Active Directory Page 12


>How will you take Active Directory backup ?

Active Directory is backed up along with System State data. System state data includes Local registry, COM+, Boot files, NTDS.DIT and SYSVOL folder. System state can be backed up either using Microsoft’s default NTBACKUP tool or third party tools such as Symantech NetBackup, IBM Tivoli Storage Manager etc.

> Do we use clustering in Active Directory ? Why ?

No one installs Active Directory in a cluster. There is no need of clustering a domain controller. Because Active Directory provides total redundancy with two or more servers.

> What is Active Directory Recycle Bin ?

Active Directory Recycle bin is  a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backed up AD database, rebooting domain controller or restarting any services.

> How do you check currently forest and domain functional levels? Say both GUI and Command line.

To find out forest and domain functional levels in GUI mode, open ADUC, right click on the domain name and take properties. Both domain and forest functional levels will be listed there. TO find out forest and domain functional levels, you can use DSQUERY command.

> Which version of Kerberos is used for Windows 2000/2003 and 2008 Active Directory ?

All versions of Windows Server Active Directory use Kerberos 5.

> Name few port numbers related to Active Directory ?

Kerberos 88, LDAP 389, DNS 53, SMB 445

> What is an FQDN ?

FQDN can be expanded as Fully Qualified Domain Name.It is a hierarchy of a domain name system which points to a device in the domain at its left most end. For example in system.

> Have you heard of ADAC ?

ADAC- Active Directory Administrative Center is a new GUI tool came with Windows Server 2008 R2, which provides enhanced data management experience to the admin. ADAC helps administrators to perform common Active Directory object management task across multiple domains with the same ADAC instance.

> How many objects can be created in Active Directory? (both 2003 and 2008)

As per Microsoft, a single AD domain controller can create around 2.15 billion objects during its lifetime.

> Explain the process between a user providing his Domain credential to his workstation and the desktop being loaded? Or how the AD authentication works ?

When a user enters a user name and password, the computer sends the user name to the KDC. The KDC contains a master database of unique long term keys for every principal in its realm. The KDC looks up the user’s master key (KA), which is based on the user’s password. The KDC then creates two items: a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expiration time. The KDC encrypts this ticket by using its own master key (KKDC), which only the KDC knows. The client computer receives the information from the KDC and runs the user’s password through a one-way hashing function, which converts the password into the user’s KA. The client computer now has a session key and a TGT so that it can securely communicate with the KDC. The client is now authenticated to the domain and is ready to access other resources in the domain by using the Kerberos protocol.

                                                                        Previous Questions               Next Questions

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>