Your Ad 

Tuesday, May 01, 2012

Windows systems admin Q&A

What is DHCP?
DHCP is Dynamic Host Configuration Protocol. This server can provide IP address configurations such as IP address, subnet mask, default gateway, WINS address, DNS address etc to its clients.

How does DHCP work?
DHCP server has a scope of IP addresses to be issued along with other IP configurations. When we bring up a DHCP client it sends out a broadcast request to find a DHCP server to get an IP address. The DHCP server acknowledges the request and provides the IP configuration to the client with a leasing period.

What is a DHCP reservations?
To dedicate an IP address for a client we can use DHCP reservations. Always this client will get the same IP address from the DHCP server. We would need to know the MAC address of the client to make a reservation.

What is an exclusion?
A range of IP addresses can be excluded from the DHCP server scope, so that those IP addresses can be given as static IP addresses for some servers. Excluded IP addresses won’t be issued to the DHCP clients.

What IS DNS? 
DNS is Domain Naming System. This server provides domain name to IP address naming resolution to its clients.

What is an A record?
A record in DNS server provides forward lookup or host name to IP address naming resolution.

What is an CName record?
CName record or canonical name record helps hostname to have aliases.

What is a PTR record?
PTR record or Pointer record in DNS server provides reverse lookup or IP address to host name naming resolution.

What is nslookup?
Nslookup is a command line utility to help us gather and troubleshoot DNS related information and issues.

What is DNS scavenging?
It’s a feature in DNS that deletes expired records based on their Timestamps.

What is Active Directory integrated zone?
If a DNS server has an Active Directory integrated zone, the DNS zone information will be stored in the Active directory database.

What is the basic advantage of using integrated zone?
The DNS database will be stored in the Active directory database. So the DNS replication will take place along with the AD replication.

What is dynamic DNS registration?
When we bring up a DNS client, it can go directly to the DNS server and register their name and IP address in the DNS database. So we need not create DNS records manually.

What is WINS?
WINS stand for Windows Internet Naming System, helps to resolve NetBIOS name to IP address naming resolution in Windows domain.

What is a Universal Group/Global Group/Local group?
Global Group – is to organize the users in to a group in AD.
Local Group – is to give access to the resources in AD.
We will have to make Global group as the member of local group, so that users can access the resources.
Universal group can be used if the users and resources are located in multiple domains.

What is the main advantage to using a Universal Group?
If the users and resources are located in multiple domains we need to use Universal Group, since it supports forest level scope and group nesting.

What is a global catalog?
Global catalog server is a domain controller in the Active Directory domain which will keep at least some information about all the objects in the forest.

What are the 5 Flexible Single Master Operations roles and what do they do?
Schema master – Controls any changes made in the schema.
Domain naming master- Controls adding and removing domains.
RID master – Controls issuing of unique Relative Identifier number for the domain controllers in the domain.
PDC emulator – Acts as a Primary domain controller for pre-Windows 2000 machines. Also handles time synchronization in the domain and changes in the GPOs.
Infrastructure master- Helps to update groups and its membership information between domains.

PDC  Emulator FSMO role – name the 3 functions it does
1.            Time synchronization.
2.            Creating or editing of GPOs is handled by this server.
3.            Password changes and account lockouts are handled by this server.

Which of the FSMO roles are forest wide/which are domain wide?
Schema master and Domain naming master are forest wide.
RID master, PDC emulator and Infrastructure master are domain wide.

What is a Site and when should you define one in Active directory (ie. basic criteria for establishing one)
Well connected IP subnets are called as sites. If there is a thin link between two locations we should consider them as two different sites in AD.

What is a bridgehead server?
In a multi site environment, Bridgehead servers on each site, handles the replication between two different sites.

What is the Intersite Topology Site Generator?
Every site has a domain controller which acts as an “Intersite Topology Site Generator “which helps to create connection objects between intersite domain controllers for active directory replication.

What is Group Policy and how can it be applied in Active Directory?
Group policy is some set of rules and configuration settings to restrict users working environment.
When these policies are applied, registry settings will be modified in the user level or computer level.
GPOs can be applied in Site, domain or OU level in Active Directory.

What is Group Policy order of precedence?
Group policy applied in the following order:
Local policy
Site Policy
Domain policy
OU policy

What is Group Policy inheritance?
Group policies applied in the top level container can flow down in the of AD hierarchy.
For example a GPO applied in the domain level will be inherited by the OUs in the domain and to its child OUs.

What is No Override?
“No Override” Group policies cannot be blocked by the “Block inheritance” option in AD.
If you want a policy to be applied in the entire tree structure, you need to use this option.

What is block inheritance?
If you prefer a policy to be not getting applied on an OU through inheritance, you can choose this “Block inheritance” option.

How can you apply group policy to only ½ the objects in an OU vs. all of them?
A policy will get applied only if the objects are having Read and Apply group policy permissions.
Taking off these permissions will help the objects not to get applied.

What is Group Policy loopback processing?
If you want the user settings should be determined by the computer accounts policy rather than the user accounts policy, we need to consider using loopback processing.

Why would you need or use Group policy loopback processing?
In some situations like kiosks, we need the machine policy to get applied regardless of which user logging in. In those situations we would use loopback processing.

What are the two types of group policies you can apply to an object?
There are “Local group policy” and “Domain group policy”
These policies are having two section in them “Computer configuration” and “User configuration”

What are some tools you can use to troubleshoot Group Policy that wasn’t applying properly to an object or in conflict?
Gpresult.exe command line tool.
Rsop MMC snap in.

How long does replication take within a site and intersite?     
Within a site – every 15 seconds.
Between sites – every 180 minutes.

How would you restore an object or OU in active directory?
To restore an object or OU we should have already taken “System state data” backup.
If we have the backup, we need to do the Authoritative restore by rebooting the domain controller in “Directory service restore mode”. We will use ntdsutil command to restore the objects.