New System Administrator Interview Question With Answer

8/4/2019 New System Administrator Interview Question With Answer

1/28

SystemAdministratorinterviewquestionwithanswer

KCC

TheKCCisabuilt-inprocessthatrunsonalldomaincontrollersandgeneratesreplication

topologyfortheActiveDirectoryforest.TheKCCcreatesseparatereplicationtopologiesdepending

onwhetherreplicationisoccurringwithinasite(intrasite)orbetweensites(intersite).TheKCC

alsodynamicallyadjuststhetopologytoaccommodatenewdomaincontrollers,domaincontrollers

movedtoandfromsites,changingcostsandschedules,anddomaincontrollersthatare

temporarilyunavailable.

How do you view replication properties for AD?

ByusingActiveDirectoryReplicationMonitor.

Start>Run>Replmon

What are sites What are they used for?

Oneormorewell-connected(highlyreliableandfast)TCP/IPsubnets.Asiteallowsadministrators

toconfigureActiveDirectoryaccessandreplicationtopologytotakeadvantageofthephysical

network.

Name some OU design considerations?

OUdesignrequiresbalancingrequirementsfordelegatingadministrativerights independentof

GroupPolicyneedsandtheneedtoscopetheapplicationofGroupPolicy.ThefollowingOU

designrecommendationsaddressdelegationandscopeissues:

ApplyingGroupPolicyAnOUisthelowest-levelActiveDirectorycontainertowhichyoucan

assignGroupPolicysettings.Delegatingadministrativeauthorityusuallydontgomorethan3OU

levels

http://technet.microsoft.com/en-us/library/cc783140.aspx

What are FMSO Roles? List them.

FsmorolesareserverrolesinaForest

TherearefivetypesofFSMOroles

1-Schemamaster

2-Domainnamingmaster

3-Ridmaster

4-PDCEmullator

5-Infrastructuremaster

Logical Diagram of Active Directory ?, What is the difference between child domain & additional domain

Server?

Well,ifyouknowwhatadomainisthenyouhavehalftheanswer.SayyouhavethedomainMicrosoft.com.Nowmicrosofthasaservernamedserver1inthatdomain,whichhappenstothe

beparentdomain.SoitsFQDNisserver1.microsoft.com.Ifyouaddanadditionaldomainserver

andnameitserver2,thenitsFQDNisserver2.microsoft.com.

NowMicrosoftisbigsoithasofficesinEuropeandAsia.Sotheymakechilddomainsforthem

andtheirFQDNwouldlooklikethis:europe.microsoft.com&asia.microsoft.com.Nowletssayeach
http://systadmin.blogspot.com/search/label/Active%20Directoryhttp://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.wordpress.com/2011/04/07/understanding-of-flexible-single-master-operations-fsmo-role-server-or-simply-operations-master-for-windows-2003-and-2008-servers/http://systadmin.blogspot.com/search/label/Active%20Directory


2/28

ofthemhaveaserverinthosechilddomainsnamedserver1.TheirFQDNwouldthenlooklike

this:server1.europe.microsoft.com&server1.asia.microsoft.com..

What are Active Directory Groups?

Groupsarecontainersthatcontainuserandcomputerobjectswithinthemasmembers.When

securitypermissionsaresetforagroupintheAccessControlListonaresource,allmembersof

thatgroupreceivethosepermissions.DomainGroupsenablecentralizedadministrationinadomain.

Alldomaingroupsarecreatedonadomaincontroller.

Inadomain,ActiveDirectoryprovidessupportfordifferenttypesofgroupsandgroupscopes.The

grouptypedeterminesthetypeoftaskthatyoumanagewiththegroup.Thegroupscope

determineswhetherthegroupcanhavemembersfrommultipledomainsorasingledomain.

Group Types

*Security groups:UseSecuritygroupsforgrantingpermissionstogainaccesstoresources.

Sendingane-mailmessagetoagroupsendsthemessagetoallmembersofthegroup.

Thereforesecuritygroupssharethecapabilitiesofdistributiongroups.

*Distribution groups:Distributiongroupsareusedforsendinge-mainmessagestogroupsofusers.

Youcannotgrantpermissionstosecuritygroups.Eventhoughsecuritygroupshaveallthecapabilitiesofdistributiongroups,distributiongroupsstillrequires,becausesomeapplicationscan

onlyreaddistributiongroups.

Group Scopes

Groupscopenormallydescribewhichtypeofusersshouldbeclubbedtogetherinawaywhichis

easyforthereadministration.Therefore,indomain,groupsplayanimportantpart.Onegroupcan

beamemberofothergroup(s)whichisnormallyknownasGroupnesting.Oneormoregroups

canbememberofanygroupintheentiredomain(s)withinaforest.

*Domain Local Group:Usethisscopetograntpermissionstodomainresourcesthatarelocated

inthesamedomaininwhichyoucreatedthedomainlocalgroup.Domainlocalgroupscanexist

inallmixed,nativeandinterimfunctionallevelofdomainsandforests.Domainlocalgroupmembershipsarenotlimitedasyoucanaddmembersasuseraccounts,universalandglobal

groupsfromanydomain.Justtoremember,nestingcannotbedoneindomainlocalgroup.A

domainlocalgroupwillnotbeamemberofanotherDomainLocaloranyothergroupsinthe

samedomain.

*Global Group:Userswithsimilarfunctioncanbegroupedunderglobalscopeandcanbegiven

permissiontoaccessaresource(likeaprinterorsharedfolderandfiles)availableinlocalor

anotherdomaininsameforest.Tosayinsimplewords,Globalgroupscanbeusetogrant

permissionstogainaccesstoresourceswhicharelocatedinanydomainbutinasingleforest

astheirmembershipsarelimited.Useraccountsandglobalgroupscanbeaddedonlyfromthe

domaininwhichglobalgroupiscreated.NestingispossibleinGlobalgroupswithinothergroups

asyoucanaddaglobalgroupintoanotherglobalgroupfromanydomain.Finallytoprovide

permissiontodomainspecificresources(likeprintersandpublishedfolder),theycanbemembers

ofaDomainLocalgroup.Globalgroupsexistinallmixed,nativeandinterimfunctionallevelof

domainsandforests.

*Universal Group Scope:thesegroupsarepreciselyusedforemaildistributionandcanbegranted

accesstoresourcesinalltrusteddomainasthesegroupscanonlybeusedasasecurity

principal(securitygrouptype)inawindows2000nativeorwindowsserver2003domainfunctional


3/28

leveldomain.Universalgroupmembershipsarenotlimitedlikeglobalgroups.Alldomainuser

accountsandgroupscanbeamemberofuniversalgroup.Universalgroupscanbenestedunder

aglobalorDomainLocalgroupinanydomain.

What are the types ofbackup? Explain each?

Incremental

Anormalincrementalbackupwillonlybackupfilesthathavebeenchangedsincethelast

backupofanytype.Thisprovidesthequickestmeansofbackup,sinceitonlymakescopiesof

filesthathavenotyetbeenbackedup.Forinstance,followingourfullbackuponFriday,

MondaystapewillcontainonlythosefileschangedsinceFriday.Tuesdaystapecontainsonly

thosefileschangedsinceMonday,andsoon.Thedownsidetothisisobviouslythatinorderto

performafullrestore,youneedtorestorethelastfullbackupfirst,followedbyeachofthe

subsequentincrementalbackupstothepresentdayinthecorrectorder.Shouldanyoneofthese

backupcopiesbedamaged(particularlythefullbackup),therestorewillbeincomplete.

Differential

Acumulativebackupofallchangesmadeafterthelastfullbackup.Theadvantagetothisisthe

quickerrecoverytime,requiringonlyafullbackupandthelatestdifferentialbackuptorestorethesystem.Thedisadvantageisthatforeachdayelapsedsincethelastfullbackup,moredata

needstobebackedup,especiallyifamajorityofthedatahasbeenchanged.

What is the SYSVOL folder?

TheWindowsServer2003SystemVolume(SYSVOL)isacollectionoffoldersandreparsepoints

inthefilesystemsthatexistoneachdomaincontrollerinadomain.SYSVOLprovidesastandard

locationtostoreimportantelementsofGroupPolicyobjects(GPOs)andscriptssothattheFile

Replicationservice(FRS)candistributethemtootherdomaincontrollerswithinthatdomain.

YoucangotoSYSVOLfolderbytyping:%systemroot%/sysvol

What is the ISTG Who has that role by default?

ThefirstserverinthesitebecomestheISTGforthesite,Thedomaincontrollerholdingthisrolemaynotnecessarilyalsobeabridgeheadserver.

What is the order in which GPOs are applied?

Local,Site,Domain,OU

1.Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?

Ifweareusingpublicipaddress,wecanbrowsetheinternet.Ifitishavinganintranetaddress

agatewayisneededasarouterorfirewalltocommunicatewithinternet.

2. What is CIDR?

CIDR(ClasslessInter-DomainRouting,sometimesknownassupernetting)isawaytoallocateand

specifytheInternetaddressesusedininter-domainroutingmoreflexiblythanwiththeoriginal

systemofInternetProtocol(IP)addressclasses.Asaresult,thenumberofavailableInternet

addresseshasbeengreatlyincreased.CIDRisnowtheroutingsystemusedbyvirtuallyall

gatewayhostsontheInternetsbackbonenetwork.TheInternetsregulatingauthoritiesnowexpect

everyInternetserviceprovider(ISP)touseitforrouting.

3.What is DHCP? What are the benefits and drawbacks of using it?

DHCPisDynamicHostConfigurationProtocol.Inanetworkedenvironmentitisamethodto

assignanaddresstoacomputerwhenitbootsup.
http://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/group%20policyhttp://systadmin.blogspot.com/search/label/group%20policyhttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backuphttp://systadmin.blogspot.com/search/label/Backup


4/28

Advantages

AlltheIPconfigurationinformationgetsautomaticallyconfiguredforyourclientmachinebythe

DHCPserver.

Ifyoumoveyourclientmachinetoadifferentsubnet,theclientwillsendoutitsdiscover

messageatboottimeandworkasusual.However,whenyoufirstbootupthereyouwillnotbe

abletogetbacktheIPaddressyouhadatyourpreviouslocationregardlessofhowlittletime

haspassed.

Disadvantage

YourmachinenamedoesnotchangewhenyougetanewIPaddress.TheDNS(DomainName

System)nameisassociatedwithyourIPaddressandthereforedoeschange.Thisonlypresents

aproblemifotherclientstrytoaccessyourmachinebyitsDNSname.

4.How do you manually create SRV records in DNS?

TocreateSRVrecordsinDNSdobelowsteps:-

OpenDNS

ClickonZoneSelectdomainabc.local-

RightClicktodomainandgotoOtherNewRecords Andchooseservicelocation(SRV)

5. Name 3 benefits of using AD-integrated zones.

Benefitsasfollows

a.youcangiveeasynameresolutiontourclients.

b.BycreatingAD-integratedzoneyoucanalsotracehackerandspammerbycreatingreverse

zone.

c.ADintegratedzonedallforincrementalzonetransferswhichontransferchangesandnotthe

entirezone.Thisreduceszonetransfertraffic.

d.ADIntegratedzonessuportbothsecureanddmanicupdates.

e.ADintegratedzonesarestoredaspartoftheactivedirectoryandsupportdomain-wideorforest-widereplicationthroughapplicationpertitionsinAD.

6. How do I clear the DNS cache on the DNS server?

Gotocmdpromptandtypeipconfig/flushdnswithoutquotes

7. What is NAT?

NAT(NetworkAddressTranslation)isatechniqueforpreservingscarceInternetIPaddresses.For

moredetailsgotoMicrosoftlink

8. How do you configure NAT on Windows 2003?

Foraboveanswergotobelowlink

ConfigureNAT

9. How to configure special ports to allow inbound connections?

a.ClickStart,AdministrativeTools,andthenclickRoutingandRemoteAccesstoopenthe

RoutingandRemoteAccessmanagementconsole.

b.Locatetheinterfacethatyouwanttoconfigure.

c.Right-clicktheinterfaceandthenselectPropertiesfromtheshortcutmenu.

d.ClicktheSpecialPortstab.

e.UnderProtocol,selectTCPorUDPandthenclicktheAddbutton.

f.EntertheportnumberoftheincomingtrafficinIncomingPort.
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.htmlhttp://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html


5/28

g.SelectOnThisAddressPoolEntry,andprovidethepublicIPaddressoftheincomingtraffic.

h.EntertheportnumberoftheprivatenetworkresourceinOutgoingPort.

i.EntertheprivatenetworkresourcesprivateIPaddressinPrivateAddress.

j.ClickOK.

What is Active Directory Domain Services 2008?


6/28

ActiveDirectoryDomainServices(ADDS),formerlyknownasActiveDirectory

DirectoryServices,isthecentrallocationforconfigurationinformation,authentication

requests,andinformationaboutalloftheobjectsthatarestoredwithinyourforest.

UsingActiveDirectory,youcanefficientlymanageusers,computers,groups,printers,

applications,andotherdirectory-enabledobjectsfromonesecure,centralizedlocation.

What is the SYSVOL folder?

TheSysvolfolderonaWindowsdomaincontrollerisusedtoreplicatefile-based

dataamongdomaincontrollers.BecausejunctionsareusedwithintheSysvolfolder

structure,WindowsNTfilesystem(NTFS)version5.0isrequiredondomain

controllersthroughoutaWindowsdistributedfilesystem(DFS)forest.

Thisisaquotefrommicrosoftthemselves,basicallythedomaincontrollerinfostored

infileslikeyourgrouppolicystuffisreplicatedthroughthisfolderstructure

Whats New in Windows Server 2008 Active Directory Domain Services?

ActiveDirectoryDomainServicesinWindowsServer2008providesanumberof

enhancementsoverpreviousversions,includingthese:

AuditingADDSauditinghasbeenenhancedsignificantlyinWindowsServer2008.

Theenhancementsprovidemoregranularauditingcapabilitiesthroughfournew

auditingcategories:DirectoryServicesAccess,DirectoryServicesChanges,Directory

ServicesReplication,andDetailedDirectoryServicesReplication.Additionally,auditing

nowprovidesthecapabilitytologoldandnewvaluesofanattributewhena

successfulchangeismadetothatattribute.

Fine-Grained Password PoliciesADDSinWindowsServer2008nowprovidesthe

capabilitytocreatedifferentpasswordandaccountlockoutpoliciesfordifferentsets

ofusersinadomain.Userandgrouppasswordandaccountlockoutpoliciesare

definedandappliedviaaPasswordSettingObject(PSO).APSOhasattributesfor

allthesettingsthatcanbedefinedintheDefaultDomainPolicy,exceptKerberos

settings.PSOscanbeappliedtobothusersandgroups.

Read-Only Domain ControllersADDSinWindowsServer2008introducesanewtype

ofdomaincontrollercalledaread-onlydomaincontroller(RODC).RODCscontaina

read-onlycopyoftheADDSdatabase.RODCsarecoveredinmoredetailin

Chapter6,ManageSitesandReplication.

Restartable Active Directory Domain ServicesADDSinWindowsServer2008cannow

bestoppedandrestartedthroughMMCsnap-insandthecommandline.The

restartableADDSservicereducesthetimerequiredtoperformcertainmaintenanceandrestoreoperations.Additionally,otherservicesrunningontheserverremain

availabletosatisfyclientrequestswhileADDSisstopped.


7/28

AD DS Database Mounting ToolADDSinWindowsServer2008comeswithaAD

DSdatabasemountingtool,whichprovidesameanstocomparedataasitexists

insnapshotsorbackupstakenatdifferenttimes.TheADDSdatabasemounting

eliminatestheneedtorestoremultiplebackupstocomparetheADdatathatthey

containandprovidesthecapabilitytoexamineanychangemadetodatastoredin

ADDS.


8/28

What is the Global Catalog?

Aglobalcatalogserverisadomaincontroller.Itisamastersearchabledatabase

thatcontainsinformationabouteveryobjectineverydomaininaforest.Theglobal

catalogcontainsacompletereplicaofallobjectsinActiveDirectoryforitshost

domain,andcontainsapartialreplicaofallobjectsinActiveDirectoryforevery

otherdomainintheforest.

Ithastwoimportantfunctions:

Providesgroupmembershipinformationduringlogonandauthentication

HelpsuserslocateresourcesinActiveDirectory

What are RODCs? And what are the major benefits of using RODCs?

Aread-onlydomaincontroller(RODC)isanewtypeofdomaincontrollerinthe

WindowsServer2008operatingsystem.WithanRODC,organizationscaneasily

deployadomaincontrollerinlocationswherephysicalsecuritycannotbeguaranteed.

AnRODChostsread-onlypartitionsoftheActiveDirectoryDomainServices(AD

DS)database.

BeforethereleaseofWindowsServer2008,ifusershadtoauthenticatewitha

domaincontrolleroverawideareanetwork(WAN),therewasnorealalternative.In

manycases,thiswasnotanefficientsolution.Branchofficesoftencannotprovide

theadequatephysicalsecuritythatisrequiredforawritabledomaincontroller.

Furthermore,branchofficesoftenhavepoornetworkbandwidthwhentheyare

connectedtoahubsite.Thiscanincreasetheamountoftimethatisrequiredto

logon.Itcanalsohamperaccesstonetworkresources.

BeginningwithWindowsServer2008,anorganizationcandeployanRODCto

addresstheseproblems.Asaresult,usersinthissituationcanreceivethefollowingbenefits:

*Improvedsecurity

*Fasterlogontimes

*Moreefficientaccesstoresourcesonthenetwork

What does an RODC do?

Inadequatephysicalsecurityisthemostcommonreasontoconsiderdeployingan

RODC.AnRODCprovidesawaytodeployadomaincontrollermoresecurelyin

locationsthatrequirefastandreliableauthenticationservicesbutcannotensure

physicalsecurityforawritabledomaincontroller.However,yourorganizationmayalsochoosetodeployanRODCforspecial

administrativerequirements.Forexample,aline-of-business(LOB)applicationmayrun

successfullyonlyifitisinstalledonadomaincontroller.Or,thedomaincontroller

mightbetheonlyserverinthebranchoffice,anditmayhavetohostserver

applications.


9/28

Insuchcases,theLOBapplicationownermustoftenlogontothedomain

controllerinteractivelyoruseTerminalServicestoconfigureandmanagethe

application.Thissituationcreatesasecurityriskthatmaybeunacceptableona

writabledomaincontroller.

AnRODCprovidesamoresecuremechanismfordeployingadomaincontrollerin

thisscenario.Youcangrantanonadministrativedomainusertherighttologonto

anRODCwhileminimizingthesecurityrisktotheActiveDirectoryforest.

YoumightalsodeployanRODCinotherscenarioswherelocalstorageofall

domainuserpasswordsisaprimarythreat,forexample,inanextranetor

application-facingrole.

What is REPADMIN?

Repadmin.exe:ReplicationDiagnosticsTool

Thiscommand-linetoolassistsadministratorsindiagnosingreplicationproblemsbetweenWindows

domaincontrollers.

AdministratorscanuseRepadmintoviewthereplicationtopology(sometimesreferredtoasRepsFromandRepsTo)asseenfromtheperspectiveofeachdomaincontroller.Inaddition,

Repadmincanbeusedtomanuallycreatethereplicationtopology(althoughinnormalpracticethis

shouldnotbenecessary),toforcereplicationeventsbetweendomaincontrollers,andtoviewboth

thereplicationmetadataandup-to-datenessvectors.

Repadmin.execanalsobeusedformonitoringtherelativehealthofanActiveDirectoryforest.

Theoperationsreplsummary,showrepl,showrepl/csv,andshowvector/latencycanbeusedto

checkforreplicationproblems.

What is NETDOM?

NETDOMisacommand-linetoolthatallowsmanagementofWindowsdomainsandtrust

relationships.Itisusedforbatchmanagementoftrusts,joiningcomputerstodomains,verifying

trusts,andsecurechannels

What are some of the new tools and features provided by Windows Server 2008?

WindowsServer2008nowprovidesadesktopenvironmentsimilartoMicrosoftWindowsVistaand

includestoolsalsofoundinVista,suchasthenewbackupsnap-inandtheBitLockerdrive

encryptionfeature.WindowsServer2008alsoprovidesthenewIIS7webserverandtheWindows

DeploymentService.

WhatarethedifferenteditionsofWindowsServer2008?

Theentry-levelversionofWindowsServer2008istheStandardEdition.TheEnterpriseEditionprovidesaplatformforlargeenterprisewidenetworks.TheDatacenterEditionprovidessupportfor

unlimitedHyper-Vvirtualizationandadvancedclusteringservices.TheWebEditionisascaled-down

versionofWindowsServer2008intendedforuseasadedicatedwebserver.TheStandard,

Enterprise,andDatacenterEditionscanbepurchasedwithorwithouttheHyper-Vvirtualization

technology.

What two hardware considerations should be an important part of the planning process for a Windows

Server 2008 deployment?


10/28

AnyserveronwhichyouwillinstallWindowsServer2008shouldhaveatleasttheminimum

hardwarerequirementforrunningthenetworkoperatingsystem.Serverhardwareshouldalsobeon

theWindowsServer2008HardwareCompatibilityListtoavoidthepossibilityofhardwareand

networkoperatingsystemincompatibility.

What are the options for installing Windows Server 2008?

YoucaninstallWindowsServer2008onaservernotcurrentlyconfiguredwithNOS,oryoucan

upgradeexistingserversrunningWindows2000ServerandWindowsServer2003.

How do you configure and manage a Windows Server 2008 core installation?

Thisstripped-downversionofWindowsServer2008ismanagedfromthecommandline.

Which Control Panel tool enables you to automate the running of server utilities and other applications?

TheTaskSchedulerenablesyoutoschedulethelaunchingoftoolssuchasWindowsBackupand

DiskDefragmenter.

What are some of the items that can be accessed via the System Properties dialog box?

YoucanaccessvirtualmemorysettingsandtheDeviceManagerviatheSystemPropertiesdialog

box.

When a child domain is created in the domain tree, what type of trust relationship exists between the newchild domain and the trees root domain?

Childdomainsandtherootdomainofatreeareassignedtransitivetrusts.Thismeansthatthe

rootdomainandchilddomaintrusteachotherandallowresourcesinanydomaininthetreeto

beaccessedbyusersinanydomaininthetree.

What is the primary function of domain controllers?

Theprimaryfunctionofdomaincontrollersistovalidateuserstothenetwork.However,domain

controllersalsoprovidethecatalogofActiveDirectoryobjectstousersonthenetwork.

What are some of the other roles that a server running Windows Server 2008 could fill on the network?

AserverrunningWindowsServer2008canbeconfiguredasadomaincontroller,afileserver,a

printserver,awebserver,oranapplicationserver.WindowsserverscanalsohaverolesandfeaturesthatprovideservicessuchasDNS,DHCP,andRoutingandRemoteAccess.

Which Windows Server 2008 tools make it easy to manage and configure a servers roles and features?

TheServerManagerwindowenablesyoutoviewtherolesandfeaturesinstalledonaserverand

alsotoquicklyaccessthetoolsusedtomanagethesevariousrolesandfeatures.TheServer

Managercanbeusedtoaddandremoverolesandfeaturesasneeded.

What Windows Server 2008 service is used to install client operating systems over the network?

WindowsDeploymentServices(WDS)enablesyoutoinstallclientandserveroperatingsystems

overthenetworktoanycomputerwithaPXE-enablednetworkinterface.

What domain services are necessary for you to deploy the Windows Deployment Services on your network?

WindowsDeploymentServicesrequiresthataDHCPserverandaDNSserverbeinstalledinthe

domain

How is WDS configured and managed on a server running Windows Server 2008?

TheWindowsDeploymentServicessnap-inenablesyoutoconfiguretheWDSserverandaddboot

andinstallimagestotheserver.

What is the difference between a basic and dynamic drive in the Windows Server 2008 environment?

AbasicdiskembracestheMS-DOSdiskstructure;abasicdiskcanbedividedintopartitions

(simplevolumes).


11/28

Dynamicdisksconsistofasinglepartitionthatcanbedividedintoanynumberofvolumes.

DynamicdisksalsosupportWindowsServer2008RAIDimplementations.

What is RAID in Windows Server 2008?

RAID,orRedundantArrayofIndependentDisks,isastrategyforbuildingfaulttoleranceintoyour

fileservers.RAIDenablesyoutocombineoneormorevolumesonseparatedrivessothatthey

areaccessedbyasingledriveletter.WindowsServer2008enablesyoutoconfigureRAID0(a

stripedset),RAID1(amirrorset),andRAID5(diskstripingwithparity).

What conceptual model helps provide an understanding of how network protocol stacks such as TCP/IP

work?

TheOSImodel,consistingoftheapplication,presentation,session,transport,network,datalink,

andphysicallayers,helpsdescribehowdataissentandreceivedonthenetworkbyprotocol

stacks.

What protocol stack is installed by default when you install Windows Server 2008 on a network server?

TCP/IP(v4andv6)isthedefaultprotocolforWindowsServer2008.ItisrequiredforActive

Directoryimplementationsandprovidesforconnectivityonheterogeneousnetworks.

How is a server running Windows Server 2008 configured as a domain controller, such as the domaincontroller for the root domain or a child domain?

InstallingtheActiveDirectoryonaserverrunningWindowsServer2008providesyouwiththe

optionofcreatingarootdomainforadomaintreeorofcreatingchilddomainsinanexisting

tree.InstallingActiveDirectoryontheservermakestheserveradomaincontroller.

What are some of the tools used to manage Active Directory objects in a Windows Server 2008 domain?

WhentheActiveDirectoryisinstalledonaserver(makingitadomaincontroller),asetofActive

Directorysnap-insisprovided.TheActiveDirectoryUsersandComputerssnap-inisusedto

manageActiveDirectoryobjectssuchasuseraccounts,computers,andgroups.TheActive

DirectoryDomainsandTrustssnap-inenablesyoutomanagethetruststhataredefinedbetween

domains.TheActiveDirectorySitesandServicessnap-inprovidesforthemanagementofdomainsitesandsubnets.

How are domain user accounts created and managed?

TheActiveDirectoryUsersandComputerssnap-inprovidesthetoolsnecessaryforcreatinguser

accountsandmanagingaccountproperties.Propertiesforuseraccountsincludesettingsrelatedto

logonhours,thecomputerstowhichausercanlogon,andthesettingsrelatedtotheusers

password.

What type of Active Directory objects can be contained in a group?

Agroupcancontainusers,computers,contacts,andothernestedgroups.

What type of group is not available in a domain that is running at the mixed-mode functional level?

Universalgroupsarenotavailableinamixed-modedomain.Thefunctionallevelmustberaisedto

Windows2003orWindows2008tomakethesegroupsavailable.

What types of Active Directory objects can be contained in an Organizational Unit?

OrganizationalUnitscanholdusers,groups,computers,contacts,andotherOUs.The

OrganizationalUnitprovidesyouwithacontainerdirectlybelowthedomainlevelthatenablesyou

torefinethelogicalhierarchyofhowyourusersandotherresourcesarearrangedintheActive

Directory.

What are Active Directory sites in Windows Server 2008?


12/28

ActiveDirectorysitesarephysicallocationsonthenetworksphysicaltopology.Eachregional

domainthatyoucreateisassignedtoasite.SitestypicallyrepresentoneormoreIPsubnets

thatareconnectedbyIProuters.Becausesitesareseparatedfromeachotherbyarouter,the

domaincontrollersoneachsiteperiodicallyreplicatetheActiveDirectorytoupdatetheGlobal

Catalogoneachsitesegment.

Can servers running Windows Server 2008 provide services to clients when they are not part of a domain?

ServersrunningWindowsServer2008canbeconfiguredtoparticipateinaworkgroup.Theserver

canprovidesomeservicestotheworkgrouppeersbutdoesnotprovidethesecurityand

managementtoolsprovidedtodomaincontrollers.

What does the use of Group Policy provide you as a network administrator?

GroupPolicyprovidesamethodofcontrollinguserandcomputerconfigurationsettingsforActive

Directorycontainerssuchassites,domains,andOUs.GPOsarelinkedtoaparticularcontainer,

andthenindividualpoliciesandadministrativetemplatesareenabledtocontroltheenvironmentfor

theusersorcomputerswithinthatparticularcontainer.

What tools are involved in managing and deploying Group Policy?

GPOsandtheirsettings,links,andotherinformationsuchaspermissionscanbeviewedintheGroupPolicyManagementsnap-in.

How do you deal with Group Policy inheritance issues?

GPOsareinheriteddownthroughtheActiveDirectorytreebydefault.Youcanblockthe

inheritanceofsettingsfromuplineGPOs(foraparticularcontainersuchasanOUoralocal

computer)byselectingBlockInheritanceforthatparticularobject.Ifyouwanttoenforceahigher-

levelGPOsothatitoverridesdirectlylinkedGPOs,youcanusetheEnforcecommandonthe

inherited(orupline)GPO.

How can you make sure that network clients have the most recent Windows updates installed and have other

important security features such as the Windows Firewall enabled before they can gain full network access?

YoucanconfigureaNetworkPolicyServer(aserviceavailableintheNetworkPolicyandAccessServicesrole).TheNetworkPolicyServercanbeconfiguredtocomparedesktopclientsettings

withhealthvalidatorstodeterminethelevelofnetworkaccessaffordedtotheclient.

What is the purpose of deploying local DNS servers?

AdomainDNSserverprovidesforthelocalmappingoffullyqualifieddomainnamestoIP

addresses.BecausetheDNSisadistributeddatabase,thelocalDNSserverscanproviderecord

informationtoremoteDNSserverstohelpresolveremoterequestsrelatedtofullyqualifieddomain

namesonyournetwork.

In terms of DNS, what is a caching-only server?

Acaching-onlyDNSserversuppliesinformationrelatedtoqueriesbasedonthedataitcontainsin

itsDNScache.Caching-onlyserversareoftenusedasDNSforwarders.Becausetheyarenot

configuredwithanyzones,theydonotgeneratenetworktrafficrelatedtozonetransfers.

How the range of IP addresses is defined for a Windows Server 2008 DHCP server?

TheIPaddressessuppliedbytheDHCPserverareheldinascope.Ascopethatcontainsmore

thanonesubnetofIPaddressesiscalledasuperscope.IPaddressesinascopethatyoudo

notwanttoleasecanbeincludedinanexclusionrange.

DNS Interview Questions and Answer


13/28

1. Secure services in your network require reverse name resolution to make it more difficult to launchsuccessful attacks against the services. To set this up, you configure a reverse lookup zone and proceed

to add records. Which record types do you need to create?

Ans:PTRRecords

2. What is the main purpose of a DNS server?Ans:DNSserversareusedtoresolveFQDNhostnamesintoIPaddressesandviceversa

3. SOA records must be included in every zone. What are they used for?Ans:SOArecordscontainaTTLvalue,usedbydefaultinallresourcerecordsinthezone.

SOArecordscontainthee-mailaddressofthepersonwhoisresponsibleformaintainingthe

zone.SOArecordscontainthecurrentserialnumberofthezone,whichisusedinzone

transfers.

4. By default, if the name is not found in the cache or local hosts file, what is the first step the client takes toresolve the FQDN name into an IP address?

Ans:PerformsarecursivesearchthroughtheprimaryDNSserverbasedonthenetwork

interfaceconfiguration

5. What is the main purpose of SRV records?Ans:SRVrecordsareusedinlocatinghoststhatprovidecertainnetworkservices.

6. Before installing your first domain controller in the network, you installed a DNS server and created azone, naming it as you would name your AD domain. However, after the installation of the domain

controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the most

likely cause of this failure?

Ans:Thezoneyoucreatedwasnotconfiguredtoallowdynamicupdates.Thelocalinterface

ontheDNSserverwasnotconfiguredtoallowdynamicupdates.

7. Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy clients?Ans:Thezonetobeusedfordynamicupdatesmustbeconfiguredtoallowdynamicupdates.TheDHCPservermustsupport,andbeconfiguredtoallow,dynamicupdatesforlegacyclients.

8. At some point during the name resolution process, the requesting party received authoritative reply.Which further actions are likely to be taken after this reply?

Ans: Afterreceivingtheauthoritativereply,theresolutionprocessiseffectivelyover.

9. Your company uses ten domain controllers, three of which are also used as DNS servers. You have onecompanywide AD-integrated zone, which contains several thousand resource records. This zone also

allows dynamic updates, and it is critical to keep this zone up-to-date.

Replication between domain controllers takes up a significant amount of bandwidth. You are looking to

cut bandwidth usage for the purpose of replication. What should you do?

Ans:ChangethereplicationscopetoallDNSserversinthedomain.

10.You are administering a network connected to the Internet. Your users complain that everything is slow.Preliminary research of the problem indicates that it takes a considerable amount of time to resolve

names of resources on the Internet. What is the most likely reason for this?

Ans:DNSserversarenotcachingreplies..LocalclientcomputersarenotcachingrepliesThe

cache.dnsfilemayhavebeencorruptedontheserver.


14/28

DNSRecords

MARCH19,2009BYVASIMMEMON2COMMENTS

DNSResourceRecords

Code Number Description Function

A 1 addressrecord

Returnsa32-bitIPv4address,

mostcommonlyusedtomap

hostnamestoanIPaddress

ofthehost,butalsousedfor

DNSBLs,storingsubnetmasks

inRFC1101,etc.

AAAA 28IPv6address

record

Returnsa128-bitIPv6

address,mostcommonlyused

tomaphostnamestoanIP

addressofthehost.

AFSDB 18AFSdatabase

record

Locationofdatabaseservers

ofanAFScell.Thisrecordis

commonlyusedbyAFSclients

tocontactAFScellsoutside

theirlocaldomain.Asubtype

ofthisrecordisusedbythe

obsoleteDCE/DFSfilesystem.

CERT 37Certificate

recordStoresPKIX,SPKI,PGP,etc.

CNAME 5Canonical

namerecord

Aliasofonenametoanother:

theDNSlookupwillcontinue

byretryingthelookupwiththe

newname.
http://systadmin.wordpress.com/2009/03/19/dns-records/http://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/03/19/dns-records/#respondhttp://systadmin.blogspot.com/search/label/DNShttp://systadmin.blogspot.com/search/label/DNShttp://systadmin.wordpress.com/2009/03/19/dns-records/#respondhttp://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/03/19/dns-records/


15/28

DHCID 49 DHCPidentifierUsedinconjunctionwiththe

FQDNoptiontoDHCP

DLV 32769

DNSSEC

Lookaside

Validation

record

ForpublishingDNSSECtrust

anchorsoutsideoftheDNS

delegationchain.Usesthe

sameformatastheDS

record.

DNAME 39 delegationname

DNAMEwilldelegateanentire

portionoftheDNStreeunder

anewname.Incontrast,the

CNAMErecordcreatesan

aliasofasinglename.Like

theCNAMErecord,theDNS

lookupwillcontinuebyretrying

thelookupwiththenew

name.

DNSKEY 48DNSKey

record

Thekeyrecordusedin

DNSSEC.Usesthesame

formatastheKEYrecord.

DS 43Delegation

signer

Therecordusedtoidentify

theDNSSECsigningkeyofa

delegatedzone

HIP 55HostIdentity

Protocol

Methodofseparatingtheend-

pointidentifierandlocator

rolesofIPaddresses.

IPSECKEY 45 IPSECKeyKeyrecordthatcanbeused

withIPSEC


16/28

KEY 25 Keyrecord

UsedonlyforTKEY(RFC

2930).BeforeRFC3755was

published,thiswasalsoused

forDNSSEC,butDNSSEC

nowusesDNSKEY.

LOC 29 Locationrecord

Specifiesageographical

locationassociatedwitha

domainname

MX 15mailexchange

record

Mapsadomainnametoa

listofmailexchangeservers

forthatdomain

NAPTR 35

Naming

Authority

Pointer

Allowsregularexpression

basedrewritingofdomain

nameswhichcanthenbe

usedasURIs,furtherdomain

namestolookups,etc.

NS 2

nameserver

record

DelegatesaDNSzonetouse

thegivenauthoritativenameservers

NSEC 47Next-Secure

record

PartofDNSSECusedto

proveanamedoesnotexist.

Usesthesameformatasthe

(obsolete)NXTrecord.

NSEC3 50NSECrecord

version3

AnextensiontoDNSSECthat

allowsproofofnonexistence

foranamewithoutpermitting

zonewalking

NSEC3PARAM 51NSEC3 Parameterrecordforusewith


17/28

parameters NSEC3

PTR 12 pointerrecord

Pointertoacanonicalname.

UnlikeaCNAME,DNS

processingdoesNOTproceed,

justthenameisreturned.The

mostcommonuseisfor

implementingreverseDNS

lookups,butotherusesinclude

suchthingsasDNS-SD.

RRSIG 46DNSSEC

signature

SignatureforaDNSSEC-

securedrecordset.Usesthe

sameformatastheSIG

record.

SIG 24 Signature

Signaturerecordusedin

SIG(0)(RFC2931).UntilRFC

3755waspublished,theSIG

recordwaspartofDNSSEC;

nowRRSIGisusedforthat.

SOA 6startof

authorityrecord

Specifiesauthoritative

informationaboutaDNSzone,

includingtheprimaryname

server,theemailofthe

domainadministrator,the

domainserialnumber,and

severaltimersrelatingto

refreshingthezone.

SPF 99 SPFrecord

SpecifiedaspartoftheSPF

protocol,asanalternativeto

storingSPFdatainTXT

records.Usesthesameformat


18/28

astheTXTrecord.

SRV 33 Servicelocator

Generalizedservicelocation

record,usedfornewerprotocolsinsteadofcreating

protocol-specificrecordssuch

asMX.

SSHFP 44SSHPublic

KeyFingerprint

Resourcerecordforpublishing

SSHpublichostkey

fingerprintsintheDNS

System,inordertoaidin

verifyingtheauthenticityofthe

host.

TA 32768DNSSECTrust

Authorities

Partofadeploymentproposal

forDNSSECwithoutasigned

DNSroot.SeetheIANA

databaseandWeilerSpec]for

details.Usesthesameformat

astheDSrecord.

TXT 16 Textrecord

Originallyforarbitraryhuman-

readabletextinaDNSrecord.

Sincetheearly1990s,

however,thisrecordmore

oftencarriesmachine-readable

data,suchasspecifiedby

RFC1464,opportunistic

encryption,SenderPolicy

Framework,DomainKeys,DNS-

SD,etc.


19/28

PreparingyouNetwork

FEBRUARY17,2009BYVASIMMEMONLEAVEACOMMENT

Hereinbelowscenariotherearetwoservers,SBSandDC01.SBShasallserversrolesand

DC01hasnorole.

AddingroletoAdditionalServer

Steps:-

1. Joinwindowsserver2003toadomainasamemeberserverDC012. InstallDNS3. RunDCPROMOonDC014. MakeDC01asaGlobalCatalog(GC)server5. ChangingthepreferredDNSofDC01topointtoitself.ChangethepreferredDNSaddressof

SBStopointtoDC01.

6. TransferFSMOrole7. Waitforreplicationtotakeplace.Giveitagood15minutes,dependinguponthesizeofyour

network.

8. RemovetheGCfromSBS.1. JoinDC01tothedomainyellowpark.localasamemberserver.Firstly,changethenetworkcardsettingsofDC01topointtoSBSforDNS.
http://systadmin.wordpress.com/2009/02/17/preparing-you-network/http://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/02/17/preparing-you-network/#respondhttp://systadmin.files.wordpress.com/2009/02/networkimange.jpghttp://systadmin.wordpress.com/2009/02/17/preparing-you-network/#respondhttp://systadmin.wordpress.com/author/memon212/http://systadmin.wordpress.com/2009/02/17/preparing-you-network/


20/28

Then,rightclickMyComputerandClickproperties,thenclicktheComputerNametab.ClicktheChangeButton,andenterthedetailsofthedomaintojoin.

ClickOK.Youwillthenbepromptedtoentera UsernameandPasswordwiththepermissions

necessarytojointhedomain.Entertheusernameandpasswordandclick OK.Youwillthen

needtoreboot.1. InstallDNSonDC01GotoAdd Remove Programs,Add Remove Windows Components.SelectNetwork Servicesandclickdetails.
http://systadmin.files.wordpress.com/2009/02/22.jpghttp://systadmin.files.wordpress.com/2009/02/12.jpghttp://systadmin.files.wordpress.com/2009/02/22.jpghttp://systadmin.files.wordpress.com/2009/02/12.jpg


21/28

SelectDNSandWINSandclickOK.1. OnceDNSandWINShasinstalled,youarereadytopromoteDC01toaDomainController.ClickStart,Run.ThenenterdcpromoandclickOK.ClickthroughtheWizardthenselectAdditional domain controller for an existing domain.ClickNext.

Enterausernameandpasswordwiththepermissionscapableofdoingthis,e.g.Administrator.

ClickNext.Enterthenameofthedomain(e.g.yellowpark.local)andclick Next.Selectthelocationwhereyouwouldliketostorethedatabasefolderandthelogfolder,forthe

purposeofthisarticleacceptthedefaults,Click Next.
http://systadmin.files.wordpress.com/2009/02/51.jpghttp://systadmin.files.wordpress.com/2009/02/43.jpghttp://systadmin.files.wordpress.com/2009/02/311.jpghttp://systadmin.files.wordpress.com/2009/02/51.jpghttp://systadmin.files.wordpress.com/2009/02/43.jpghttp://systadmin.files.wordpress.com/2009/02/311.jpghttp://systadmin.files.wordpress.com/2009/02/51.jpghttp://systadmin.files.wordpress.com/2009/02/43.jpghttp://systadmin.files.wordpress.com/2009/02/311.jpg


22/28

SelectthelocationyouwouldliketheSysvolfoldertobestored.Again,acceptthedefaultand

clicknext.

EnterapasswordtobeusedfortheDirectoryServicesRestoreMode.Makesureyoudont

forgetthis!ClickNexttwice.DCPromostartsrunningandwilltakeafewminutestocomplete.

Youwillbepromptedtorebootuponcompletion.RebootandlogontothedomainDC01. 1. NextstepistomakeDC01aGlobalCatalogServer(GC).OpenActiveDirectorySitesandServices.ClickStart,AdministrativeTools,ActiveDirectorySitesandServices.

ExpandSites,ExpandServers,thenexpandNTDSSettings.Rightclick NTDS Settingsfor

Exchange01andClick Properties.

TickGlobalCatalog.1. NextweregoingtoopentheNetworkCardpropertiesofDC01andchangethePreferredDNS

ServerIPaddresstopointtoitself192.168.0.11.

2. TransferringtheFSMOrolestoDC01.ClickStart,pointtoAdministrative Tools,andthenclickActive Directory Users and Computers.ClickthechangebuttontochangetheRIDMasterroletoDC01.Repeat this for each of the other

tabs.


23/28

TotransfertheDomainNamingMaster,OpenActiveDirectoryDomainsandTrusts. ClickStart,pointtoAdministrative Tools,andthenclickActive Directory Domains and Trusts.RightClickActiveDirectoryDomainsandTrustsNodeandclickOperationsMaster.Click

thechangebuttontochangetheOperationsMastertoDC01.

TotransfertheSchemaMasterrole:Firstly,youllneedtoregisterSchmmgmt.dll(ifyouhaventuseditbefore).Click Start,clickRun,

typeregsvr32 schmmgmt.dll,andthenclickOK.Thencreateanewsnapin.Click Start,clickRun,

typemmc,andthenclickOK. Right-clickActive Directory Schema,andthenclickChange Domain

Controller.SpecifyDC01.Right-clickActive Directory Schema,andthenclickOperations Master.In

theChange Schema Masterdialogbox,clickChange.MovethesitelicensingservertotheSBS

2003computer.Todothis,openActiveDirectorySitesandServices.ExpandSitesandthenclick

Default-First-Site-Name.Right-clickLicensing Site Settings,andthenclickProperties.ClickChange,

typethenameofDC01intheEnter the object name to selectarea,andthenclickOK.1. Rebootandwaitforevent1119or1869toshowintheEventViewerDirectoryServiceLog

onDC01.ThisshowsDC01isaGC.Thisisveryimportant.Remember,noGlobalCatalog

meansnoonecanlogonandyouwillloosethedomain!


24/28

Itcantakeanhourforthiseventtoshow.Iusuallygoandmakeacupofteaandcomeback

later.Thereisaworkaroundtomakeithappenquicker,butIwouldavoidit.WhenIdidthis

testlab,ittook1hour47minutesbeforeIsawEvent1869. 1. NextstepistoremovetheGCfromSBS.OpenActiveDirectorySitesandServices.

ClickStart, Administrative Tools,Active Directory Sites and Services.ExpandSites,ExpandServers,

thenexpandSBSNTDSSettings.Rightclick NTDS SettingsforExchange01and

click Properties.Un-tickGlobalCatalog.

TroubleshootingDNSinwindowsserver2003

1)StartTroubleshootingwithPing

Canyoupingthetargetmachine?

a)ByIPaddress.Ping192.168.1.3

b)ByHostname.Pingmyserver

c)Byfullyqualifieddomainname.Pingmyserver.company.com

Examinetherepliesforclues,forexampleisthereplymyserverormyserver.company.com.

DependingontheresultsfromPing,checktheDefaultGatewayandSubnetMask.

2)DonotneglectIPCONFIG

CollectinformationaboutdefaultgatewaysandDNSserverswithIPCONFIGsswitches,particularly

the/all.

WhatyouareparticularlyinterestedinistheDNSServersIPaddress.Shouldthatfieldbeemp ty

orincorrectthenadjusttheIPaddressattheNetworkIcon,TCP/IPproperties.

RememberthatIpconfighas3DNSspecificswitches.Onmorethanoneoccasion/flushdnshas

savedmetearingmyhairout.Whathappensisthatyoumayhavesolvedtheproblem,butthe

adirtycachepreventsconfirmation.Ipconfig/registerdnscansaveareboot,while/displaydnsmay

giveyouextrainformationonwhatnameresolutiontheclienthasachieved.

3)TimetolookattheDNSserversnap-in

AttheDNSconsole,ClickonView(Menu)andmakesurethatAdvancedisticked.Thisisrather

likeShowAllfiles.
http://systadmin.wordpress.com/2009/02/07/troubleshooting-dns-in-windows-server-2003/http://systadmin.blogspot.com/search/label/DNShttp://systadmin.files.wordpress.com/2009/02/1.jpghttp://systadmin.blogspot.com/search/label/DNShttp://systadmin.wordpress.com/2009/02/07/troubleshooting-dns-in-windows-server-2003/


25/28

PreciselywhattolookforintheSnap-in,dependsontheproblem.Ifyouarecheckingbasic

connectivity,thencheckyouhaveaHost(A)recordforthemachineyouaretryingtocontact.

However,IwouldfollowupPINGwithacheckoftheMonitorTabontheDNSServer

icon.

ForbasicActiveDirectory/DNSconfigurationcheckthatthe_msdcsrecordswerecreatedby

DCPROMO.IfnottryrestartingtheNetlogonservice.

Ifyouhaveamoredifficultproblem,forexamplezonereplication,thenclickontheServerIcon,

Properties.(InthediagramAlanisthenameoftheserver.)OnetrapistoinvestigatetheDNSservericonwhenyoushouldbelookingattheForward

LookupZone,domainname.(Alsovicaversa,youlookatthedomainpropertiesinsteadofthe

DNSservericon.)

AbouthalfthesolutiontoDNSproblemsrequirearestartoftheDNSservice,fortunatelyMicrosoft

supplyaRestartoptionontheAllTasksmenu.

4)NSLookup

MyconclusionfortroubleshootingwithNSLookupisavoidit.Instead,whereeverpossible,usethe

aboveDNSsnap-in.AtfirstIwasinaweofNSLookup,thenImasteredit,thenIrealizedthatit

didnotgivemeanymoreinformationthantheDNSsnap-in.

So,thekilleruseofNSLookupisifyoudonothavetheDNSsnap-in,forexampleyouare

troubleshootingfromanXPmachine.

ThetrapwithNSLookupisthatyouforgettoconfigurethePTRrecords,withoutthecorresponding

ReverseLookupZone,NSLookupwillfail.

5)Hostsfiles

Revertingtohostsfilesmayseemliketakingastepbackwardsintothedarkages,butmanyis

thetimethatthistrustoldtechnologyhassolvedaproblem.

Thebeautyofthehostsfileisitssimplicityandthefactthattheclientoperatingsystemreads

thehostsfileBEFOREitqueriesDNS.Besurethatyouareeditingthehostsfileinthe

%systemroot%\system32\drivers\etc.(Notinthe\i386ordllcachefolder)

Onceyouhaveopenedthehostsfilewithnotepad,experimentwithhostnamesandIPaddresses

fortheserverthatyouwishtoconnect.Onceyouhaveaddedthehostentrytryoncemoreto

contactwithPing.

Example of Hosts file entries

192.168.1.3myserver

or
http://systadmin.blogspot.com/search/label/DNShttp://systadmin.files.wordpress.com/2009/02/2.jpghttp://systadmin.blogspot.com/search/label/DNS


26/28

192.168.1.3myserver.mycompany.com

6)EventViewer

IntruththeEventViewershouldbethefirstplacetolookforclues,notthelast!Masteringthe

EventViewerisanartinitself.ThepointtorememberisthatDNShasitsownLog.Byall

meanscheckthesystemlogoreventheapplicationlog,butdoinvestigatetheDNSlog.

Whatyouarelookingfordependsontheproblemarea.Buthereareafewcategoriestocheck:

DomainNameProblems,ResourceRecord,DatabaseLoadandtherereallyisaDNSSanity

Check!

What is FSMO Roles?

MicrosoftdesignedActiveDirectoryinsuchafashionthatyoucanperformmostconfiguration

activitiesfromanydomaincontroller.However,certainfunctionswithinthedirectoryarerestrictedto

specificdomaincontrollers,whichareknownas Flexible Single Master Operations (FSMO) Role /

Server or Simply Operations Master.

TherearefiverolesinFSMOoutwhichtworolesareforestbasedandrestthreearedomain

basedroles.

ForestBasedRoles

Schemamaster DomainnamingmasterDomainBasedRoles

PDCemulator Infrastructuremaster RIDmasterIndetailsbelow:- Schema masterholdstheonlywritablecopyoftheActiveDirectorySchema.Thisisa

configurationdatabasethatdescribesallavailableobjectandfunctiontypesintheActive

Directoryforest.Onlyonedomaincontrollerintheforestholdsthisrole.

Domain naming masterensuresthatanynewlycreateddomainsareuniquelyidentifiedbynamesthatadheretothepropernamingconventionsfornewtreesorchilddomainsinexistingtrees.

Onlyonedomaincontrollerintheforestholdsthisrole.

PDC emulatorServesasaprimarydomaincontroller(PDC)forWindowsNT4.0clientcomputersauthenticatingtothedomainandprocessesanychangestouserpropertiesonthese

clients,suchaspasswordchanges.Thisserveralsoactsasatimesynchronizationmasterto

synchronizethetimeontheremainingdomaincontrollersinthedomain.Onedomaincontroller

ineachdomainholdsthisrole.

Infrastructure masterUpdatesreferencesinitsdomainfromobjectssuchasdomaingroupmembershipstoobjectsinotherdomains.Thisserverprocessesanychangesinobjectsinthe

forestreceivedfromglobalcatalogserversandreplicatesthesechangestootherdomain

controllersinitsdomain.Onedomaincontrollerineachdomainholdsthisrole.

RID masterAssignssecurityidentifiers(SIDs)toobjectscreatedinitsdomain.ASIDconsistsofadomainidentifiercommontoallobjectsinitsdomainandarelativeidentifier(RID)that
http://systadmin.wordpress.com/tag/active-directory/http://systadmin.wordpress.com/tag/active-directory/


27/28

isuniquetoeachobject.ThisserverensuresthatnotwoobjectshavethesameRIDand

handsoutpoolsofRIDstoeverydomaincontrollerinitsdomain.Onedomaincontrollerin

eachdomainholdsthisrole.

Exchange Server 2007 Interview Question and Answer

What is Exchange Server 2007?

MicrosoftExchangeServer2007isthenextversionofMicrosoftExchange.MicrosoftExchangeis

theindustrysleadinge -mail,calendaring,andunifiedmessagingserver.ThereleaseofExchange

Server2007iscloselyalignedwiththe2007MicrosoftOfficerelease.Together,theseproducts

deliverabest-in-classenterprisemessagingandcollaborationsolution.

What is new in Exchange Server 2007?

Exchange2007providesbuilt-inprotectiontokeepthee-mailsystemupandrunningandprotected

fromoutsidethreatsandletsemployeesworkmoreproductivelyfromwherevertheyarebyusing

avarietyofclients.TheseclientsincludeMicrosoftOfficeOutlook2007,MicrosoftOfficeOutlookWebAccess,andmobiledevices.ExchangeServer2007makesiteasierforITdepartmentsto

deliverthesenewcapabilitiestotheirorganizationsbymakingthemessagingenvironmenteasierto

manageandmorecost-efficient.FormoreinformationaboutExchangeServer2007

How does Exchange Server 2007 integrate with Microsoft Office Outlook 2007?

Outlook2007providesthemostcompletee-mail,calendaring,contacts,andtasksfunctionality

availableinane-mailclientthatiscompatiblewithExchange.WhenOutlook2007isusedwith

ExchangeServer2007,usersbenefitfromthenewSchedulingAssistantthatautomatestime-

consumingmeetingandresourcescheduling,theabilitytoplanandcustomizeout-of-office

communications,andmanagede-mailfoldersthatfacilitatecompliancewithinternalandregulatory

policies.Outlook2007andExchangeServer2007alsocombinetoenhancesecuritybyofferingfeaturesthatareeasytouseandletusersconfidentlysendandreceivesensitivebusiness

communicationsthroughe-mail.ByenablingtheAutodiscoverservice,youcanreducethe

complexityofclientconfigurationandreduceadministrativecoststhatareassociatedwith

troubleshootingconnectivityissuesforusers.

What are the different editions of Exchange Server 2007?

ExchangeServer2007isofferedintwoservereditions:StandardEditionandEnterpriseEdition.

ExchangeServer2007StandardEditionisdesignedtomeetthemessagingandcollaboration

needsofsmallandmediumorganizations.Itmayalsobeappropriateforspecificserverrolesor

branchoffices.ExchangeServer2007EnterpriseEdition,designedforlargeenterpriseorganizations,

enablesthecreationofmultiplestoragegroupsanddatabases.Formoreinformationabout

ExchangeServer2007editionsandClientAccessLicenses

How can I upgrade my current Exchange 2000 Server or Exchange Server 2003 environment?

WhenyouupgradetoExchangeServer2007,youcannotperformanin-placeserverupgradeon

anexistingExchangeserver.Instead,youmustinstallanewExchange2007serverintothe

existingorganization,andthenmovetherequireddatatothenewExchangeserver.Exchange

Server2007supportsmixedenvironmentsthatincludeExchange2000Server,ExchangeServer
http://systadmin.wordpress.com/tag/interview-question/http://systadmin.wordpress.com/tag/exchange-server/http://systadmin.wordpress.com/tag/exchange-server/http://systadmin.wordpress.com/tag/interview-question/


28/28

2003,orboth.Thisallowsforaneasierandmoregradualtransition.Formoreinformationabout

howtoplananddeployExchangeServer2007

Should I map my current routing groups to my current Active Directory sites?

Exchange2007isbasedonActiveDirectorysites.IfyourcurrentMicrosoftExchangeenvironment

mapsascloselyaspossibletoActiveDirectorysites,yourinteroperabilityandmigrationstorywill

beeasier.Additionally,therecommendedupgradepathistoupgradealltheExchange2000

ServerorExchangeServer2003serversinasingleroutinggroupbeforeyouupgradethenext

routinggroup.Thisletsyoufullydecommissionaroutinggroupasyouupgradeandreducesthe

complexityofyourcurrentroutingtopology.MappingtheExchange2000ServerorExchange

Server2003routinggroupstotheExchange2007physicaltopologyalsomakesiteasiertoplan

foranupgradetoExchange2007becausethetwoenvironmentsaresimilarlyorganizedand

generallycorrelatetoActiveDirectorysites.

New System Administrator Interview Question With Answer

Documents

Transcript of New System Administrator Interview Question With Answer