23. Can I get user passwords from the AD database?

Windows admin interview questions (includes Vista) The passwords in AD are not stored encrypted by default, so they cannot be decrypted. They are hashed. The only way to recover the data from a hash is with some sort of a hacking algorithm that attempts to crack the hash (such tools exis...

22. How can you forcibly remove AD from a server, and what do you do later?

Windows admin interview questions (includes Vista) Demote the server using dcpromo /forceremoval, then remove the metadata from Active directory using ndtsutil. There is no way to get user passwords from AD that I am aware of, but you should still be able to change them.Another way out tooRestart the DC is DSRM modea. Locate the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptionsb....

21. What can you do to promote a server to DC if you’re in a remote location with slow WAN link?

Windows admin interview questions (includes Vista) First available in Windows 2003, you will create a copy of the system state from an existing DC and copy it to the new remote server. Run "Dcpromo /adv". You will be prompted for the location of the system state fi...

20. What are the requirements for installing AD on a new server?

Windows admin interview questions (includes Vista) An NTFS partition with enough free space (250MB minimum) · An Administrator's username and password· The correct operating system version· A NIC· Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)· A network connection (to a hub or to another computer via...

19. What is the ISTG? Who has that role by default?

Windows admin interview questions (includes Vista) Intersite Topology Generator (ISTG), which is responsible for the connections among the sites. By default Windows 2003 Forest level functionality has this role.  By Default the first Server has this role. If that server can no longer preform this role then the next server with the highest GUID then takes...

18. What is the KCC?

Windows admin interview questions (includes Vista) With in a Site, a Windows server 2003 service known as the KCC automatically generates a topology for replication among the domain controllers in the domain using a ring structure.Th Kcc is a built in process that runs on all domain controllers. The KCC analyzes the replication topology within a site every 15 minute...

17. What’s the difference between a site link’s schedule and interval?

Windows admin interview questions (includes Vista) Any time two networks are separated by links that are heavily used during parts of the day and are idle during other parts of the day, put those networks into separate sites. You can use the ability to schedule replication between sites to prevent replication traffic from competing with other traffic during high usage hours. In...

16. What are sites? What are they used for?

Windows admin interview questions (includes Vista) Sites in Active Directory represent the physical structure, or topology, of your network. Active Directory uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology. You use Active Directory Sites and Services to define sites and site links. A site is a...

15. What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?

Windows admin interview questions (includes Vista) The Lightweight Directory Access Protocol, or LDAP is an application protocol for querying and modifying directory services running over TCP/IP.[1] A directory is a set of objects with attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of...

14. What are the Support Tools? Why do I need them?

The Windows 2003 support tools are a collection of resources with the aim of assisting administrators to simplify management tasks. These include: troubleshooting operating systems, configuring networking and security features, managing Active Directory, and automating application deployment. With the use of these tools, the user is able to pin-point problematic issues with the...

13. Trying to look at the Schema, how can I do that?

Windows admin interview questions (includes Vista) Active Directory Schema Tools and Settings When existing class and attribute definitions in the Active Directory schema do not meet the needs of your organization, you can use schema-based administrative tools to modify or add schema objects. You can modify an existing attribute or add a new class or attribute to the schema to...

12. Why not make all DCs in a large forest as GCs?

Windows admin interview questions (includes Vista) Unless you have some really bad connections that may not be able to handle the extra traffic, you should make every DC a GC. In ANY single domain forest, it is recommended and beneficial to make all DCs GCs since it has no replication impact and serves to better distribute query load. ...

11. How do you view all the GCs in the forest?

Windows admin interview questions (includes Vista) DSQUERY server can be used to locate global catalogs To search the entire forest dsquery server -forest -isgc To locate global catalogs in your current (logon) domain dsquery server –isgc. To locate global catalogs in a specific domain dsquery server -domain tech.cpandl.com -isgc Here, you search for global catalog servers in...

10. What is the Global Catalog?

Windows admin interview questions (includes Vista) The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through...

9. How do you view replication properties for AD partitions and DCs?

Windows admin interview questions (includes Vista) Install Replication Monitor from Support tools, run from command line with "replmon" command, and add DC and it will show you all partitions that DC holds and all replication partners for each partiti...

8. How do you create a new application partition

Windows admin interview questions (includes Vista) You can create an application directory partition by using the create nc option in the domain management (partition management in windows 2008) menu of Ntdsutil. When creating an application directory partition using LDP or ADSI, provide a description in the description attribute of the domain DNS object that indicates the specific...

7. What are application partitions? When do I use them

Windows admin interview questions (includes Vista) An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of...

6. Name the AD NCs and replication issues for each NC

Windows admin interview questions (includes Vista) There are three predefined Naming Contexts (NC) 1. Domain Naming Context - One per domain. The domain naming context stores users, computers, groups, and other objects for that domain. All domain controllers that are joined to the domain share a full writeable copy of the domain directory partition. Additionally, all domain controllers...

5.What is the SYSVOL folder?

Windows admin interview questions (includes Vista) System Volume (SYSVOL) is a shared directory that stores the server copy of the domain public files (Policies and scripts) that must be shared for common access and replication throughout a domain. It must be located in NTFS volume (because junctions are used within the SYSVOL folder structure) ...

4.Where is the AD database held? What other folders are related to AD?

Windows admin interview questions (includes Vista) The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. Main database file for active directory is ntds.dit. Along with this file there are other files also present in this folder. These files are created when you run dcpromo. These are the main files controlling the AD structure  ntds.dit: This is the main database...

3. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.

Windows admin interview questions (includes Vista) Active Directory is a LDAP compatible directory service and supported by various third party applications like Novell DirXML, and Atlassian Crowd. Microsoft Identity Integration Server (MIIS) is one of the options you can use to act as an intermediary between two directories (including directories used by SAP, Domino, etc). MIIS...

2 Windows admin interview questions (includes Vista)

2. What is LDAP? LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server. Every email program has a personal address book, but how do you look up an address for someone who's never sent you email? How can an organization keep one centralized up-to-date phone book that everybody has access to? That...