windows-administrator-l2-interview-question- | Interview

Page 1 of 5

Register | Lost pass?

HOME

CAREER

SKILL TEST

TECHNET

HELPDESK

DNS TOOLS

IT STANDARD

COMMUNITY

MAIL

Windows Administrator L2 Interview Question

1. What is the purpose of having AD?
Active directory is a directory service that identifies all resources on a network and makes that information available
to users and services. The Main purpose of AD is to control and authenticate network resources.
2. Explain about sysvol folder?
The sysvol folder stores the server's copy of the domain's public files. The contents such as group policy, users, and
groups of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located
on an NTFS volume.
3.Explain Functions of Active Directory?
AD enables centralization in a domain environment. The Main purpose of AD is to control and authenticate network
resources.
4. What is the name of AD database?
AD database is NTDS.DIT
5. Explain briefly about AD Partition?
The Active Directory database is logically separated into directory partitions:
Schema Partition: Only one schema partition exists per forest. The schema partition is stored on all domain
controllers in a forest. The schema partition contains definitions of all objects and attributes that you can create in
the directory, and the rules for creating and manipulating them. Schema information is replicated to all domain
controllers in the attribute definitions.
Configuration Partition: There is only one configuration partition per forest. Second on all domain controllers in a
forest, the configuration partition contains information about the forest-wide active directory structure including what
domains and sites exist, which domain controllers exist in each forest, and which services are available. Configuration
information is replicated to all domain controllers in a forest.
Domain Partition: Many domain partitions can exist per forest. Domain partitions are stored on each domain
controller in a given domain. A domain partition contains information about users, groups, computers and
organizational units. The domain partition is replicated to all domain controllers of that domain. All objects in every
domain partition in a forest are stored in the global catalog with only a subset of their attribute values.
Application Partition: Application partitions store information about application in Active Directory. Each application
determines how it stores, categorizes, and uses application specific information. To prevent unnecessary replication
to specific application partitions, you can designate which domain controllers in a forest host specific application
partitions. Unlike a domain partitions, an application partition cannot store security principal objects, such as user
accounts. In addition, the data in an application partition is not stored in the global catalog.
6. Explain different zone involved in DNS Server?
DNS has two different Zones Forward Lookup Zone and Reverse Lookup Zone. There two Zones are categorized into
three zones and are as follows
Primary zone: It contains the read and writable copy of the DNS Database.
Secondary Zone: It acts as a backup for the primary zone and contains the read only copy of the DNS database.
Stub zone: It is also read-only like a secondary zone; stub zone contains only SOA, copies of NS and A records for
all name servers authoritative for the zone.
7. Explain Briefly about Stub Zone?
It is also read-only like a secondary zone, so administrators can't manually add, remove, or modify resource records
on it. But secondary zones contain copies of all the resource records in the corresponding zone on the master name
server; stub zones contain only three kinds of resource records:
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone.
Copies of A records for all name servers authoritative for the zone.

http://www.systemadministrator.in/Interview/windows-administrator-l2-interview-question... 6/30/2012

windows-administrator-l2-interview-question- | Interview

Page 2 of 5

8. Explain File Replication Service (FRS).

File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain
controllers and distributed file system shared folders. This service is a part of Microsofts Active Directory Service.
9. What is authoritative and non-authoritative restore?
Nonauthoritative restore: When a nonauthoritative restore is performed, Active Directory is restored from backup
media on the domain controller. This information is then updated during replication from the other domain
controllers. The nonauthoritative restore method is the default method to restore system state data to a domain
controller.
Authoritative restore: In an authoritative restore, Active Directory is installed to the point of the last backup job.
This method is typically used to recover Active Directory objects that were deleted in error. An authoritative restore
is performed by first performing a nonauthoritative restore, and then running the Ntdsutil utility prior to restarting
the server. You use the Ntdsutil utility to indicate those items that are authoritative. Items that are marked as
authoritative are not updated when the other domain controllers replicate to the particular domain controller.
10. What is the replication protocol involved in replication from PDC and ADC?
Normally Remote Procedure Call (RPC)is used to replicate data and is always used for intrasite replication since it is
required to support the FRS. RPC depends on IP (internet protocol) for transport.
Simple Mail Transfer Protocol (SMTP)may be used for replication between sites.
11. What are the benefits of AD integrated DNS?
A few advantages that Active Directory-integrated zone implementations have over standard primary zone
implementations are:
Active Directory replication is faster, which means that the time needed to transfer zone data between zones is
far less.
The Active Directory replication topology is used for Active Directory replication, and for Active Directoryintegrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are
integrated.
Active Directory-integrated zones can enjoy the security features of Active Directory.
The need to manage your Active Directory domains and DNS namespaces as separate entities is eliminated. This
in turn reduces administrative overhead.
When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored
on any new domain controllers automatically. Synchronization takes place automatically when new domain
controllers are deployed.
12. Explain some types of DNS records?
A Record: Binds an Name with an IP Address
PTR Record: Binds an IP Address with an Host Name
NS Record: Is name of an DNS Server
MX Record: Responsible for Mail receiving mail from different MTA
13. How many tables are there in NTDS.DIT?
The Active Directory ESE database, NTDS.DIT, consists of the following tables:
Schema table
the types of objects that can be created in the Active Directory, relationships between them, and the optional and
mandatory attributes on each type of object. This table is fairly static and much smaller than the data table.
Link table
contains linked attributes, which contain values referring to other objects in the Active Directory. Take the Member
Of attribute on a user object. That attribute contains values that reference groups to which the user belongs. This is
also far smaller than the data table.
Data table
users, groups, application-specific data, and any other data stored in the Active Directory. The data table can be
thought of as having rows where each row represents an instance of an object such as a user, and columns where
each column represents an attribute in the schema such as Given Name.
14. What is the purpose of the command NETDOM?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for
batch management of trusts, joining computers to domains, verifying trusts, and secure channels.
15. What is REPADMIN?
This command-line tool assists administrators in diagnosing replication problems between Windows domain
controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom
and RepsTo) as seen from the perspective of each domain controller.
16. What is the purpose of the command repmon?
Replmon displays information about Active Directory Replication.
17. How will take backup of registry using NTBACKUP?
Using System State.

http://www.systemadministrator.in/Interview/windows-administrator-l2-interview-question... 6/30/2012

windows-administrator-l2-interview-question- | Interview

Page 3 of 5

18. Explain briefly about Super Scope.

Using a super scope, you can group multiple scopes as a single administrative entity. With this feature, a DHCP
server can: Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment)
where multiple logical IP networks are used. When more than one logical IP network is used on each physical subnet
or network, such configurations are often called multinets.
19. Explain how client obtain IP address from DHCP Server?
Its a four-step process consisting of (a) IP request, (b) IP offer, (c) IP selection and (d) acknowledgement.
20. Explain about SRV Record.
For mapping a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such
as Active Directory domain controllers.
21. What are the advantages of having RAID 5?
Strip set with Distributed Parity. Fault Torrance. 100% Data guarantee.
22. How client are get authenticated with Active Directory Server?
Using PDC Emulator roles involved in FSMO.
If you create same user name or Computer name, AD through an error that the object already exists, Can you
explain how AD identifies the existing object?
Using RID Master roles involved in FSMO.
23. How will verify Active Directory successful installation?
Check DNS services and errors, check for domain name resolution, check for RPC, NTFRS, DNS and replication
related errors
24. Group Policy file extension in Windows 2003 Server
*.adm files
25. What is Global Catalog?
Global Catalog is a server which maintains the information about multiple domains with trust relationship agreement.
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in
every domain in a multidomain Active Directory forest.
26. What is Active Directory schema?
The Active Directory schema contains formal definitions of every object class that can be created in an Active
Directory forest it also contains formal definitions of every attribute that can exist in an Active Directory object.
27. What is a site?
one or more well-connected highly reliable and fast TCP/IP subnets. A site allows administrator to configure active
directory access and replication topology to take advantage of the physical network.
28. What is the file thats responsible for keep all Active Directory database?
Schema master.
29. What is the ntds.dit file default size?
40Mb
30. Whats the difference between local, global and universal groups?
Domain local groups assign access permissions to global domain groups for local domain resources. Global groups
provide access to resources in other trusted domains. Universal groups grant access to resources in all trusted
domains.
31. I am trying to create a new universal user group. Why cant I?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all
domain controllers be promoted to Windows Server 2003 Active Directory.
32. What is LSDOU?
Its group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and
Organizational Units.
33. What is the command used to change computer name, Make Client Member of Domain?
Using the command netdom
34. Difference between SID and GUID?
A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security
group in Windows operating systems. Well-known SIDs are a group of SIDs that identify generic users or generic
groups. Their values remain constant across all operating systems.

http://www.systemadministrator.in/Interview/windows-administrator-l2-interview-question... 6/30/2012

windows-administrator-l2-interview-question- | Interview

Page 4 of 5

35. Explain FSMO in Details.

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO
roles are:
Schema Master: The schema master domain controller controls all updates and modifications to the schema. To
update the schema of a forest, you must have access to the schema master. There can be only one schema master
in the whole forest.
Domain naming master: The domain naming master domain controller controls the addition or removal of domains
in the forest. There can be only one domain naming master in the whole forest.
Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to
objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure
master in each domain.
Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain
controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master
in the domain.
PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller
(PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows.
36. Which service is responsible for replicating files in SYSVOL folder?
File Replication Service (FRS)
37. Can you Move FSMO roles?
Yes, moving a FSMO server role is a manual process, it does not happen automatically. But what if you only have one
domain controller in your domain? That is fine. If you have only one domain controller in your organization then you
have one forest, one domain, and of course the one domain controller. All 5 FSMO server roles will exist on that DC.
There is no rule that says you have to have one server for each FSMO server role.
38. What permissions you should have in order to transfer a FSMO role?
Before you can transfer a role, you must have the appropriate permissions depending on which role you plan to
transfer:
Schema Master - member of the Schema Admins group
Domain Naming Master - member of the Enterprise Admins group
PDC Emulator - member of the Domain Admins group and/or the Enterprise Admins group
RID Master - member of the Domain Admins group and/or the Enterprise Admins group
Infrastructure Master - member of the Domain Admins group and/or the Enterprise Admins group
39. How to restore Group policy setting back to default?
The following command would replace both the Default Domain Security Policy and Default. Domain Controller
Security Policy. You can specify Domain or DC instead of both, to onlyrestore one or the other.> dcgpofix /target:
Both
40. What is caching only DNS Server?
When DNS is installed, and you do not add or configure any zones for the DNS server, the DNS server functions as a
caching-only DNS server by default. Caching-only DNS servers do not host zones, and are not authoritative for any
DNS domain. The information stored by caching-only DNS servers is the name resolution data that the server has
collected through resolving name resolution queries.
41. By Default how many shares in SYSVOL folder?
By default, a share with the domain name will be there under the SYSVOL folder.
Under the domain name share, two folders named Policies & Scripts will be there.
42. Zone not loaded by DNS server. How you troubleshoot?
Need to check Zone Transfer is enabled for all DNS Servers.
Also check the required Name Server has been added in the Authoritative Name Server Tab in DNS properties.
43. What is LDAP?
LDAP (lightweight directory access protocol) is an internet protocol which Email and other services is used to look up
information from the server.
44. What is ADSIEDIT?
ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a
Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as
adding, deleting, and moving objects with a directory service.
45. What are application partitions? When do I use them?

http://www.systemadministrator.in/Interview/windows-administrator-l2-interview-question... 6/30/2012

windows-administrator-l2-interview-question- | Interview

Page 5 of 5

AN application directory partition is a directory partition that is replicated only to specific domain controller. Only
domain controller running windows Server 2003 can host a replica of application directory partition. Using an
application directory partition provides redundancy, availability or fault tolerance by replicating data to specific
domain controller pr any set of domain controllers anywhere in the forest.
46. How do you create a new application partition?
Use the DnsCmd command to create an application directory partition.
47. Why WINS server is required
Windows Internet Naming Service (WINS) is an older network service (a protocol) that takes computer names as
input and returns the numeric IP address of the computer with that name or vice versa.
48. What is the purpose of the command ntdsutil?
To transfer or seize FSMO Roles.
49. Explain Forest Functional Level in Windows 2003 Server.
50. Explain Domain Functional Level in Windows 2003 Server.
51. How will you extend schema database?
52. What is the purpose of adprep command?
53. Briefly explain about netlogon?
54. What are forwarders in DNS server?
55. Explain about root hints.
56. Explain types of DNS queries?
57. How you will defragment AD Database?

Another Articles:
Windows Administrator L1 Interview Question (2010-07-08)
Desktop Administrator Interview Question (2010-04-30)
HR Interview Questions (2009-11-30)
Network Administrator Interview Questions (2009-11-30)
Hardware Interview Questions (2009-11-30)

About Us |Blog | Contact Us | Gallery | Site Map

Copyright 2011 System Administrator. All Rights Reserved.
Powered by V For U Technology.

http://www.systemadministrator.in/Interview/windows-administrator-l2-interview-question... 6/30/2012