Windows L3 questions

1. Explain three main features of Active Directory?

Ans. Active Directory enables single sign on to access resources on the network
such as desktops, shared files, printers etc. Active Directory provides advanced
security for the entire network and network resources. Active Directory is more
scalable and flexible for administration.
2. What do you mean by Active Directory functional levels? How does it help an

organizations network functionality?

Ans. https://technet.microsoft.com/en-us/library/cc787290(v=ws.10).aspx
3. What are the Domain and Forest functional levels of Windows Server 2003

AD?
4. What are the Domain and Forest functional levels of Windows Server 2008

AD?

2000 native

2003 native

2008 native

W2K, W2K3, W2K8

W2K3, W2K8

W2K8 only

Domain

Universal groups,

Ability to rename

Distributed File

features

Group nesting,

domain controllers

System replication

Group conversions,

via netdom.exe,

support for SYSVOL,

Security identifier

Logon time stamp

Advanced

(SID) history

dates, Redirect

encryption, Last

Users and

Interactive Logon

Computers,

information, Fine-

Authorization

grained password

Manager policies in

policies

DCs
allowed

AD, Constrained
delegation, Selective
authentication

Forest

All default AD

Forest trust, domain

No new additional

features

features

rename, linked-value

forest-level features

replication, Readonly domain

controller
deployment,
instances of the
dynamic auxiliary
class named
dynamicObject in a
domain directory
partition, convert
inetOrgPerson
object instance into
a User object
instance, create
instances of new
group types to
support role-based
authorization,
deactivation and
redefinition of
attributes and
classes in the
schema

5. How to add additional Domain Controller in a remote site with slower WAN

link?
Ans. Command to create ifm file
Ntdsutil active instance ntds ---IFM create RODC c:\dcpromo

Create full c:\dcpromo for full Writable domain controller

6. How do we install Active Directory in Windows 7 Computer?

Ans. Active directory RSAT tool

7. What are the prerequisites to install Active Directory in a Server?
8. What is FSMO role? (Or what are Single Master Operations / Flexible Single

Master Operations / Operations Master Role / SMO / OMR?)

9. Explain Infrastructure Master Role. What will be the impact if DC with

Infrastructure Master Role goes down?

10. What are the two forest specific FSMO roles?
11. Which FSMO role directly impacting the consistency of Group Policy?
12. I want to promote a new additional Domain Controller in an existing domain.

Which are the groups I should be a member of?

Ans. You should be a member of Enterprise Admins group or the Domain Admins
group. Also you should be member of local Administrators group of the member
server which you are going to promote as additional Domain Controller.
13. Tell me one easiest way to check all the 5 FSMO roles.

Ans. Netdom query fsmo

14. Can I configure two RID masters in a domain?

Ans. No, there should be only one Domain Controller handling RID master role in a
Domain
15. Can I configure two Infrastructure Master Role in a forest? If yes, please

explain.
Ans. There should be only one Domain Controller handling Infrastructure master
role in a domain. Hence if you have two domains in a forest, you can configure
two Infrastructure masters, one in each domain.
16. What will be the impact on the network if Domain Controller with PDC

Emulator crashes?

17. What are the physical components of Active Directory?

18. What are the logical components of Active Directory?
19. What are the Active Directory Partitions? (Or what are Active Directory

Naming Contexts? Or what is AD NC?)

20. What is group nesting?
21. Explain Group Types and Group Scopes?
22. What is the feature of Domain Local Group?
23. How will you take Active Directory backup?
24. What are the Active Directory Restore types?
25. How is Authoritative Restore different from non-Authoritative Restore?
26. Explain me, how to restore Active Directory using command line?
27. Tell me few switches of NTDSUTIL command.
28. What is a tombstone? What is the tombstone lifetime period?
29. What do you understand by Garbage Collection? Explain.
30. What is Lost and Found Container?
31. Where can I locate Lost and Found Container?
32. Is Lost and Found Container included in Windows Server 2008 AD?
33. Have you ever installed Active Directory in a production environment?
34. Do we use clustering in Active Directory? Why?
35. What is Active Directory Recycle Bin?
36. What is RODC? Why do we configure RODC?
37. How do you check currently forest and domain functional levels? Say both

GUI and Command line.

38. Explain Knowledge Consistency Checker (KCC)

39. What are the tools used to check and troubleshoot replication of Active

Directory?
40. What is SYSVOL folder used for?
41. What is the use of Kerberos in Active Directory? Which port is used for

Kerberos communication?
42. Which version of Kerberos is used for Windows 2000/2003 and 2008 Active

Directory?
43. Please name few port numbers related to Active Directory.
44. What is an FQDN?
45. Tell me few DS commands and its usage.
46. Explain Active Directory tree and forest.
47. What are Intersite and Intrasite replication?
48. What is shortcut trust?
49. What is selective Authentication?
50. Give me brief explanation of different types of Active Directory trusts.
51. Have you heard of ADAC?
52. What is the use of ADSIEDIT? How do we install it in Windows Server 2003

AD?
53. I am unable to create a Universal Security group in my Active Directory?

What will be the possible reason?

54. What is ADMT? What is it used for?
55. What do you mean by Lingering Objects in AD? How to remove Lingering

Objects?
56. Explain Global Catalog. What kind of AD infrastructure makes most use of

Global Catalog?

57. Global Catalog and Infrastructure master roles cannot be configure in same

Domain Controller. Why?

58. How do you check all the GCs in the forest?
59. How many objects can be created in Active Directory? (both 2003 and 2008)
60. Can you explain the process between a user providing his Domain credential

to his workstation and the desktop being loaded? Or how the AD

authentication works?
61. What is LDAP?
62. Which is default location of Active Directory? What are the main files

related to AD?
63. In a large forest environment, why we dont configure all Domain

Controllers as GCs?
64. What is NETDOM command line tool used for?
65. What is role seizure? Who do we perform role seizure?
66. What is ISTG? What is role of ISTG in Active Directory?
67. Is it possible to find idle users who did not log in for last few months?
68. Tell me the order of GPO as it applied.
69. What are the uses of CSVDE and LDIFDE?
70. What are the differences between a user object and contact object?
71. What do you mean by Bridge Head server?
72. What is urgent replication?
73. Please explain Realm trust.
74. Explain object class and object attribute.
75. My organization wants to add new object attribute to the user object. How

do you achieve it?

76. What do you understand about GUID?

77. What is the command used for Domain Controller decommissioning?
78. Have you ever planned and implemented Active Directory infrastructure

anywhere? Tell me few considerations we have to take during the AD

planning.
79. Name few differences from Windows Server 2003 AD and Windows Server

2008 AD.
80. Which domain and forest functional level I will select if I am installing

Windows Server 2008 AD in an Existing environment where we have Windows

Server 2003 Domain Controllers?
81. What are the replication intervals for Intersite and intrasite replication? Is

there any change in 2003 and 2008?

82. I want to transfer RID master role to a new Domain Controller. What are the

steps I need to follow?

83. Tell me few uses of NTDSUTIL commands?
84. Name few services that directly impact the functionality of Domain

Controller.
85. You said there are 5 FSMO roles. Please explain what will be the impact on

the AD infra if each FSMO roles fails?

86. What

is Active Directory defragmentation?

defragmentation? And why do we do it?

How

do

you

do

AD

87. Tell me Different between online and offline defragmentation.

88. How do you uninstall active directory? What are the precautions we have to

take before removing active directory?

89. A user is unable to log into his desktop which is connected to a domain.

What are the troubleshooting steps you will consider?

90. A Domain Controller called ABC is failing replication with XYZ. How do you

troubleshoot the issue?

91. A user account is frequently being locked out. How do you investigate this

issue? What will be the possible solution suggest the user?

92. Imagine you are trying to add a Windows 7 computer to Active Directory

domain. But its showing an error Unable to find Domain Controller. How
will you handle this issue?
93. What are the services required for Active Directory replication?
94. What is Active Directory application partition? What are the uses of it?
95. Many users of a network are facing latency while trying to log into their

workstations. How do you investigate this problem?

96. Now, some questions related to Windows Server 2008 Active Directory. What

do you mean by IDA? What are the new components of Windows 2K8 Active
Directory?
97. I want to edit the Active Directory Schema. How can I bring Schema editor

into my MMC?
98. Name few Active Directory Built in groups
99. What are the differences between Enterprise Administrators and Domain

Administrators groups?
I have to create 1000 user objects in my Active Directory domain.
Who can I achieve that with least administrative effort? Tell me few tools
that I can use.

100.

101.

Difference between 2008 and 2012

Ans. IIs8, power shell3.0, direct access ,hyper v 3.0, server core (can be
change vice versa after installation)
GUI for Recycle Bin, UI for Fine-Grained Password Policies Also gaining a
GUI are fine-grained password policies.,, Active Directory Administrative Center
UI,, Windows PowerShell Cmdlets for Active Directory Replication and
Topology ,, Active Directory-Based Activation (ADBA) The good: ADBA
eliminates the need for a Key Management Service server,, ADPREP Integrated
into DC Promotion