResourceRecords
Code Number Description Function
A 1 addressrecord
Returnsa32-bitIPv4address,
mostcommonlyusedtomap
hostnamestoanIPaddress
ofthehost,butalsousedfor
DNSBLs,storingsubnetmasks
inRFC1101,etc.
AAAA 28IPv6address
record
Returnsa128-bitIPv6
address,mostcommonlyused
tomaphostnamestoanIP
addressofthehost.
AFSDB 18AFSdatabase
record
Locationofdatabaseservers
ofanAFScell.Thisrecordis
commonlyusedbyAFSclients
tocontactAFScellsoutside
theirlocaldomain.Asubtype
ofthisrecordisusedbythe
obsoleteDCE/DFSfilesystem.
CERT 37Certificate
recordStoresPKIX,SPKI,PGP,etc.
CNAME 5Canonical
namerecord
Aliasofonenametoanother:
theDNSlookupwillcontinue
byretryingthelookupwiththe
newname.
http://systadmin.wordpress.com/2009/03/19/dns-records/http://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/03/19/dns-records/#respondhttp://systadmin.blogspot.com/search/label/DNShttp://systadmin.blogspot.com/search/label/DNShttp://systadmin.wordpress.com/2009/03/19/dns-records/#respondhttp://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/03/19/dns-records/ -
8/4/2019 New System Administrator Interview Question With Answer
15/28
DHCID 49 DHCPidentifierUsedinconjunctionwiththe
FQDNoptiontoDHCP
DLV 32769
DNSSEC
Lookaside
Validation
record
ForpublishingDNSSECtrust
anchorsoutsideoftheDNS
delegationchain.Usesthe
sameformatastheDS
record.
DNAME 39 delegationname
DNAMEwilldelegateanentire
portionoftheDNStreeunder
anewname.Incontrast,the
CNAMErecordcreatesan
aliasofasinglename.Like
theCNAMErecord,theDNS
lookupwillcontinuebyretrying
thelookupwiththenew
name.
DNSKEY 48DNSKey
record
Thekeyrecordusedin
DNSSEC.Usesthesame
formatastheKEYrecord.
DS 43Delegation
signer
Therecordusedtoidentify
theDNSSECsigningkeyofa
delegatedzone
HIP 55HostIdentity
Protocol
Methodofseparatingtheend-
pointidentifierandlocator
rolesofIPaddresses.
IPSECKEY 45 IPSECKeyKeyrecordthatcanbeused
withIPSEC
-
8/4/2019 New System Administrator Interview Question With Answer
16/28
KEY 25 Keyrecord
UsedonlyforTKEY(RFC
2930).BeforeRFC3755was
published,thiswasalsoused
forDNSSEC,butDNSSEC
nowusesDNSKEY.
LOC 29 Locationrecord
Specifiesageographical
locationassociatedwitha
domainname
MX 15mailexchange
record
Mapsadomainnametoa
listofmailexchangeservers
forthatdomain
NAPTR 35
Naming
Authority
Pointer
Allowsregularexpression
basedrewritingofdomain
nameswhichcanthenbe
usedasURIs,furtherdomain
namestolookups,etc.
NS 2
nameserver
record
DelegatesaDNSzonetouse
thegivenauthoritativenameservers
NSEC 47Next-Secure
record
PartofDNSSECusedto
proveanamedoesnotexist.
Usesthesameformatasthe
(obsolete)NXTrecord.
NSEC3 50NSECrecord
version3
AnextensiontoDNSSECthat
allowsproofofnonexistence
foranamewithoutpermitting
zonewalking
NSEC3PARAM 51NSEC3 Parameterrecordforusewith
-
8/4/2019 New System Administrator Interview Question With Answer
17/28
parameters NSEC3
PTR 12 pointerrecord
Pointertoacanonicalname.
UnlikeaCNAME,DNS
processingdoesNOTproceed,
justthenameisreturned.The
mostcommonuseisfor
implementingreverseDNS
lookups,butotherusesinclude
suchthingsasDNS-SD.
RRSIG 46DNSSEC
signature
SignatureforaDNSSEC-
securedrecordset.Usesthe
sameformatastheSIG
record.
SIG 24 Signature
Signaturerecordusedin
SIG(0)(RFC2931).UntilRFC
3755waspublished,theSIG
recordwaspartofDNSSEC;
nowRRSIGisusedforthat.
SOA 6startof
authorityrecord
Specifiesauthoritative
informationaboutaDNSzone,
includingtheprimaryname
server,theemailofthe
domainadministrator,the
domainserialnumber,and
severaltimersrelatingto
refreshingthezone.
SPF 99 SPFrecord
SpecifiedaspartoftheSPF
protocol,asanalternativeto
storingSPFdatainTXT
records.Usesthesameformat
-
8/4/2019 New System Administrator Interview Question With Answer
18/28
astheTXTrecord.
SRV 33 Servicelocator
Generalizedservicelocation
record,usedfornewerprotocolsinsteadofcreating
protocol-specificrecordssuch
asMX.
SSHFP 44SSHPublic
KeyFingerprint
Resourcerecordforpublishing
SSHpublichostkey
fingerprintsintheDNS
System,inordertoaidin
verifyingtheauthenticityofthe
host.
TA 32768DNSSECTrust
Authorities
Partofadeploymentproposal
forDNSSECwithoutasigned
DNSroot.SeetheIANA
databaseandWeilerSpec]for
details.Usesthesameformat
astheDSrecord.
TXT 16 Textrecord
Originallyforarbitraryhuman-
readabletextinaDNSrecord.
Sincetheearly1990s,
however,thisrecordmore
oftencarriesmachine-readable
data,suchasspecifiedby
RFC1464,opportunistic
encryption,SenderPolicy
Framework,DomainKeys,DNS-
SD,etc.
-
8/4/2019 New System Administrator Interview Question With Answer
19/28
PreparingyouNetwork
FEBRUARY17,2009BYVASIMMEMONLEAVEACOMMENT
Hereinbelowscenariotherearetwoservers,SBSandDC01.SBShasallserversrolesand
DC01hasnorole.
AddingroletoAdditionalServer
Steps:-
1. Joinwindowsserver2003toadomainasamemeberserverDC012. InstallDNS3. RunDCPROMOonDC014. MakeDC01asaGlobalCatalog(GC)server5. ChangingthepreferredDNSofDC01topointtoitself.ChangethepreferredDNSaddressof
SBStopointtoDC01.
6. TransferFSMOrole7. Waitforreplicationtotakeplace.Giveitagood15minutes,dependinguponthesizeofyour
network.
8. RemovetheGCfromSBS.1. JoinDC01tothedomainyellowpark.localasamemberserver.Firstly,changethenetworkcardsettingsofDC01topointtoSBSforDNS.
http://systadmin.wordpress.com/2009/02/17/preparing-you-network/http://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/02/17/preparing-you-network/#respondhttp://systadmin.files.wordpress.com/2009/02/networkimange.jpghttp://systadmin.wordpress.com/2009/02/17/preparing-you-network/#respondhttp://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/02/17/preparing-you-network/ -
8/4/2019 New System Administrator Interview Question With Answer
20/28
Then,rightclickMyComputerandClickproperties,thenclicktheComputerNametab.ClicktheChangeButton,andenterthedetailsofthedomaintojoin.
ClickOK.Youwillthenbepromptedtoentera UsernameandPasswordwiththepermissions
necessarytojointhedomain.Entertheusernameandpasswordandclick OK.Youwillthen
needtoreboot.1. InstallDNSonDC01GotoAdd Remove Programs,Add Remove Windows Components.SelectNetwork Servicesandclickdetails.
http://systadmin.files.wordpress.com/2009/02/22.jpghttp://systadmin.files.wordpress.com/2009/02/12.jpghttp://systadmin.files.wordpress.com/2009/02/22.jpghttp://systadmin.files.wordpress.com/2009/02/12.jpg -
8/4/2019 New System Administrator Interview Question With Answer
21/28
SelectDNSandWINSandclickOK.1. OnceDNSandWINShasinstalled,youarereadytopromoteDC01toaDomainController.ClickStart,Run.ThenenterdcpromoandclickOK.ClickthroughtheWizardthenselectAdditional domain controller for an existing domain.ClickNext.
Enterausernameandpasswordwiththepermissionscapableofdoingthis,e.g.Administrator.
ClickNext.Enterthenameofthedomain(e.g.yellowpark.local)andclick Next.Selectthelocationwhereyouwouldliketostorethedatabasefolderandthelogfolder,forthe
purposeofthisarticleacceptthedefaults,Click Next.
http://systadmin.files.wordpress.com/2009/02/51.jpghttp://systadmin.files.wordpress.com/2009/02/43.jpghttp://systadmin.files.wordpress.com/2009/02/311.jpghttp://systadmin.files.wordpress.com/2009/02/51.jpghttp://systadmin.files.wordpress.com/2009/02/43.jpghttp://systadmin.files.wordpress.com/2009/02/311.jpghttp://systadmin.files.wordpress.com/2009/02/51.jpghttp://systadmin.files.wordpress.com/2009/02/43.jpghttp://systadmin.files.wordpress.com/2009/02/311.jpg -
8/4/2019 New System Administrator Interview Question With Answer
22/28
SelectthelocationyouwouldliketheSysvolfoldertobestored.Again,acceptthedefaultand
clicknext.
EnterapasswordtobeusedfortheDirectoryServicesRestoreMode.Makesureyoudont
forgetthis!ClickNexttwice.DCPromostartsrunningandwilltakeafewminutestocomplete.
Youwillbepromptedtorebootuponcompletion.RebootandlogontothedomainDC01. 1. NextstepistomakeDC01aGlobalCatalogServer(GC).OpenActiveDirectorySitesandServices.ClickStart,AdministrativeTools,ActiveDirectorySitesandServices.
ExpandSites,ExpandServers,thenexpandNTDSSettings.Rightclick NTDS Settingsfor
Exchange01andClick Properties.
TickGlobalCatalog.1. NextweregoingtoopentheNetworkCardpropertiesofDC01andchangethePreferredDNS
ServerIPaddresstopointtoitself192.168.0.11.
2. TransferringtheFSMOrolestoDC01.ClickStart,pointtoAdministrative Tools,andthenclickActive Directory Users and Computers.ClickthechangebuttontochangetheRIDMasterroletoDC01.Repeat this for each of the other
tabs.
http://systadmin.files.wordpress.com/2009/02/7.jpghttp://systadmin.files.wordpress.com/2009/02/61.jpghttp://systadmin.files.wordpress.com/2009/02/7.jpghttp://systadmin.files.wordpress.com/2009/02/61.jpg -
8/4/2019 New System Administrator Interview Question With Answer
23/28
TotransfertheDomainNamingMaster,OpenActiveDirectoryDomainsandTrusts. ClickStart,pointtoAdministrative Tools,andthenclickActive Directory Domains and Trusts.RightClickActiveDirectoryDomainsandTrustsNodeandclickOperationsMaster.Click
thechangebuttontochangetheOperationsMastertoDC01.
TotransfertheSchemaMasterrole:Firstly,youllneedtoregisterSchmmgmt.dll(ifyouhaventuseditbefore).Click Start,clickRun,
typeregsvr32 schmmgmt.dll,andthenclickOK.Thencreateanewsnapin.Click Start,clickRun,
typemmc,andthenclickOK. Right-clickActive Directory Schema,andthenclickChange Domain
Controller.SpecifyDC01.Right-clickActive Directory Schema,andthenclickOperations Master.In
theChange Schema Masterdialogbox,clickChange.MovethesitelicensingservertotheSBS
2003computer.Todothis,openActiveDirectorySitesandServices.ExpandSitesandthenclick
Default-First-Site-Name.Right-clickLicensing Site Settings,andthenclickProperties.ClickChange,
typethenameofDC01intheEnter the object name to selectarea,andthenclickOK.1. Rebootandwaitforevent1119or1869toshowintheEventViewerDirectoryServiceLog
onDC01.ThisshowsDC01isaGC.Thisisveryimportant.Remember,noGlobalCatalog
meansnoonecanlogonandyouwillloosethedomain!
http://systadmin.files.wordpress.com/2009/02/9.jpghttp://systadmin.files.wordpress.com/2009/02/8.jpghttp://systadmin.files.wordpress.com/2009/02/9.jpghttp://systadmin.files.wordpress.com/2009/02/8.jpg -
8/4/2019 New System Administrator Interview Question With Answer
24/28
Itcantakeanhourforthiseventtoshow.Iusuallygoandmakeacupofteaandcomeback
later.Thereisaworkaroundtomakeithappenquicker,butIwouldavoidit.WhenIdidthis
testlab,ittook1hour47minutesbeforeIsawEvent1869. 1. NextstepistoremovetheGCfromSBS.OpenActiveDirectorySitesandServices.
ClickStart, Administrative Tools,Active Directory Sites and Services.ExpandSites,ExpandServers,
thenexpandSBSNTDSSettings.Rightclick NTDS SettingsforExchange01and
click Properties.Un-tickGlobalCatalog.
TroubleshootingDNSinwindowsserver2003
1)StartTroubleshootingwithPing
Canyoupingthetargetmachine?
a)ByIPaddress.Ping192.168.1.3
b)ByHostname.Pingmyserver
c)Byfullyqualifieddomainname.Pingmyserver.company.com
Examinetherepliesforclues,forexampleisthereplymyserverormyserver.company.com.
DependingontheresultsfromPing,checktheDefaultGatewayandSubnetMask.
2)DonotneglectIPCONFIG
CollectinformationaboutdefaultgatewaysandDNSserverswithIPCONFIGsswitches,particularly
the/all.
WhatyouareparticularlyinterestedinistheDNSServersIPaddress.Shouldthatfieldbeemp ty
orincorrectthenadjusttheIPaddressattheNetworkIcon,TCP/IPproperties.
RememberthatIpconfighas3DNSspecificswitches.Onmorethanoneoccasion/flushdnshas
savedmetearingmyhairout.Whathappensisthatyoumayhavesolvedtheproblem,butthe
adirtycachepreventsconfirmation.Ipconfig/registerdnscansaveareboot,while/displaydnsmay
giveyouextrainformationonwhatnameresolutiontheclienthasachieved.
3)TimetolookattheDNSserversnap-in
AttheDNSconsole,ClickonView(Menu)andmakesurethatAdvancedisticked.Thisisrather
likeShowAllfiles.
http://systadmin.wordpress.com/2009/02/07/troubleshooting-dns-in-windows-server-2003/http://systadmin.blogspot.com/search/label/DNShttp://systadmin.files.wordpress.com/2009/02/1.jpghttp://systadmin.blogspot.com/search/label/DNShttp://systadmin.wordpress.com/2009/02/07/troubleshooting-dns-in-windows-server-2003/ -
8/4/2019 New System Administrator Interview Question With Answer
25/28
PreciselywhattolookforintheSnap-in,dependsontheproblem.Ifyouarecheckingbasic
connectivity,thencheckyouhaveaHost(A)recordforthemachineyouaretryingtocontact.
However,IwouldfollowupPINGwithacheckoftheMonitorTabontheDNSServer
icon.
ForbasicActiveDirectory/DNSconfigurationcheckthatthe_msdcsrecordswerecreatedby
DCPROMO.IfnottryrestartingtheNetlogonservice.
Ifyouhaveamoredifficultproblem,forexamplezonereplication,thenclickontheServerIcon,
Properties.(InthediagramAlanisthenameoftheserver.)OnetrapistoinvestigatetheDNSservericonwhenyoushouldbelookingattheForward
LookupZone,domainname.(Alsovicaversa,youlookatthedomainpropertiesinsteadofthe
DNSservericon.)
AbouthalfthesolutiontoDNSproblemsrequirearestartoftheDNSservice,fortunatelyMicrosoft
supplyaRestartoptionontheAllTasksmenu.
4)NSLookup
MyconclusionfortroubleshootingwithNSLookupisavoidit.Instead,whereeverpossible,usethe
aboveDNSsnap-in.AtfirstIwasinaweofNSLookup,thenImasteredit,thenIrealizedthatit
didnotgivemeanymoreinformationthantheDNSsnap-in.
So,thekilleruseofNSLookupisifyoudonothavetheDNSsnap-in,forexampleyouare
troubleshootingfromanXPmachine.
ThetrapwithNSLookupisthatyouforgettoconfigurethePTRrecords,withoutthecorresponding
ReverseLookupZone,NSLookupwillfail.
5)Hostsfiles
Revertingtohostsfilesmayseemliketakingastepbackwardsintothedarkages,butmanyis
thetimethatthistrustoldtechnologyhassolvedaproblem.
Thebeautyofthehostsfileisitssimplicityandthefactthattheclientoperatingsystemreads
thehostsfileBEFOREitqueriesDNS.Besurethatyouareeditingthehostsfileinthe
%systemroot%\system32\drivers\etc.(Notinthe\i386ordllcachefolder)
Onceyouhaveopenedthehostsfilewithnotepad,experimentwithhostnamesandIPaddresses
fortheserverthatyouwishtoconnect.Onceyouhaveaddedthehostentrytryoncemoreto
contactwithPing.
Example of Hosts file entries
192.168.1.3myserver
or
http://systadmin.blogspot.com/search/label/DNShttp://systadmin.files.wordpress.com/2009/02/2.jpghttp://systadmin.blogspot.com/search/label/DNS -
8/4/2019 New System Administrator Interview Question With Answer
26/28
192.168.1.3myserver.mycompany.com
6)EventViewer
IntruththeEventViewershouldbethefirstplacetolookforclues,notthelast!Masteringthe
EventViewerisanartinitself.ThepointtorememberisthatDNShasitsownLog.Byall
meanscheckthesystemlogoreventheapplicationlog,butdoinvestigatetheDNSlog.
Whatyouarelookingfordependsontheproblemarea.Buthereareafewcategoriestocheck:
DomainNameProblems,ResourceRecord,DatabaseLoadandtherereallyisaDNSSanity
Check!
What is FSMO Roles?
MicrosoftdesignedActiveDirectoryinsuchafashionthatyoucanperformmostconfiguration
activitiesfromanydomaincontroller.However,certainfunctionswithinthedirectoryarerestrictedto
specificdomaincontrollers,whichareknownas Flexible Single Master Operations (FSMO) Role /
Server or Simply Operations Master.
TherearefiverolesinFSMOoutwhichtworolesareforestbasedandrestthreearedomain
basedroles.
ForestBasedRoles
Schemamaster DomainnamingmasterDomainBasedRoles
PDCemulator Infrastructuremaster RIDmasterIndetailsbelow:- Schema masterholdstheonlywritablecopyoftheActiveDirectorySchema.Thisisa
configurationdatabasethatdescribesallavailableobjectandfunctiontypesintheActive
Directoryforest.Onlyonedomaincontrollerintheforestholdsthisrole.
Domain naming masterensuresthatanynewlycreateddomainsareuniquelyidentifiedbynamesthatadheretothepropernamingconventionsfornewtreesorchilddomainsinexistingtrees.
Onlyonedomaincontrollerintheforestholdsthisrole.
PDC emulatorServesasaprimarydomaincontroller(PDC)forWindowsNT4.0clientcomputersauthenticatingtothedomainandprocessesanychangestouserpropertiesonthese
clients,suchaspasswordchanges.Thisserveralsoactsasatimesynchronizationmasterto
synchronizethetimeontheremainingdomaincontrollersinthedomain.Onedomaincontroller
ineachdomainholdsthisrole.
Infrastructure masterUpdatesreferencesinitsdomainfromobjectssuchasdomaingroupmembershipstoobjectsinotherdomains.Thisserverprocessesanychangesinobjectsinthe
forestreceivedfromglobalcatalogserversandreplicatesthesechangestootherdomain
controllersinitsdomain.Onedomaincontrollerineachdomainholdsthisrole.
RID masterAssignssecurityidentifiers(SIDs)toobjectscreatedinitsdomain.ASIDconsistsofadomainidentifiercommontoallobjectsinitsdomainandarelativeidentifier(RID)that
http://systadmin.wordpress.com/tag/active-directory/http://systadmin.wordpress.com/tag/active-directory/ -
8/4/2019 New System Administrator Interview Question With Answer
27/28
isuniquetoeachobject.ThisserverensuresthatnotwoobjectshavethesameRIDand
handsoutpoolsofRIDstoeverydomaincontrollerinitsdomain.Onedomaincontrollerin
eachdomainholdsthisrole.
Exchange Server 2007 Interview Question and Answer
What is Exchange Server 2007?
MicrosoftExchangeServer2007isthenextversionofMicrosoftExchange.MicrosoftExchangeis
theindustrysleadinge -mail,calendaring,andunifiedmessagingserver.ThereleaseofExchange
Server2007iscloselyalignedwiththe2007MicrosoftOfficerelease.Together,theseproducts
deliverabest-in-classenterprisemessagingandcollaborationsolution.
What is new in Exchange Server 2007?
Exchange2007providesbuilt-inprotectiontokeepthee-mailsystemupandrunningandprotected
fromoutsidethreatsandletsemployeesworkmoreproductivelyfromwherevertheyarebyusing
avarietyofclients.TheseclientsincludeMicrosoftOfficeOutlook2007,MicrosoftOfficeOutlookWebAccess,andmobiledevices.ExchangeServer2007makesiteasierforITdepartmentsto
deliverthesenewcapabilitiestotheirorganizationsbymakingthemessagingenvironmenteasierto
manageandmorecost-efficient.FormoreinformationaboutExchangeServer2007
How does Exchange Server 2007 integrate with Microsoft Office Outlook 2007?
Outlook2007providesthemostcompletee-mail,calendaring,contacts,andtasksfunctionality
availableinane-mailclientthatiscompatiblewithExchange.WhenOutlook2007isusedwith
ExchangeServer2007,usersbenefitfromthenewSchedulingAssistantthatautomatestime-
consumingmeetingandresourcescheduling,theabilitytoplanandcustomizeout-of-office
communications,andmanagede-mailfoldersthatfacilitatecompliancewithinternalandregulatory
policies.Outlook2007andExchangeServer2007alsocombinetoenhancesecuritybyofferingfeaturesthatareeasytouseandletusersconfidentlysendandreceivesensitivebusiness
communicationsthroughe-mail.ByenablingtheAutodiscoverservice,youcanreducethe
complexityofclientconfigurationandreduceadministrativecoststhatareassociatedwith
troubleshootingconnectivityissuesforusers.
What are the different editions of Exchange Server 2007?
ExchangeServer2007isofferedintwoservereditions:StandardEditionandEnterpriseEdition.
ExchangeServer2007StandardEditionisdesignedtomeetthemessagingandcollaboration
needsofsmallandmediumorganizations.Itmayalsobeappropriateforspecificserverrolesor
branchoffices.ExchangeServer2007EnterpriseEdition,designedforlargeenterpriseorganizations,
enablesthecreationofmultiplestoragegroupsanddatabases.Formoreinformationabout
ExchangeServer2007editionsandClientAccessLicenses
How can I upgrade my current Exchange 2000 Server or Exchange Server 2003 environment?
WhenyouupgradetoExchangeServer2007,youcannotperformanin-placeserverupgradeon
anexistingExchangeserver.Instead,youmustinstallanewExchange2007serverintothe
existingorganization,andthenmovetherequireddatatothenewExchangeserver.Exchange
Server2007supportsmixedenvironmentsthatincludeExchange2000Server,ExchangeServer
http://systadmin.wordpress.com/tag/interview-question/http://systadmin.wordpress.com/tag/exchange-server/http://systadmin.wordpress.com/tag/exchange-server/http://systadmin.wordpress.com/tag/interview-question/ -
8/4/2019 New System Administrator Interview Question With Answer
28/28
2003,orboth.Thisallowsforaneasierandmoregradualtransition.Formoreinformationabout
howtoplananddeployExchangeServer2007
Should I map my current routing groups to my current Active Directory sites?
Exchange2007isbasedonActiveDirectorysites.IfyourcurrentMicrosoftExchangeenvironment
mapsascloselyaspossibletoActiveDirectorysites,yourinteroperabilityandmigrationstorywill
beeasier.Additionally,therecommendedupgradepathistoupgradealltheExchange2000
ServerorExchangeServer2003serversinasingleroutinggroupbeforeyouupgradethenext
routinggroup.Thisletsyoufullydecommissionaroutinggroupasyouupgradeandreducesthe
complexityofyourcurrentroutingtopology.MappingtheExchange2000ServerorExchange
Server2003routinggroupstotheExchange2007physicaltopologyalsomakesiteasiertoplan
foranupgradetoExchange2007becausethetwoenvironmentsaresimilarlyorganizedand
generallycorrelatetoActiveDirectorysites.