7. What are application partitions? When do I use them

7. What are application partitions? When do I use them

December 23, 2010
Windows admin interview questions (includes Vista)

An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.



Application directory partitions are usually created by the applications that will use them to store and replicate data. TAPI is an example it. For testing and troubleshooting purposes, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool.
Application directory partitions can contain any type of object, except security principals. The data in it can be replicated to different domain controllers in a forest (for redundancy, availability, or fault tolerance).
6. Name the AD NCs and replication issues for each NC

6. Name the AD NCs and replication issues for each NC

December 23, 2010
Windows admin interview questions (includes Vista)

There are three predefined Naming Contexts (NC)
1. Domain Naming Context - One per domain. The domain naming context stores users, computers, groups, and other objects for that domain. All domain controllers that are joined to the domain share a full writeable copy of the domain directory partition. Additionally, all domain controllers in the forest that host the global catalog also host a partial read-only copy of every other domain naming context in the forest.



2. Configuration Naming Context - One per forest. It stores forest-wide configuration data that is required for the proper functioning of Active Directory as a directory service. Information that Active Directory uses to construct the directory tree hierarchy is also stored in the configuration directory partition, as is network-wide, service-specific information that applications use to connect to instances of services in the forest. Every domain controller has one fully writeable copy of the configuration directory partition.
3. Schema Naming Context - One per forest. The schema naming context contains the definitions of all objects that can be instantiated in Active Directory. It also stores the definitions of all attributes that can be a part of objects in Active Directory. Every domain controller has one fully writeable copy of the schema directory partition, although schema updates are allowed only on the domain controller that is the schema operations master.
You can also define your own naming context in Windows 2003 and later -- called Application Partitions. Replication issues are not specific to a naming context.
5.What is the SYSVOL folder?

5.What is the SYSVOL folder?

December 23, 2010
Windows admin interview questions (includes Vista)

System Volume (SYSVOL) is a shared directory that stores the server copy of the domain public files (Policies and scripts) that must be shared for common access and replication throughout a domain. It must be located in NTFS volume (because junctions are used within the SYSVOL folder structure)

4.Where is the AD database held? What other folders are related to AD?

4.Where is the AD database held? What other folders are related to AD?

December 23, 2010
Windows admin interview questions (includes Vista)

The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. Main database file for active directory is ntds.dit. Along with this file there are other files also present in this folder. These files are created when you run dcpromo. These are the main files controlling the AD structure
 ntds.dit: This is the main database file for active directory.
 edb.log: Transaction performed to ad stored in this file.
 res1.log: Used as reserve space in the case when drive had low space.
 res2.log: Same as res1.log.
 edb.chk: This file records the transactions committed to ad database.



When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down; all transactions are saved to the database.
During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file. Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD will use the edb.log file to update the AD database.
The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\NTDS, along with the other files we've discussed
3. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.

3. Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.

December 23, 2010
Windows admin interview questions (includes Vista)

Active Directory is a LDAP compatible directory service and supported by various third party applications like Novell DirXML, and Atlassian Crowd.
Microsoft Identity Integration Server (MIIS) is one of the options you can use to act as an intermediary between two directories (including directories used by SAP, Domino, etc).



MIIS manages information by retrieving identity information from the connected data sources and storing the information in the connector space as connector space objects or CSEntry objects. The CSEntry objects are then mapped to entries in the metaverse called metaverse objects or MVEntry objects. This architecture allows data from dissimilar connected data sources to be mapped to the same MVEntry object. All back-end data is stored in Microsoft SQL Server.
Versions
 Zoomit Via (pre 1999)
 Microsoft Metadirectory Server [MMS] (1999–2003)
 Microsoft Identity Integration Server 2003 Enterprise Edition [MIIS] (2003-2009)
 Microsoft Identity Integration Server 2003 Feature Pack [IIFP] (2003-2009)
 Microsoft Identity Lifecycle Manager Server 2007 ILM (2007-2010)
 Microsoft Forefront Identity Manager 2010 FIM [CR0] (Current)

Supported Data Sources
MIIS 2003, Enterprise Edition, includes support for a wide variety of identity repositories including the following.
 Network operating systems and directory services: Microsoft Windows NT, Active Directory, Active Directory Application Mode, IBM Directory Server, Novell eDirectory, Resource Access Control Facility (RACF), SunONE/iPlanet Directory, X.500 systems and other network directory products
 E-mail: Lotus Notes and IBM Lotus Domino, Microsoft Exchange 5.5, 2000, 2003, 2007
 Application: PeopleSoft, SAP AG products, ERP1, telephone switches PBX, XML- and Directory Service Markup Language DSML-based systems
 Database: Microsoft SQL Server, Oracle RDBMS, IBM Informix, dBase, IBM DB2
 File-based: DSMLv2, LDIF, Comma-separated values CSV, delimited, fixed width, attribute value pairs

Yes. Microsoft Identity Integration Server (MIIS) is used to connect Active Directory to other 3rd-party Directory Services (including directories used by SAP, Domino, etc).

Yes We can Connect, by using dirxml and LDAP
2 Windows admin interview questions (includes Vista)

2 Windows admin interview questions (includes Vista)

December 23, 2010
2. What is LDAP?
LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server.
Every email program has a personal address book, but how do you look up an address for someone who's never sent you email? How can an organization keep one centralized up-to-date phone book that everybody has access to?
That question led software companies such as Microsoft, IBM, Lotus, and Netscape to support a standard called LDAP. "LDAP-aware" client programs can ask LDAP servers to look up entries in a wide variety of ways. LDAP servers index all the data in their entries, and "filters" may be used to select just the person or group you want, and return just the information you want. For example, here's an LDAP search translated into plain English: "Search for all people located in Chicago whose name contains "Fred" that have an email address. Please return their full name, email, title, and description."



LDAP is not limited to contact information, or even information about people. LDAP is used to look up encryption certificates, pointers to printers and other services on a network, and provide "single signon" where one password for a user is shared between many services. LDAP is appropriate for any kind of directory-like information, where fast lookups and less-frequent updates are the norm.
As a protocol, LDAP does not define how programs work on either the client or server side. It defines the "language" used for client programs to talk to servers (and servers to servers, too). On the client side, a client may be an email program, a printer browser, or an address book. The server may speak only LDAP, or have other methods of sending and receiving data—LDAP may just be an add-on method.
If you have an email program (as opposed to web-based email), it probably supports LDAP. Most LDAP clients can only read from a server. Search abilities of clients (as seen in email programs) vary widely. A few can write or update information, but LDAP does not include security or encryption, so updates usually requre additional protection such as an encrypted SSL connection to the LDAP server.
LDAP also defines: Permissions, set by the administrator to allow only certain people to access the LDAP database, and optionally keep certain data private. Schema: a way to describe the format and attributes of data in the server. For example: a schema entered in an LDAP server might define a "groovyPerson" entry type, which has attributes of "instantMessageAddress", and "coffeeRoastPreference". The normal attributes of name, email address, etc., would be inherited from one of the standard schemas, which are rooted in X.500 (see below).
LDAP was designed at the University of Michigan to adapt a complex enterprise directory system (called X.500) to the modern Internet. X.500 is too complex to support on desktops and over the Internet, so LDAP was created to provide this service "for the rest of us."
LDAP servers exist at three levels: There are big public servers, large organizational servers at universities and corporations, and smaller LDAP servers for workgroups. Most public servers from around year 2000 have disappeared, although directory.verisign.com exists for looking up X.509 certificates. The idea of publicly listing your email address for the world to see, of course, has been crushed by spam.
While LDAP didn't bring us the worldwide email address book, it continues to be a popular standard for communicating record-based, directory-like data between programs.
1 Windows admin interview questions (includes Vista)

1 Windows admin interview questions (includes Vista)

December 23, 2010
1. What is Active Directory?
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains.



A central component of the Windows platform, Active Directory directory service provides the means to manage the identities and relationships that make up network environments. Windows Server 2003 makes Active Directory simpler to manage, easing migration and deployment.