16. What are sites? What are they used for?

16. What are sites? What are they used for?

December 24, 2010
Windows admin interview questions (includes Vista)


Sites in Active Directory represent the physical structure, or topology, of your network. Active Directory uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology. You use Active Directory Sites and Services to define sites and site links. A site is a set of well-connected subnets. Sites differ from domains; sites represent the physical structure of your network, while domains represent the logical structure of your organization.
Read More: http://technet.microsoft.com/en-us/library/cc782048%28WS.10%29.aspx
15. What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?

15. What is LDP? What is REPLMON? What is ADSIEDIT? What is NETDOM? What is REPADMIN?

December 24, 2010
Windows admin interview questions (includes Vista)


The Lightweight Directory Access Protocol, or LDAP is an application protocol for querying and modifying directory services running over TCP/IP.[1]
A directory is a set of objects with attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of names (either of persons or organizations) organized alphabetically, with each name having an address and phone number attached.


An LDAP directory tree often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain name system (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else that represents a given tree entry (or multiple entries).
Its current version is LDAPv3, which is specified in a series of Internet Engineering Task Force (IETF) Standard Track Requests for comments (RFCs) as detailed in RFC 4510.
LDAP means Light-Weight Directory Access Protocol. It determines how an object in an Active directory should be named. LDAP (Lightweight Directory Access Protocol) is a proposed open standard for accessing global or local directory services over a network and/or the Internet. A directory, in this sense, is very much like a phone book. LDAP can handle other information, but at present it is typically used to associate names with phone numbers and email addresses. LDAP directories are designed to support a high volume of queries, but the data stored in the directory does not change very often. It works on port no. 389. LDAP is sometimes known as X.500 Lite. X.500 is an international standard for directories and full-featured, but it is also complex, requiring a lot of computing resources and the full OSI stack. LDAP, in contrast, can run easily on a PC and over TCP/IP. LDAP can access X.500 directories but does not support every capability of X.500
What is REPLMON?

A: Replmon is the first tool you should use when troubleshooting Active Directory replication issues. As it is a graphical tool, replication issues are easy to see and somewhat easier to diagnose than using its command line counterparts. The purpose of this document is to guide you in how to use it, list some common replication errors and show some examples of when replication issues can stop other network installation actions.

for more go to http://www.techtutorials.net/articles/replmon_howto_a.html
What is ADSIEDIT?

A: ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool:
• ADSIEDIT.DLL
• ADSIEDIT.MSC
Regarding system requirements, a connection to an Active Directory environment and Microsoft Management Console (MMC) is necessary
What is NETDOM?
A: NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels
A:
Enables administrators to manage Active Directory domains and trust relationships from the command prompt.
Netdom is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use netdom, you must run the netdom command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
You can use netdom to:

Join a computer that runs Windows XP Professional or Windows Vista to a Windows Server 2008 or Windows Server 2003 or Windows 2000 or Windows NT 4.0 domain.
Provide an option to specify the organizational unit (OU) for the computer account.
Generate a random computer password for an initial Join operation.
Manage computer accounts for domain member workstations and member servers. Management operations include:
Add, Remove, Query.
An option to specify the OU for the computer account.
An option to move an existing computer account for a member workstation from one domain to another while maintaining the security descriptor on the computer account.
Establish one-way or two-way trust relationships between domains, including the following kinds of trust relationships:
From a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain to a Windows NT 4.0 domain.
From a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain to a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain in another enterprise.
Between two Windows 2000 or Windows Server 2003 or Windows Server 2008 domains in an enterprise (a shortcut trust).
The Windows Server 2008 or Windows Server 2003 or Windows 2000 Server half of an interoperable Kerberos protocol realm.
Verify or reset the secure channel for the following configurations:
Member workstations and servers.
Backup domain controllers (BDCs) in a Windows NT 4.0 domain.
Specific Windows Server 2008 or Windows Server 2003 or Windows 2000 replicas.
Manage trust relationships between domains, including the following operations:
Enumerate trust relationships (direct and indirect).
View and change some attributes on a trust.

Syntax
Netdom uses the following general syntaxes:

NetDom [] [{/d: | /domain:} ] []
NetDom help http://technet.microsoft.com/en-us/library/cc772217.aspx
14. What are the Support Tools? Why do I need them?

14. What are the Support Tools? Why do I need them?

December 24, 2010
The Windows 2003 support tools are a collection of resources with the aim of assisting administrators to simplify management tasks. These include: troubleshooting operating systems, configuring networking and security features, managing Active Directory, and automating application deployment. With the use of these tools, the user is able to pin-point problematic issues with the system and will therefore be able to find a solution more easily.


The Windows 2003 Support Tools consist of a number of command-line utilities, visual basic scripts, GUI based applications, and documents - all of which you must install from a separate application. The Support Tools are not automatically installed when you install Windows 2003; their installation isn’t an option in the Windows 2003 setup. The installation program is located on the CD-ROM in the \support\tools folder and the setup file (suptools.msi) must be opened manually to initiate the installation wizard. You can also download support tool fromhttp://www.microsoft.com/downloads/en/details.aspx?familyid=96A35011-FD83-419D-939B-9A772EA2DF90&displaylang=en
13. Trying to look at the Schema, how can I do that?

13. Trying to look at the Schema, how can I do that?

December 24, 2010
Windows admin interview questions (includes Vista)


Active Directory Schema Tools and Settings
When existing class and attribute definitions in the Active Directory schema do not meet the needs of your organization, you can use schema-based administrative tools to modify or add schema objects. You can modify an existing attribute or add a new class or attribute to the schema to store a new type of information in the directory. The process of modifying or updating the schema is often referred to as “extending the schema.” In addition to using schema tools to extend the schema, you can perform most schema extensions by using customized applications or Active Directory Service Interfaces (ADSI) scripts.
The following tools are associated with the Active Directory schema.
Adsiedit.exe: ADSI Edit
ADSI Edit is included when you install Support Tools for Windows Server 2003 and later.
ADSI Edit is a Microsoft Management Console (MMC) snap-in that uses ADSI, which uses the Lightweight Directory Access Protocol (LDAP). You can use ADSI Edit to view and modify directory objects in the Active Directory database. You can also use it to view schema directory partition objects and properties. When you open ADSI Edit, the Schema container is displayed by default. You can expand the container to view schema classes and attributes.
Csvde.exe: Csvde
Csvde is a command-line tool that ships with Windows Server 2003.
You can use Csvde.exe to export directory information to an Excel spreadsheet or to import data from a spreadsheet into Active Directory. You can use this format only for additions to the directory. Csvde.exe cannot be used to modify or delete objects.
Ldifde.exe: Ldifde
Ldifde is a command-line tool that ships with Windows Server 2003.
Active Directory supports the use of files that are formatted with the LDAP Data Interchange Format (LDIF) for importing and exporting information in the directory. This includes information that is stored in the schema, such as schema modifications. After an LDIF file is created, a tool such as Ldifde.exe performs the import operation by using the LDIF file for input. You can also use Ldifde.exe to add, modify, and delete directory objects; export Active Directory user and group information to other applications or services; and populate Active Directory with data from other directory services.



Schmmgmt.msc: The Active Directory Schema snap-in
The Active Directory Schema snap-in is an MMC snap-in in Administrative Tools that is installed automatically on all domain controllers running Windows Server 2003. However, you must register it manually before you use it for the first time. To register the Active Directory Schema snap-in, run Regsvr32 Schmmgmt.dll from the command prompt or from the Run command on the Start menu. Open MMC and add Active directory schema snap in.
ADSI and Visual Basic Scripts
Active Directory provides a set of interfaces that you can use programmatically to gain access to directory objects, including schema objects. ADSI conforms to the Component Object Model (COM), and it supports standard COM features. ADSI defines a directory service model and a set of COM interfaces that you can easily use with a variety of programming languages. With Microsoft Visual Basic, Scripting Edition and ADSI, you can write scripts to modify the directory in various ways, including extending the schema.
12. Why not make all DCs in a large forest as GCs?

12. Why not make all DCs in a large forest as GCs?

December 24, 2010
Windows admin interview questions (includes Vista)

Unless you have some really bad connections that may not be able to handle the extra traffic, you should make every DC a GC. In ANY single domain forest, it is recommended and beneficial to make all DCs GCs since it has no replication impact and serves to better distribute query load.



11. How do you view all the GCs in the forest?

11. How do you view all the GCs in the forest?

December 24, 2010
Windows admin interview questions (includes Vista)


DSQUERY server can be used to locate global catalogs
To search the entire forest
dsquery server -forest -isgc
To locate global catalogs in your current (logon) domain
dsquery server –isgc.
To locate global catalogs in a specific domain
dsquery server -domain tech.cpandl.com -isgc
Here, you search for global catalog servers in the tech.cpandl.com domain.



You can also search for global catalog servers by site, but to do this, you must know the full site name, and cannot use wildcards. For example, if you wanted to find all the global catalog servers for Default-First-Site-Name, you would have to type
dsquery server –site Default-First-Site-Name.
The resulting output is a list of DNs for global catalogs, such as
"CN=CORPSVR02,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=cpandl,DC=com"
10. What is the Global Catalog?

10. What is the Global Catalog?

December 24, 2010
Windows admin interview questions (includes Vista)

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers