12. Why not make all DCs in a large forest as GCs?

Windows admin interview questions (includes Vista)

Unless you have some really bad connections that may not be able to handle the extra traffic, you should make every DC a GC. In ANY single domain forest, it is recommended and beneficial to make all DCs GCs since it has no replication impact and serves to better distribute query load.

11. How do you view all the GCs in the forest?

Windows admin interview questions (includes Vista)


DSQUERY server can be used to locate global catalogs
To search the entire forest
dsquery server -forest -isgc
To locate global catalogs in your current (logon) domain
dsquery server –isgc.
To locate global catalogs in a specific domain
dsquery server -domain tech.cpandl.com -isgc
Here, you search for global catalog servers in the tech.cpandl.com domain.



You can also search for global catalog servers by site, but to do this, you must know the full site name, and cannot use wildcards. For example, if you wanted to find all the global catalog servers for Default-First-Site-Name, you would have to type
dsquery server –site Default-First-Site-Name.
The resulting output is a list of DNs for global catalogs, such as
"CN=CORPSVR02,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com"

10. What is the Global Catalog?

Windows admin interview questions (includes Vista)

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers

9. How do you view replication properties for AD partitions and DCs?

Windows admin interview questions (includes Vista)




Install Replication Monitor from Support tools, run from command line with "replmon" command, and add DC and it will show you all partitions that DC holds and all replication partners for each partition.

8. How do you create a new application partition

Windows admin interview questions (includes Vista)

You can create an application directory partition by using the create nc option in the domain management (partition management in windows 2008) menu of Ntdsutil. When creating an application directory partition using LDP or ADSI, provide a description in the description attribute of the domain DNS object that indicates the specific application that will use the partition. For example, if the application directory partition will be used to store data for a Microsoft accounting program, the description could be Microsoft accounting application. Ntdsutil does not facilitate the creation of a description.
To create or delete an application directory partition
The sample commands below were written for Windows Server 2008. If you're using Windows 2003, you don’t need to include the ACTIVE INSTANCE NTDS command, and you would use DOMAIN MANAGEMENT instead of PARTITION MANAGEMENT.
ntdsutil: activate instance ntds
Active instance set to "ntds".
ntdsutil: partition management
partition management: connections
Connected to \\server1.contoso.com using credentials of locally logged on user.
server connections: connect to server server1.contoso.com
Disconnecting from \\ server1.contoso.com...
Binding to server1.contoso.com ...
Connected to server1.contoso.com using credentials of locally logged on user.
server connections: quit
partition management: list
Note: Directory partition names with International/Unicode characters will only display correctly if appropriate fonts and language support are loaded Found 5 Naming Context(s)
0 - CN=Configuration,DC= contoso,DC=com
1 - CN=Schema,CN=Configuration,DC= contoso,DC=com
2 - DC=contoso,DC=com
3 - DC=DomainDnsZones,DC=contoso,DC=com
4 - DC=ForestDnsZones,DC=contoso,DC=com



partition management: create nc dc=app1,dc=contoso,dc=com
server1.contoso.com
adding object dc=app1,dc=contoso,dc=com
partition management: list
Note: Directory partition names with International/Unicode characters will only display correctly if appropriate fonts and language support are loaded Found 5 Naming Context(s)
0 - CN=Configuration,DC= contoso,DC=com
1 - CN=Schema,CN=Configuration,DC= contoso,DC=com
2 - DC=contoso,DC=com
3 - DC=DomainDnsZones,DC=contoso,DC=com
4 - DC=ForestDnsZones,DC=contoso,DC=com
5 - DC=app1,DC=contoso,DC=com
Create an application directory partition by using the DnsCmd command
Use the following syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
To create an application directory partition that is named CustomDNSPartition on a domain controller that is named DC-1, follow these steps:



1. Click Start, click Run, type cmd, and then click OK.
2. Type the following command, and then press ENTER: dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com
When the application directory partition has been successfully created, the following information appears:
DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed successfully.
Configure an additional domain controller DNS server to host the application directory partition
Configure an additional domain controller that is acting as a DNS server to host the new application directory partition that you created. To do this, use the following syntax with the DnsCmdcommand:
DnsCmd ServerName /EnlistDirectoryPartition FQDN of partition
To configure the example domain controller that is named DC-2 to host this custom application directory partition, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. Type the following command, and then press ENTER: dnscmd DC-2 /enlistdirectorypartition CustomDNSPartition.contoso.com
DNS Server DC-2 enlisted directory partition: CustomDNSPartition.contoso.com Command completed successfully.

7. What are application partitions? When do I use them

Windows admin interview questions (includes Vista)

An application directory partition is a directory partition that is replicated only to specific domain controllers. A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.



Application directory partitions are usually created by the applications that will use them to store and replicate data. TAPI is an example it. For testing and troubleshooting purposes, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool.
Application directory partitions can contain any type of object, except security principals. The data in it can be replicated to different domain controllers in a forest (for redundancy, availability, or fault tolerance).

6. Name the AD NCs and replication issues for each NC

Windows admin interview questions (includes Vista)

There are three predefined Naming Contexts (NC)
1. Domain Naming Context - One per domain. The domain naming context stores users, computers, groups, and other objects for that domain. All domain controllers that are joined to the domain share a full writeable copy of the domain directory partition. Additionally, all domain controllers in the forest that host the global catalog also host a partial read-only copy of every other domain naming context in the forest.



2. Configuration Naming Context - One per forest. It stores forest-wide configuration data that is required for the proper functioning of Active Directory as a directory service. Information that Active Directory uses to construct the directory tree hierarchy is also stored in the configuration directory partition, as is network-wide, service-specific information that applications use to connect to instances of services in the forest. Every domain controller has one fully writeable copy of the configuration directory partition.
3. Schema Naming Context - One per forest. The schema naming context contains the definitions of all objects that can be instantiated in Active Directory. It also stores the definitions of all attributes that can be a part of objects in Active Directory. Every domain controller has one fully writeable copy of the schema directory partition, although schema updates are allowed only on the domain controller that is the schema operations master.
You can also define your own naming context in Windows 2003 and later -- called Application Partitions. Replication issues are not specific to a naming context.