1. Explain what is apipa?

APIPA-Automatic Private IP Addressing
in case of dhcp server if not found then the apipa assigns ip address automatically for the client with the already configured ip addresses ranges from 169.254.0.1-169.254.255.254. it searchs for dhcp server automatically after every 5 mins, if found then it replaces the dhcp dynamic address.

2. What is SOA Record?

Start Of Authority(SOA) Records indicate that NameServer is authoritative server for the domain.

3. What is Exclusion Range in DHCP Server?

Exclusion Range is used to reserve a bank of ip addresses so computer that require only static ip address such as DNS servers, legacy printers can use reserved assigned addresses .These are not assigned by DHCP server.

4. What is Virtual Directory in IIS?

A virtual server can have one home directory and any number of other publishing directories. These other publishing directories are referred to as virtual directories.

5. Specify the Port Number for AD, DNS, DHCP, HTTP, HTTPS, SMTP, POP3 & FTP?

AD- uses LDAP Udp 389 and
UDP 135,
DNS- 53,
DHCP-67,68,
HTTP-80,
HTTPS-,SMTP-25,
POP3-110 &
FTP-20,21.

6. Explain the functionality of FTP Server?

The FTP server is to accept incoming FTP requests. Copy or move the files that you want to make available to the FTP publishing folder for access. The default folder is drive:InetpubFtproot, where drive is the drive on which IIS is installed
In the client-server model, a file server is a computer responsible for the central storage and management of data files so that other computers on the same network can access the files. A file server allows users to share information over a network without having to physically transfer files by floppy diskette or some other external storage device.

7. Explain how to publish printer through AD?

The group policy setting ‘Automatically publish new printers in AD' when disabled, prevents the Add Printer Wizard from automatically publishing shared printers. In addition, Group policy setting ‘Allow printers to be published' should be enabled(default) for printers to be published on that computers.

8. Explain Backup Methodology?

The different types of backup methodologies are:

► Normal Backup:-This is default backup in which all files are backed up even if it was backed up before.
► Incremental Backup:-In this type of backup only the files that haven't been backed up are taken care of or backed up.
► Differential Backup:-This backup is similar to incremental backup because it does not take backup of those files backed up by normal
backup but different from incremental because it will take backup of differentially backed up files at next time of differential backup.
► Copy Backup:-This type of backup is which is used during system state backup and asr backup. It is used in special conditions only.
► Daily Backup:-This type of backup takes backup of only those files that are created on that particular day.
► System Backup:-This type of backup takes backup of files namely, Boot file, COM+Class Registry, Registry. But in server it takes
backup of ads.
► ASR Backup:-This type of backup takes backup of entire boot partition including OS and user data. This should be the last
troubleshooting method to recover an os from disaster.

9. What is Quotas?

Disk Quota is a feature or service of NTFS which helps to restrict or manage the disk usage from the normal user. It can be implemented per user user per volume basis.By default it is disabled. Administrative privilege is required to perform the task. In 2003server we can control only drive but in 2008server we can establish quota in folder level.

10. How will map a folder through AD?

Navigate domain user properties->give path in profile tab in the format servernamesharename.

Download Interview PDF

11. What can you do to promote a server to DC?

Start->Run->DCPROMO

12. How can you restrict running certain applications on a machine?

The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor are used to restrict running certain applications on a machine. For Windows XP computers that are not participating in a domain, you can use the Local Security Settings snap-in to access Software Restriction Policies.

13. What is SYSVOL folder?

The sysvol folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume

14. What is the entire problem if DNS Server fails?

If your DNS server fails, you can't resolve host names. You can't resolve domain controller IP Address.

15. How can you forcibly remove AD from a server?

In run use the command ->dcpromo /forceremoval

16. How do you change the DS Restore admin password?

Microsoft Windows 2000 uses the Setpwd utility to reset the DS Restore Mode password. In Microsoft Windows Server 2003, that functionality has been integrated into the NTDSUTIL tool. Note that you cannot use the procedure if the target server is running in DSRM.

17. How do you backup & Restore AD?

You can backup Active Directory by using the NTBACKUP tool that comes built-in with Windows Server 2003. Backing up the Active Directory is done on one or more of your Active Directory domain Controllers, and is performed by backing up the System State on those servers. The System State contains the local Registry, COM+ Class Registration Database, the System Boot Files, certificates from Certificate Server (if it's installed), Cluster database (if it's installed), NTDS.DIT, and the SYSVOL folder. the tombstone is 60 days (Windows 2000/2003 DCs), or 180 days (Windows Server 2003 SP1 DCs).

You can use one of the three methods to restore Active Directory from backup media: Primary Restore, Normal Restore (i.e. Non Authoritative), and Authoritative Restore.

Primary Restore: This method rebuilds the first domain controller in a domain when there is no other way to rebuild the domain. Perform a primary restore only when all the domain controllers in the domain are lost, and you want to rebuild the domain from the backup. Members of the Administrators group can perform the primary restore on local computer. On a domain controller, only members of the Domain Admins group can perform this restore.

Normal Restore: This method reinstates the Active Directory data to the state before the backup, and then updates the data through the normal replication process. Perform a normal restore for a single domain controller to a previously known good state.

Authoritative Restore: You perform this method in tandem with a normal restore. An authoritative restore marks specific data as current and prevents the replication from overwriting that data. The authoritative data is then replicated through the domain. Perform an authoritative restore for individual object in a domain that has multiple domain controllers. When you perform an authoritative restore, you lose all changes to the restore object that occurred after the backup. You need to use the NTDSUTIL command line utility to perform an authoritative restore. You need to use it in order to mark Active Directory objects as authoritative, so that they receive a higher version recently changed data on other domain controllers does not overwrite System State data during replication.

18. Name 3 benefits of using AD-integrated zones?

1. We can give easy name resolution to your clients.
2. By creating AD- integrated zone you can also trace hacker and spammer by creating reverse zone.
3. AD integrated zoned all for incremental zone transfers which on transfer changes and not the entire zone. This reduces zone transfer traffic.
4. AD Integrated zones support both secure and dynamic updates.
5. AD integrated zones are stored as part of the active directory and support domain-wide or forest-wide replication through application partitions in AD.

19. How do I configure a client machine to use a specific IP Address?

Reservation using mac address in DHCP.

20. What ports are used by DHCP and the DHCP clients?

Requests are on UDP port 68, Server replies on UDP 67.

21. What is Hidden Share?

Using hidden shares on your network is useful if you do not want a shared folder or drive on the network to be easily accessible. Hidden shares can add another layer of protection for shared files against unauthorized people connecting to your network. Using hidden shares helps eliminate the chance for people to guess your password (or be logged into an authorized Windows account) and then receive access to the shared resource.

Windows automatically shares hard drives by default for administrative purposes. They are hidden shares named with the drive letter followed by a dollar sign (e.g., C$) and commented as Default Share. Thus, certain networking and administrator functions and applications can work properly. Not that preventing Windows from creating these hidden or administrative shares by default each time your computer boots up takes a registry change.

22. What is the default time for group policy refresh interval time?

The default refresh interval for policies is 90 minutes. The default refresh interval for domain controllers is 5 minutes. Group policy object's group policy refresh intervals may be changed in the group policy object.

23. Explain about Group Policy?

Group policies are used by administrators to configure and control user environment settings. Group Policy Objects (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs). Group policy may be blocked or set so it cannot be overridden. The default is for subobjects to inherit the policy of their parents. There is a maximum of 1000 applicable group policies.

24. Explain about AD Database?

Windows 2003 Active Directory data store, the actual database file, is %SystemRoot%ntdsNTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts. Active Directory's database engine is the Extensible Storage Engine ( ESE ) which is based on the Jet database used by Exchange 5.5 and WINS. The ESE has the capability to grow to 16 terabytes which would be large enough for 10 million objects.Only the Jet database can manipulate information within the AD datastore.

25. What is APIPA?

A Windows-based computer that is configured to use DHCP can automatically assign itself an Internet Protocol (IP) address if a DHCP server is not available or does not exist. The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.0-169.254.255.255 for Automatic Private IP Addressing(APIPA).

Download Interview PDF

26. How will backup DHCP Server?

The Backup directory in the %SystemRoot%System32DHCP folder contains backup information for the DHCP configuration and the DHCP database. By default, the DHCP database is backed up every 60 minutes automatically. To manually back up the DHCP database at any time, follow these steps:

1. In the DHCP console, right-click the server you want to back up, and then click Backup.

2. In the Browse For Folder dialog box, select the folder that will contain the backup DHCP database, and then click OK.

27. How will you backup DNS Server?

If you are using Active Directory-integrated DNS, then your DNS information is stored in Active Directory itself, and you'll need to back up the entire system state. If not, however, The Backup directory in the %SystemRoot%System32Dns folder contains backup information for the DNS configuration and the DNS database.

28. Explain about Group Scopes?

A DHCP scope is a valid range of IP addresses which are available for assignments or lease to client computers on a particular subnet. In a DHCP server, you configure a scope to determine the address pool of ip which the server can provide to DHCP clients.

Scopes determine which IP addresses are provided to the clients. Scopes should be defined and activated before DHCP clients use the DHCP server for its dynamic IP configuration. You can configure as many scopes on a DHCP server as is required in your network environment

29. What is the purpose of DHCP Server?

A DHCP server is the server that is responsible for assigning unique IP address to the computers on a network. No two computers (actually, no two network cards1 [even if two are in one computer]) can have the same IP address on a network at the same time or there will be conflicts. To that end, DHCP servers will take a request from a computer that has just been added (or is renewing) to the network and assign it a unique IP address that is available. These assignments typically only last for a limited time (an hour to a week usually) and so you are never guaranteed that the IP address for a particular computer will remain the same when using a DHCP (some DHCP servers allow you to specify that a computer gets the same address all the time however).

30. What is the Purpose of A and PTR Record?

A (Host) record is used to resolve name to ip address while PTR (pointer) record is used to resolve ip address to name.

31. Why DNS server is required for Active Directory?

The key reason for integrating DNS and AD is efficiency. This is particularly true where you have lots of replication traffic. You can't resolve host names. You can't find services, like a domain controller.

32. What is DNS Server?

Domain Name System (or Service or Server), a service that resolves domain names into IP addresses and vice versa. Because domain names are alphabetic, they're easier to remember.The Internet however, is really based on ip addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.example.com might translate to 198.105.232.4.

The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

33. Explain different edition of windows 2003 Server?

► Windows Server 2003, Web Edition :- is mainly for building and hosting Web applications, Web pages, and XML Web Services.
► Windows Server 2003, Standard Edition :- is aimed towards small to medium sized businesses. Flexible yet versatile, Standard Edition supports file and printer sharing, offers secure Internet connectivity, and allows centralized desktop application deployment
► Windows Server 2003, Enterprise Edition :- is aimed towards medium to large businesses. It is a full-function server operating system that supports up to eight processors and provides enterprise-class features such as eight-node clustering using Microsoft Cluster Server (MSCS) software and support for up to 32 GB of memory.
► Windows Server 2003, Datacenter Edition:- is the flagship of the Windows Server line and designed for immense infrastructures demanding high security and reliability.
► Windows Server 2003, Compute Cluster Edition:- is designed for working with the most difficult computing problems that would require high performance computing clusters.
► Windows Storage Server 2003:- is optimised to provide dedicated file and print sharing services. It is only available through OEMs when purchased pre-configured with network attached storage devices.

34. What is OU? Explain its Uses?

An object is a set of attributes that represents a network resource, say a user, a computer, a group policy, etc and object attributes are characteristics of that object stored in the directory. Organizational units act as a container for objects. Objects can be arranged according to security and administrative requirement in an organization. You can easily manage and locate objects after arranging them into organizational units. Administrator can delegate the authority to manage different organizational units and it can be nested to other organizational units. Create an OU if you want to:
► Create a company's structure and organization within a domain - Without OUs, all users are maintained and
displayed in a single list, the Users container, regardless of a user's department, location, or role.
► Delegate administrative control - Grant administrative permissions to users or groups of users at the OU level.
► Accommodate potential changes in a company's organizational structure - Users can easily be reorganized between
OUs, while reorganizing users between domains generally requires more time and effort.
► Group objects with similar network resources - This way it is easy to perform any administrative tasks. For example,
all user accounts for temporary employees can be grouped in an OU.

► Restrict visibility - Users can view only the objects for which they have access.

35. What is the purpose of sysvol?

The sysvol folder stores the servers copy of the domains public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.

36. How will you restrict user logon timing in domain?

Start->dsa.msc->double click on users->right click on any users->properties->click on account->click on logon hours->logon denied->select time (by dragging mouse)->click on logon permission->ok.

37. How will assign Local Administrator rights for domain user?

To assign a domain user with local administrative right in any client of domain we should log in to the respected client system then, Start->control panel->user accounts->give username, password and name of domain->add->advanced->locations->find now->select others(in that select administrator user)->ok->next->ok.

38. What is the different between Workgroup and Domain?

A workgroup is an interconnection of a number of systems that share resources such as files &printers without a dedicated server .Each workgroup maintains a local database for user accounts, security etc. A domain, on the otherhand is an interconnection of systems that share resources with one or more dedicated server, which can be used to control security and permissions for all users in the domain. Domain maintains a centralized database and hence a centralized management of user accounts, policies etc are established. If you have a user account on domain then you can log on to any system without user account on that particular system.

39. What languages can you use for log-on scripts?

JavaScipt,
VBScript,
DOS batch files
(.com, .bat, or even .exe)

40. Where are the settings for all the users stored on a given machine?

Document and SettingsAll Users

Download Interview PDF

41. Where are the documents and settings for the roaming profile stored?

All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is.

42. What remote access options does Windows Server 2003 support?

Dial-in,
VPN,
dial-in with callback.

43. Anything special you should do when adding a user that has a Mac?

"Save password as encrypted clear text" must be selected on User Properties Account Tab Options, since the Macs only store their passwords that way.

44. What do you do with secure sign-ons in an organization with many roaming users?

Credential Management feature of Windows Server 2003 provides a consistent single sign-on experience for users. This can be useful for roaming users who move between computer systems. The Credential Management feature provides a secure store of user credentials that includes passwords and X.509 certificates.

45. If I delete a user and then create a new account with the same username and password, would the SID and permissions stay the same?

No.
If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different.

46. How is user account security established in Windows Server 2003?

When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID. The user and related group SIDs together form the user account's security token, which determines access levels to objects throughout the system and network.
SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access.

47. What is Global Catalog?

The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.

48. How do you delete a lingering object?

Windows Server 2003 provides a command called Repadmin that provides the ability to delete lingering objects in the Active Directory.

49. What types of classes exist in Windows Server 2003 Active Directory?

Structural class:
The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes.

Abstract class:
Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects.

Auxiliary class:
The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action.

88 class:
The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments.

50. What snap-in administrative tools are available for Active Directory?

Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak)

51. How can you authenticate between forests?

Four types of authentication are used across forests:

(1) Kerberos and NTLM network logon for remote access to a server in another forest;
(2) Kerberos and NTLM interactive logon for physical logon outside the user's home forest;
(3) Kerberos delegation to N-tier application in another forest; and
(4) user principal name (UPN) credentials.

52. When should you create a forest?

Organizations that operate on radically different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions.

53. What is new in Windows Server 2003 regarding the DNS management?

When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.

54. How long does it take for security changes to be replicated among the domain controllers?

Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).

55. Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003?

The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.

Download Interview PDF

56. What is Active Directory?

Active Directory is a network-based object store and service that locates and manages resources, and makes these resources available to authorized users and groups. An underlying principle of the Active Directory is that everything is considered an object-people, servers, workstations, printers, documents, and devices. Each object has certain attributes and its own security access control list (ACL).

57. What are the Windows Server 2003 keyboard shortcuts?

Winkey opens or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.

58. How do you get to Internet Firewall settings?

Start -> Control Panel -> Network and Internet Connections -> Network Connections.

59. If you uninstall Windows Server 2003, which operating systems can you revert to?

Win ME,
Win 98,
2000,
XP.
Note, however, that you cannot upgrade from ME and 98 to Windows Server 2003.

60. What do you do if earlier application does not run on Windows Server 2003?

When an application that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later malfunctions, you must run the compatibility mode function. This is accomplished by right-clicking the application or setup program and selecting Properties -> Compatibility -> selecting the previously supported operating system.

61. How do you double-boot a Win 2003 server box?

The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab and select Startup.