What is DHCP?
DHCP is Dynamic Host Configuration Protocol. This server can
provide IP address configurations such as IP address, subnet mask, default
gateway, WINS address, DNS address etc to its clients.
How does DHCP work?
DHCP server has a scope of IP addresses to be issued along
with other IP configurations. When we bring up a DHCP client it sends out a
broadcast request to find a DHCP server to get an IP address. The DHCP server
acknowledges the request and provides the IP configuration to the client with a
leasing period.
What is a DHCP reservations?
To dedicate an IP address for a client we can use DHCP
reservations. Always this client will get the same IP address from the DHCP
server. We would need to know the MAC address of the client to make a reservation.
What is an exclusion?
A range of IP addresses can be excluded from the DHCP server
scope, so that those IP addresses can be given as static IP addresses for some
servers. Excluded IP addresses won’t be issued to the DHCP clients.
What IS DNS?
DNS is Domain Naming System. This server provides domain
name to IP address naming resolution to its clients.
What is an A record?
A record in DNS server provides forward lookup or host name
to IP address naming resolution.
What is an CName record?
CName record or canonical name record helps hostname to have
aliases.
What is a PTR record?
PTR record or Pointer record in DNS server provides reverse
lookup or IP address to host name naming resolution.
What is nslookup?
Nslookup is a command line utility to help us gather and
troubleshoot DNS related information and issues.
What is DNS scavenging?
It’s a feature in DNS that deletes expired records based on
their Timestamps.
What is Active Directory integrated zone?
If a DNS server has an Active Directory integrated zone, the
DNS zone information will be stored in the Active directory database.
What is the basic advantage of using integrated zone?
The DNS database will be stored in the Active directory
database. So the DNS replication will take place along with the AD replication.
What is dynamic DNS registration?
When we bring up a DNS client, it can go directly to the DNS
server and register their name and IP address in the DNS database. So we need
not create DNS records manually.
What is WINS?
WINS stand for Windows Internet Naming System, helps to
resolve NetBIOS name to IP address naming resolution in Windows domain.
What is a Universal Group/Global Group/Local group?
Global Group – is to organize the users in to a group in AD.
Local Group – is to give access to the resources in AD.
We will have to make Global group as the member of local
group, so that users can access the resources.
Universal group can be used if the users and resources are
located in multiple domains.
What is the main advantage to using a Universal Group?
If the users and resources are located in multiple domains
we need to use Universal Group, since it supports forest level scope and group
nesting.
What is a global catalog?
Global catalog server is a domain controller in the Active
Directory domain which will keep at least some information about all the
objects in the forest.
What are the 5 Flexible Single Master Operations roles and
what do they do?
Schema master – Controls any changes made in the schema.
Domain naming master- Controls adding and removing domains.
RID master – Controls issuing of unique Relative Identifier
number for the domain controllers in the domain.
PDC emulator – Acts as a Primary domain controller for
pre-Windows 2000 machines. Also handles time synchronization in the domain and
changes in the GPOs.
Infrastructure master- Helps to update groups and its
membership information between domains.
PDC Emulator FSMO
role – name the 3 functions it does
1. Time
synchronization.
2. Creating
or editing of GPOs is handled by this server.
3. Password
changes and account lockouts are handled by this server.
Which of the FSMO roles are forest wide/which are domain
wide?
Schema master and Domain naming master are forest wide.
RID master, PDC emulator and Infrastructure master are
domain wide.
What is a Site and when should you define one in Active
directory (ie. basic criteria for establishing one)
Well connected IP subnets are called as sites. If there is a
thin link between two locations we should consider them as two different sites
in AD.
What is a bridgehead server?
In a multi site environment, Bridgehead servers on each
site, handles the replication between two different sites.
What is the Intersite Topology Site Generator?
Every site has a domain controller which acts as an
“Intersite Topology Site Generator “which helps to create connection objects
between intersite domain controllers for active directory replication.
What is Group Policy and how can it be applied in Active
Directory?
Group policy is some set of rules and configuration settings
to restrict users working environment.
When these policies are applied, registry settings will be
modified in the user level or computer level.
GPOs can be applied in Site, domain or OU level in Active
Directory.
What is Group Policy order of precedence?
Group policy applied in the following order:
Local policy
Site Policy
Domain policy
OU policy
What is Group Policy inheritance?
Group policies applied in the top level container can flow
down in the of AD hierarchy.
For example a GPO applied in the domain level will be
inherited by the OUs in the domain and to its child OUs.
What is No Override?
“No Override” Group policies cannot be blocked by the “Block
inheritance” option in AD.
If you want a policy to be applied in the entire tree
structure, you need to use this option.
What is block inheritance?
If you prefer a policy to be not getting applied on an OU
through inheritance, you can choose this “Block inheritance” option.
How can you apply group policy to only ½ the objects in an
OU vs. all of them?
A policy will get applied only if the objects are having Read
and Apply group policy permissions.
Taking off these permissions will help the objects not to
get applied.
What is Group Policy loopback processing?
If you want the user settings should be determined by the
computer accounts policy rather than the user accounts policy, we need to
consider using loopback processing.
Why would you need or use Group policy loopback processing?
In some situations like kiosks, we need the machine policy
to get applied regardless of which user logging in. In those situations we
would use loopback processing.
What are the two types of group policies you can apply to an
object?
There are “Local group policy” and “Domain group policy”
These policies are having two section in them “Computer
configuration” and “User configuration”
What are some tools you can use to troubleshoot Group Policy
that wasn’t applying properly to an object or in conflict?
Gpresult.exe command line tool.
Rsop MMC snap in.
How long does replication take within a site and intersite?
Within a site – every 15 seconds.
Between sites – every 180 minutes.
How would you restore an object or OU in active directory?
To restore an object or OU we should have already taken
“System state data” backup.
If we have the backup, we need to do the Authoritative
restore by rebooting the domain controller in “Directory service restore mode”.
We will use ntdsutil command to restore the objects.
No comments:
Post a Comment