25. Name some OU design considerations.

25. Name some OU design considerations.

January 10, 2011
Windows admin interview questions (includes Vista)



OU design requires balancing requirements for delegating administrative rights - independent of Group Policy needs - and the need to scope the application of Group Policy. The following OU design recommendations address delegation and scope issues:
Applying Group Policy An OU is the lowest-level Active Directory container to which you can assign Group Policy settings.
Delegating administrative authority
usually don't go more than 3 OU levels
24. What tool would I use to try to grab security related packets from the wire?

24. What tool would I use to try to grab security related packets from the wire?

January 10, 2011
Windows admin interview questions (includes Vista)


you must use sniffer-detecting tools to help stop the snoops. ...
A good packet sniffer would be "ethereal"

22. How can you forcibly remove AD from a server, and what do you do later?

22. How can you forcibly remove AD from a server, and what do you do later?

January 10, 2011
Windows admin interview questions (includes Vista)

Demote the server using dcpromo /forceremoval, then remove the metadata from Active directory using ndtsutil. There is no way to get user passwords from AD that I am aware of, but you should still be able to change them.
Another way out too
Restart the DC is DSRM mode
a. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions
b. In the right-pane, double-click ProductType.
c. Type ServerNT in the Value data box, and then click OK.
Restart the server in normal mode
its a member server now but AD entries are still there. Promote teh server to a fake domain say ABC.com and then remove gracefully using DCpromo. Else after restart you can also use ntdsutil to do metadata as told in teh earlier post
23.  Can I get user passwords from the AD database?

23. Can I get user passwords from the AD database?

January 10, 2011
Windows admin interview questions (includes Vista)



The passwords in AD are not stored encrypted by default, so they cannot be decrypted. They are hashed. The only way to recover the data from a hash is with some sort of a hacking algorithm that attempts to crack the hash (such tools exist).
20. What are the requirements for installing AD on a new server?

20. What are the requirements for installing AD on a new server?

January 10, 2011
Windows admin interview questions (includes Vista)



An NTFS partition with enough free space (250MB minimum)
· An Administrator's username and password
· The correct operating system version
· A NIC
· Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)
· A network connection (to a hub or to another computer via a crossover cable)
· An operational DNS server (which can be installed on the DC itself)
· A Domain name that you want to use
· The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder)

From the Petri IT Knowledge base. For more info, follow this link:
21. What can you do to promote a server to DC if you’re in a remote location with slow WAN link?

21. What can you do to promote a server to DC if you’re in a remote location with slow WAN link?

January 10, 2011
Windows admin interview questions (includes Vista)


First available in Windows 2003, you will create a copy of the system state from an existing DC and copy it to the new remote server. Run "Dcpromo /adv". You will be prompted for the location of the system state files
18. What is the KCC?

18. What is the KCC?

January 10, 2011
Windows admin interview questions (includes Vista)



With in a Site, a Windows server 2003 service known as the KCC automatically generates a topology for replication among the domain controllers in the domain using a ring structure.Th Kcc is a built in process that runs on all domain controllers.
The KCC analyzes the replication topology within a site every 15 minute to ensure that it still works. If you add or remove a domain controller from the network or a site, the KCC reconfigures the topology to relect the change.

KCC is Knowledge Consistency Checker, which creates the connection object that links the DCs into common replication topology and dictates the replication routes between one DC to another in Active Directory forest.