Best Interview question for Networking domain. Best interview question designed by Mr.Karthik. For any questions please visit: For More Details Please Visit: https://iicttechnologies.com/ http://www.traininginchennai.co.in/ https://traininginchrompet.com/

1. Common HR questions:
1. Tell me about yourself.
Since thisisoftenthe openingquestioninaninterview,be extracareful thatyoudon’trunoff at the
mouth.Keepyouranswertoa minute ortwoat most.Coverfourtopics:earlyyears,education,work
history,andrecentcareerexperience.Emphasize thislastsubject.Rememberthatthisislikelytobe a
warm-upquestion.Don’twaste yourbestpointsonit.
2. What do you knowaboutour organization?
You shouldbe able todiscussproductsor services,revenues,reputation,image,goals,problems,
managementstyle,people,historyandphilosophy.Butdon’tact as if you know everythingaboutthe
place.Letyour answershowthatyou have takenthe time to dosome research,butdon’toverwhelm
the interviewer,andmake itclearthatyou wishtolearnmore.
You mightstart youranswerin thismanner:“Inmy jobsearch,I’ve investigatedanumberof companies.
Yours isone of the fewthat interestsme,forthese reasons…”
Give youranswera positive tone.Don’tsay,“Well,everyonetellsme thatyou’re inall sortsof trouble,
and that’swhyI’m here”,evenif thatiswhyyou’re there.
3. Why do youwant to workfor us?
The deadliestansweryoucangive is“Because Ilike people.”Whatelse wouldyoulike-animals?
Here,and throughoutthe interview,agoodanswercomesfromhavingdone yourhomeworksothat
youcan speakintermsof the company’sneeds.Youmightsaythatyour researchhas shownthatthe
companyisdoingthingsyouwouldlike tobe involvedwith,andthatit’sdoingtheminwaysthat greatly
interestyou.Forexample,if the organizationisknownforstrongmanagement,youranswershould
mentionthatfact andshowthat you wouldlike tobe a part of that team.If the companyplacesa great
deal of emphasisonresearchanddevelopment,emphasize the factthatyouwant to create new things
and that youknowthisisa place inwhichsuch activityisencouraged.If the organizationstresses
financial controls,youranswershouldmentionareverence fornumbers.
If you feel thatyouhave to concoct an answerto thisquestion –if,forexample,the companystresses
research,andyou feel thatyoushouldmentioniteventhoughitreallydoesn’tinterestyou- thenyou
probablyshouldnotbe takingthatinterview,because youprobablyshouldn’tbe consideringajobwith
that organization.
Your homeworkshouldinclude learningenoughaboutthe companytoavoidapproachingplaceswhere
youwouldn’tbe able -orwouldn’twant- tofunction.Since mostof usare poor liars,it’sdifficulttocon
anyone inan interview.Butevenif youshouldsucceedatit,yourprize isa jobyou don’treallywant.

2. 4. What can youdo for usthat someone else can’t?
Here you have everyright,andperhapsanobligation,totootyourown hornand be a bitegotistical.
Talk aboutyourrecord of gettingthingsdone,andmentionspecificsfromyourresume orlistof career
accomplishments.Saythatyourskillsandinterests,combinedwiththishistoryof gettingresults,make
youvaluable.Mentionyourabilitytosetpriorities,identifyproblems,anduse yourexperience and
energytosolve them.
5. What do you findmostattractive aboutthisposition?Whatseemsleastattractive aboutit?
List three orfour attractive factorsof the job,andmentiona single,minor,unattractive item.
6. Why shouldwe hire you?
Create youranswerby thinkingintermsof yourability,yourexperience,andyourenergy.(See question
4.)
7. What do you lookforin a job?
Keepyouranswerorientedtoopportunitiesatthisorganization.Talkaboutyourdesire toperformand
be recognizedforyourcontributions.Make youranswerorientedtowardopportunityratherthan
personal security.
8. Please give me yourdefinitionof [the positionforwhichyouare beinginterviewed].
Keepyouranswerbrief andtask oriented.Thinkintermsof responsibilitiesandaccountability.Make
sure that youreallydounderstandwhatthe positioninvolvesbeforeyouattemptananswer.If youare
not certain,askthe interviewer;he /she mayanswerthe questionforyou.
9. How longwouldittake you to make a meaningful contributiontoourfirm?
Be realistic.Saythat,while youwouldexpecttomeetpressingdemandsandpull yourownweightfrom
the firstday, itmighttake six monthsto a year before youcouldexpecttoknow the organizationandits
needswell enoughtomake a majorcontribution.
10. How longwouldyoustaywithus?
Say that youare interestedinacareer withthe organization,butadmitthatyouwouldhave tocontinue
to feel challengedtoremainwithanyorganization.Thinkintermsof,“Aslongas we bothfeel
achievement-oriented.”
11. Your resume suggeststhatyoumaybe over-qualifiedortooexperiencedforthisposition.What’s
Your opinion?
Emphasize yourinterestinestablishingalong-termassociationwiththe organization,andsaythatyou
assume thatif youperformwell inhisjob,new opportunitieswill openupforyou.Mentionthata strong
companyneedsastrong staff.Observe thatexperiencedexecutivesare alwaysata premium.Suggest

3. that since youare sowell qualified,the employerwill getafastreturnon hisinvestment.Saythata
growing,energeticcompanycanneverhave toomuch talent.
12. What isyour managementstyle?
You shouldknowenoughaboutthe company’sstyle toknow thatyourmanagementstyle will
complementit.Possiblestylesinclude:taskoriented(I’ll enjoyproblem-solvingidentifyingwhat’s
wrong,choosinga solutionandimplementingit”),results-oriented(“EverymanagementdecisionImake
isdeterminedbyhowitwill affectthe bottomline”),orevenpaternalistic(“I’mcommittedtotaking
care of mysubordinatesandpointingtheminthe rightdirection”).
A participative style iscurrentlyquitepopular:an open-doormethodof managinginwhichyouget
thingsdone bymotivatingpeopleanddelegatingresponsibility.
As youconsiderthisquestion,thinkaboutwhetheryourstyle will letyouworkhappilyandeffectively
withinthe organization.
13. Are you a goodmanager?Can you give me some examples?Doyoufeel thatyouhave top
managerial potential?
Keepyouranswerachievementandask-oriented.Relyonexampletobuttressyourargument.Stress
your experience andyourenergy.
14. What do youlookfor whenYouhire people?
Thinkintermsof skills,initiative,andthe adaptabilitytobe able towork comfortablyandeffectively
withothers.Mentionthatyoulike tohire people whoappearcapable of movingupinthe organization.
15. Have you everhadto fire people?Whatwere the reasons,andhow didyouhandle the situation?
Admitthatthe situationwasnoteasy,butsay that itworkedoutwell,bothforthe companyand, you
think,forthe individ
ual.Showthat, like anyone else,youdon’tenjoyunpleasant tasksbutthatyoucan resolve them
efficientlyand -inthe case of firingsomeone- humanely.
16. What do youthinkisthe most difficultthingaboutbeingamanageror executive?
Mentionplanning,execution,andcost-control.The mostdifficulttaskisto motivate andmanage
employeestogetsomethingplannedandcompletedontime andwithinthe budget.
17. What importanttrendsdoyousee inour industry?
Be preparedwithtwoorthree trendsthat illustrate how well youunderstandyourindustry.Youmight
considertechnological challengesoropportunities,economicconditions,orevenregulatorydemandsas
youcollectyourthoughtsaboutthe directioninwhichyourbusinessisheading.

4. 18. Why are you leaving(didyouleave) yourpresent(last) job?
Be brief,tothe point,andas honestas youcan withouthurtingyourself.Referbackto the planning
phase of your jobsearch.where youconsideredthistopic asyousetyour reference statements.If you
were laidoff inan across-the-boardcutback,sayso;otherwise,indicatethatthe move wasyour
decision,the resultof youraction.Donot mentionpersonalityconflicts.
The interviewermayspendsome time probingyouonthisissue,particularlyif itisclearthatyouwere
terminated.The “We agreedtodisagree”approachmaybe useful.Rememberhatyourreferencesare
likelytobe checked,sodon’tconcocta storyfor an interview.
19. How doyou feel aboutleavingall yourbenefitstofindanew job?
Mentionthatyou are concerned,naturally,butnotpanicked.Youare willingtoacceptsome riskto find
the right jobfor yourself.Don’tsuggestthatsecuritymightinterestyoumore thangettingthe jobdone
successfully.
20. In yourcurrent (last) position,whatfeaturesdo(did) youlike the most?The least?
Be careful andbe positive.Describe more featuresthatyoulikedthandisliked.Don’tcite personality
problems.If youmake yourlastjob soundterrible,aninterviewermaywonderwhyyouremainedthere
until now.
21. What do youthinkof your boss?
Be as positive asyoucan.A potential bossislikelytowonderif youmighttalkabouthiminsimilarterms
at some pointinthe future.
22. Why aren’tyou earningmore at your age?
Say that thisisone reasonthat youare conductingthisjobsearch.Don’tbe defensive.
23. What do youfeel thispositionshouldpay?
Salaryis a delicate topic.We suggestthatyoudefertyingyourselftoa precise figure foraslongas you
can do so politely.Youmightsay,“I understandthatthe range for thisjobis betweenRs.______and
Rs.______. That seemsappropriate forthe job as I understandit.”Youmightanswerthe questionwitha
question:“Perhapsyoucanhelpme onthisone.Can youtell me if there isa range for similarjobsinthe
organization?”
If you are askedthe questionduringaninitial screeninginterview,youmightsaythatyou feel youneed
to knowmore about the position’sresponsibilitiesbefore youcouldgive ameaningful answertothat
question.Here,too,eitherbyaskingthe interviewerorsearchexecutive (if one isinvolved),orin
researchdone as part of your homework,youcantry to findoutwhetherthere isasalary grade
attachedto the job.If there is,andif you can live withit,saythat the range seemsrightto you.

5. If the interviewercontinuestoprobe,youmightsay,“You know that I’mmaking Rs.______ now.Like
everyone else,I’dliketoimprove onthatfigure,butmymajorinterestiswiththe jobitself.”Remember
that the act of takinga newjobdoesnot, inand of itself,make youworthmore money.
If a searchfirmis involved,yourcontactthere maybe able to helpwiththe salaryquestion.He orshe
may evenbe able torun interference foryou.If,forinstance,he tellsyouwhatthe positionpays,and
youtell himthat youare earningthatamountnow andwouldlike todoa bitbetter,he mightgo backto
the employerandpropose thatyoube offeredanadditional 10%.
If no price range isattachedto the job,and the interviewercontinuestopressthe subject,thenyouwill
have to respondwithanumber.You cannotleave the impressionthatitdoesnotreallymatter,that
you’ll acceptwhateverisoffered.If you’vebeenmakingRs.3,00,000a year,you can’t saythat a Rs.
2,00,000 figure wouldbe fine withoutsoundingasif you’ve givenuponyourself.(If youare makinga
radical career change,however,thiskindof disparitymaybe more reasonableandunderstandable.)
Don’tsell yourself short,butcontinue tostressthe factthat the jobitself isthe mostimportantthingin
your mind.The interviewermaybe tryingtodetermine justhow muchyouwantthe job.Don’t leave the
impressionthatmoneyisthe onlythingthatisimportanttoyou.Link questionsof salarytothe work
itself.
But wheneverpossible,sayaslittle asyoucan aboutsalaryuntil youreach the “final”stage of the
interview process.Atthatpoint,youknow thatthe companyisgenuinelyinterestedinyouandthat itis
likelytobe flexible insalarynegotiations.
24. What are yourlong-range goals?
Referbackto the planningphase of yourjobsearch.Don’tanswer,“I wantthe job you’ve advertised.”
Relate yourgoalsto the companyyou are interviewing:‘inafirmlike yours,Iwouldlike to…”
25. How successful doyouyou’ve beensofar?
Say that,all-in-all;you’re happywiththe wayyourcareerhas progressedsofar. Giventhe normal ups
and downsof life,youfeel thatyou’ve donequite wellandhave nocomplaints.
Presentapositive andconfidentpicture of yourself,butdon’toverstate yourcase.Ananswerlike,
“Everything’swonderful!Ican’tthinkof a time when thingswere goingbetter!I’moverjoyed!”islikely
to make an interviewerwonderwhetheryou’re tryingtofool him/her or yourself.The mostconvincing
confidence isusuallyquietconfidence.
Q. Please describethe technical environmentof yourcurrent (ormost recent) position.
A. Whendescribingthe technicalenvironmentthatyoucurrentlysupport,be sure toinclude the
numberof usersyousupport,the numberof IT staff,the technical infrastructureincludingservers,types
of connections,desktopoperatingsystems,yourjobduties,andyourworkschedule.

6. You shouldbe preparedtotalkabout eachof the positionsyouhave listedonyourrésumé inthisway.
Alsobe preparedwithafollow-upstatementof yourmostsignificantaccomplishment.
Q. How doyou keepyourtechnical knowledgeandskillscurrent?
A. Keepingyourskillscurrentdemonstratesinitiative andadesire toperformathighstandards.Be
preparedwithalistof resourcesincludingprofessional groups.
Q. Please describeyourgreatesttechnicalchallenge andhow youovercame it.
A. Ah,an opportunityforastory. Greatexamplestodraw on: how youtaught yourself anew operating
system,the installationof acomplex system,integrationof multiplesystems,buildingof ane-commerce
website.
Q. What are some of the toolsyou use to make yourjobeasier?
A. All networkadministratorshave abagof tricks.You shouldshare some of yourtrade secretsas a way
of demonstratingthatyoucanbe efficientinyourjobasa networkadministrator.These caninclude
ghostingtools,troubleshootingtools,anddocumentationtools.
Q. How doyou documentyournetwork?
A. One of the toughestpartsof networkadministrationiskeepingtrackof an alwayschanging
environment.Youmusthave basicdocumentationforuseradministration,file systemplanning,and
addressplanning.Share yourdocumentationwithyourinterviewer.
PlanningQuestions
The interviewerwillbe interestedinyournetworkplanningmethodologies.The followingquestions
provide insightintotheseskills.
Q. What are some of the thingsyouneedto take intoconsiderationwhenplanninganupgrade fromone
networkoperatingsystemtoanother?
A. Thisisthe motherof all planningactivitiesbecauseitwill affectsomanyresources.The keyhere is
testingandbackupsand that’swhat the interviewerwantstohear.Otherconsiderationsinclude:
Networkdocumentation
Ensuringthat yourhardware meetsthe minimumhardware requirementsforthe new operatingsystem
Creatinga testnetworkfortestingthe compatibilityof applications,hardware,anddriverswiththe new
operatingsystem
Gatheringall updateddriversandpatches/servicepacksrequiredforupgrade compatibility
Identifyingworkflow issuesbeforeconverting

7. Separatingworkstationconversionsfromserverconversions
Ensuringyouhave backupsof data and the serverssothat youcan revertback
Networkaddressingscheme
Q. Describe the backup/restorepolicyyouuse most.
A. Firstof all,the interviewerwantstoensure thatyoudo backups!There are differentmethods,butthe
mostcommon backupstrategyusedisto performincremental backupsMondaythroughThursdayanda
normal backupon Friday.Analternative backup strategyistoperformdifferential backupsMonday
throughThursdayand a normal backup onFriday.
Q. How wouldyouensure thatyourserversare secure?
A. Securityalwaysbeginsatthe physical level—itmakeslittledifference thatyou’veprovidedall the
securitythe operatingsystemandsoftware canprovide if someone canwalkawaywiththe box or the
portable harddrive.The nextstepisto ensure youhave the latestservice packsforthe operating
systemandapplicationsrunningonthe server.
Installation
Q. What stepsdoyou go throughas part of yourserverinstallationprocess?
A. The interviewerwantstoknowwhetheryourtypical workhabitsare to justjumpinor whetheryou
do some planning.Youobviouslywanttoensure thatyourhardware meetsthe minimumrequirements,
that youhave all the rightdriversforthe new operatingsystem, andwhetheryouneedaROMupgrade
for yourhardware.Dependingonhowmanyinstallationsyou’vedone,youmayhave aprocessthat you
like tofollow.If youdo,describe ittothe interviewer.
Q. How doyou determine whichfilesystemisbestforyourenvironment?
A. Thisquestiontestshowwellyouplanfora varietyof differentenvironments.The keyhere istotake
intoconsiderationthe file formatsupportrequiredforbackwardcompatibilitywithotheroperating
systemslike NetWare orolderversionsof WindowsNT.You’ll alsowanttomake sure there’senough
diskspace for driversandfilesthatmustreside inthe systempartition,aswell asspace fora dumpfil e if
anythinggoeswrong.
Q. What’sthe firstthingyoushoulddoafterinstallingthe networkoperatingsystem?
A. Thisisa testof your securityskills.The firstthingyoushoulddoiseitherchange the passwordonthe
administratoraccountor change the name of the account itself.
Q. You justinstalledaservice packonthe e-mail,SQL,print,andfile servers.Yourebootedall the
servers,andnowthe service packinstallationiscomplete.What’sthe final stepforthe evening?

8. A. The interviewerwantstomake sure that testingisan integral partof yourroutine wheneveryou
install software ormake updatestosystems.Youmayalsowant to review the EventViewerlogsand
lookforany errors that have beenregistered.It’sagoodideatoalso examine the administrative
interfacesforSQLand the e-mail servertosatisfyyourself thatnoanomalieshave appearedthere.
Configuration
Ninetypercentof yourdayisspentconfiguringnetworkservices,whetherit’sinstallingapplications,
creatingusers,or addingprinters.
Q. A userhas leftthe companyandyou needtocreate a new userwiththe same rightsandpermissions.
What are some of the ways to create the new user?
A. Byaskingyou to describe multiple waysof gettingthe jobdone,the interviewercanassessyour
experience levelwiththe operatingsystem.Some of the correctanswerstothisquestioninclude the
following:
You couldcopy an existinguser’saccounttocreate a new account.However,the rightsandpermissions
for the new,copiedaccount will be basedpurelyonitsgroupmemberships,notpermissionsg
rantedstrictlyto the original accountitself.
UsingActive Directory,youcoulduse the CSVDE.exe programtocreate a new account withspecific
groupmemberships;however,thisprogramis usuallyintendedforbulkcreationof accountsinyour
domain.
You couldcreate the newaccount fromscratch, assigninggrouppermissionsorindividual rights
manually.
Q. What are some of the alternative waysformappingadrive lettertoa file serverif youwishto
connectto one of the server’ssharedfolders?
A. Thisquestiontestsyourexperience byaskingforalternate methodsof gettingthe jobdone.In
additiontomappeddrivesyoucanuse a Universal NamingConventionpath: servernamesharename.
You can alsobrowse the NetworkNeighborhood.
Q. You shareda printerfromyour server.Whatcouldyou doto ensure thatthe printeriseasily
accessible toyourWindowsclients?
A. Youmay have to supportolderclientsonyournetwork.Thisquestiontestsyourexperience with
oldertechnology.Inthiscase,youshouldloadthe Windows98printerdriversonthe share point.
Q. How large can I make a file allocationtable partitionusingthe NToperatingsystem?
A. Thisquestiontestsyourfamiliaritywithsystemcapabilitiesandlimitations.The maximumFAT
partitionsize is4 gigabytes.

9. Q. Is itnecessaryforan NT clientcomputertouse the server’sname inthatUNC path?
A. There are typicallymultiple waysof accomplishingthe same task.Thankgoodness,because you
sometimesneedthemwhile troubleshooting.Usingverybasicquestions,the interviewercanassess
your real knowledgeandexperience withvariousoperatingsystems.Inthiscase,youcan alsouse the
server’sTCP/IPaddress.
Q. We are creatinga website onour NT serverusingInternetInformationServer4.0.We expectusers
to logon anonymously.Howmanyclientaccesslicensesmustwe purchase toallow upto100
simultaneousconnectionstoourwebsite?
A. Thisisa trickquestiontosee if youunderstandthe conceptof userlicensedconnections.Anonymous
logonsonIIS 4.0 donot require clientaccesslicenses.
Troubleshooting
Q. A usercontacts youand reportsthat theirWindows2000 workstationishavingtroubleconnecting to
the Web.You run the ipconfigcommandonthe computerand youfindthat the computerisnot
referencingthe correctprimaryDNSserver.Whatmustyou doto remedythis?
A. Usingthisquestion,the interviewercanassessyourroutingtroubleshootingskills,anessential partof
networkadministration.Inthiscase,youwouldwanttocheckthe primaryDNSsettinginthe IP
configurationof the computer.If ipconfigshowsasettingforthe defaultDNSserverotherthanwhat
youwant, thismeansthe computer’sIPconfigurationisincorrect.Therefore,the Windows2000 client
computerneedstobe reconfigured.
Q. Users are complainingof slowperformancewhentheyrunserver-basedapplications.
The serverhas the followingspecifications:
> Compaq1600
> 800 MHz Pentium3
> 256MB of RAM
> 18GB EIDE hard drive
> 10/100 NIC
> Connectedtoa Ciscoswitch
The performance monitorshowsthe following:
MemoryPages/Sec:5
Physical Disk%DiskTime:20 percent

10. Processor%ProcessorTime:90 percent
What isthe bestway to improve the system’sperformance?
A. Thisquestiontestsyourknowledgeof serveroptimization.Inthiscase,the recommendationshould
be to upgrade the processor.Microsoftrecommendsyoudosoif the CPU utilizationaveragesover70to
75 percent.
Q. A userishavingtrouble sharingafolderfromtheirNTWorkstation.Whatis a likelycause?
A. The intervieweristestingyourbasicknowledge of rights.Inordertoshare a folderyoumustbe
loggedonas an administrator,serveroperator(inadomain),orpoweruser(inaworkgroup).
Q. You’ve shareda folderandsetthe share permissionsto“Everyone =Full Control.”However,none of
the userscan save informationinthe folder.What’sthe likelycause?
A. Thisisanotherquestionthattestsyourknowledgeof permissions.The likelycause isthatsomeone
has setthe NTFS permissionsinamore restrictive mannerthanthe share permissions.Betweenthose
twocategoriesof permissions,the more restrictive of the twoalwaysappliestousersaccessingthe
folderoverthe network.
Q. What isthe mostlikelycause forthe failure of auserto connectto an NT remote accessserver?
A. Supportingremote usersmaybe abigpart of your job.It’simportanttounderstandthe proper
configurationandtroubleshooting of the NTRAS.In thiscase,the usermust be grantedthe RAS dial-in
permission.
Q. A remote userinMontana,who isnot technical andisscaredto deathof computers,callsforhelp.
The user loggedintoyour networkviathe terminal server.Youdeterminethatthe solutiontothe user’s
problemrequiresaneditof ahiddenread-onlyfile,deletingasystemfileinthe winntsystem32folder,
and creatinga simple batchfile onthe user’scomputer.Whattoolswouldyouuse toresolve this
problem?
A. Thisquestiontestsyourabilityforremote troubleshooting.Anadministratorcaneditthese fileson
the user’scomputerbyconnectingtoit overthe networkviathe ComputerManagementconsole in
Windows2000. Usingthisconsole,youcan accessthe administrative shares(C$,D$,and soon) that
representthe partitionsonthe user’scomputer.Fromthere,youcaneditorcreate any filesnecessary
to repairthe problem.
.
Active Directory
In orderto manage an Active DirectoryServicesenvironment,youmustbe comfortable withplanning,
securityandpermissions,authentication,andsynchronization.The followingquestionsmaybe askedby
the interviewertoassessyourexperience withperformingthese functions.

11. Q. What rightsmustyour logged-inaccounthave whencreatingaWindows2000 forest?
A. Youmust understandrightsandpermissionsthoroughly.Inthisinstance,the accountmusthave
administrativerightsonthe Windows2000 serverusedtocreate the new forest.
Q. What rightsmustyour account have when addingadomainto an existingforest?
A. Inthiscase, youmustbe a memberof the Enterprise Administratorsgroup.
Q. My account has the properrights,but whenItry to create a new domainIget an errormessage
statingthat the DomainNamingMastercannot be contacted.What doesthismean?
A. Anexperiencednetworkadministratorwill be able toreadilytroubleshootforproblemssuchasthis
one.Thisscenariocan meannetworkconnectivityissuesora failedDomainNamingMaster,whichisthe
domaincontrollerforthe forestrootdomain.
Q. Why isDomainName System(DNS) soimportanttoan Active Directoryforest?
A. Asa networkadministratoryoumustunderstandname resolution.DNSiscritical toyourforest
because itpossessesall of the service (SRV) records.These recordsindicate the TCP/IPaddressandport
necessarytolocate a specificservice offeredbyaserver.
Q. Doesthe DNS serverhave tobe a Windows2000 server?
A. Thisisa trickquestion.DNSisindependentof Windows2000 and sothe answerisno.To support
Active Directory,the DNSservermustsupporttwoBIND(BerkeleyInternetName Domain) version
standards:4.9.6 (SRV records) and8.1.2 (dynamicupdates).
Q. What rightsdoesa userneedinorderto create computeraccountsinan Active Directorydomain?
A. Bydefault,auseronlyneedstobe recognizedasa memberof the AuthenticatedUsersgrouptoadd
workstationstoa domain.Thispermissionisestablishedinthe DefaultDomainControllerspolicy,and
permitsuserstocreate up to tenaccounts.
Q. Is itpossible tohave entirelyseparate domainname spaceswithinthe same forest?
A. Whenitcomesto Active Directory,youmusthave a thoroughunderstandingof forestlimitations.In
thiscase,you can have multiple domainname spaceswithinthe same forest.
Q. Do clockssynchronize automaticallybetweenWindows2000 computers?
A. Thisquestiontestsyourunderstandingof Active Directorysynchronization.Clocksdosynchronize
onlywithinadomain.The PrimaryDomainControllerEmulatorhandlesthistaskforyou.Butthere is no
serverthatautomaticallysynchronizesclocksbetweenyourseparate domains.
Q. To create Group Policyobjectsina domain,whatgroupmustyou be a memberof?

12. A. Youmust be a memberof the GroupPolicyCreatorOwnersgroupinyour domaintocreate these
objects.
Q. Is itpossible topreventthe applicationof aGroup Policytoa useraccount withinone of our
organizational units?
A. To preventthe applicationof a
Group Policytoa user,you woulddenythe ReadandApplyGroupPolicypermissionstothe userinthat
organizational unit.
Q. Is itpossible toschedule replicationbetweentwodomaincontrollersinActive Directory?
A. Thisquestionassessesyourknowledge of configurationoptionsfordomaincontrollerswithinActive
Directory.Inthiscase,place the domaincontrollersindifferentsites.Thensetthe schedule onthe Site
Linkobjectthat connectsthe sites.
Q. My Windows98 userscannotsearch forpublishedobjectsinourActive Directorydomain.How doI
add thiscapabilitytotheircomputers?
A. Addthe DSClientutilitytotheircomputersfromthe Windows2000 ServerCD.
Q. What are some of the waysof propagatingpermissionssetonanActive Directoryobjecttolower-
level childobjects?
A. Administeringsecurityisabigpart of an administrator’s job.One waytoaccomplishthistaskisthe
following:Onthe Securitytabof the parent object,clickthe Advancedbutton.Usingthe special
permissionslist,be sure toselect“Applyonto…Thisobjectandall childobjects.”Anothermethodisto
use the Delegationof Control Wizard.
Q. Anorganizationisrunningawebsite usingInternetInformationServer5.0 ona Windows2000
Server.The site allowsbothAnonymousandIntegratedWindowsauthentication.Whenourdomain
usersconnectto the site,whichauthenticationmethodisused?
A. Understandingauthenticationmodesisacritical partto troubleshootingandeffectivelysecuring
resources.Inthiscase,theywill authenticate asthe Anonymousaccount.Anexceptiontothiswouldbe
seenif the Anonymousaccountlackedpermissionstoa particularresource onthe website,inwhich
case IntegratedWindowsauthenticationwouldbe attempted.
Q. How can I move the Active Directorydatabase andlogfilestoa differentdrive onthedomain
controller?
A. Thiscan be accomplishedbyrebootingthe domaincontrollerusingDirectoryServicesRestoreMode
and runningthe ntdsutil tool.
Q. Anadministratoraccidentallydeletedanentire organizational unitcontaining200 usersfromour
domain.Howcan you recoverthe organizational unit?

13. A. Everyone hasthese typesof situations.Youmustknow how torecoverfromthese mistakes.Inthis
case,rebootingadomaincontrollerusingDirectoryServicesRestore Mode andconductingan
authoritative restore of the OUfroma backup will solve the problem.
Q. We demotedourPrimaryDomainControllerEmulatortobecome amemberserverinourdomain.
What do we needtodo to transferthe PDC Emulatorrole to anotherdomaincontroller?
A. Thisquestiontestshowwellyouunderstandhow the PDCEmulatorworks.Inthissituation,the role
was automaticallytransferredwhenthe formerPDCEmulatorwasdemoted.
I.Here are some questionsfrequentlyaskedintechnical round:
1. We’ve installedanewWindows-basedDHCPserver,however,the usersdonotseemtobe getting
DHCP leasesoff of it.
The servermustbe authorizedfirstwiththe Active Directory.
2. How do youdouble-bootaWin2003 serverbox?
The Boot.ini file issetasread-only,system, andhiddentopreventunwantedediting.Tochange the
Boot.ini timeoutanddefaultsettings,use the SystemoptioninControl Panel fromthe Advancedtaband
selectStartup.
3. What do youdo if earlierapplicationdoesn’trunonWindowsServer2003?
Whenan applicationthatran onan earlierlegacyversionof Windowscannotbe loadedduringthe
setupfunctionorif it latermalfunctions,youmustrunthe compatibilitymode function.Thisis
accomplishedbyright-clickingthe applicationorsetupprogramandselectingProperties –>
Compatibility –>selectingthe previouslysupportedoperatingsystem.
4. What do youunderstandbyGlobal Catalogand Global CatalogServer?
The global catalogis a distributeddatarepositorythatcontainsasearchable,partial representationof
everyobjectineverydomaininamultidomainActive Directoryforest.Itprovidesthe abilitytolocate
objectsfromany domainwithouthavingtoknow the domainname.
5. What is GCS ?
A global catalogserverisa domaincontroller.Itisa mastersearchable database thatcontains
informationabouteveryobjectineverydomaininaforest.The global catalogcontainsacomplete
replicaof all objectsinActive Directoryforitshostdomain,andcontainsa partial replicaof all objectsin
Active Directoryforeveryotherdomaininthe forest.Itisresponsible forprovidinggroupmembership
informationduringlogonandauthenticationandhelpsusers inlocatingresourcesinActiveDirectory.

14. 6. What snap-inadministrativetoolsare availableforActive Directory?
Active DirectoryDomainsandTrustsManager, Active DirectorySitesandServicesManager,Active
DirectoryUsersand Group Manager, Active DirectoryReplication(optional,available fromthe Resource
Kit),Active DirectorySchemaManager(optional,availablefromadminpak)
7. What’s the difference betweenlocal,global anduniversalgroups?
Domainlocal groupsassignaccess permissionsto global domaingroupsforlocal domainresources.
Global groupsprovide accesstoresourcesinothertrusteddomains.Universal groupsgrantaccessto
resourcesinall trusteddomains.
8. I am tryingto create a newuniversal usergroup.Whycan’tI?
Universal groupsare allowedonlyinnative-mode WindowsServer2003 environments.Nativemode
requiresthatall domaincontrollersbe promotedtoWindowsServer2003 Active Directory.
9. What is LSDOU?
It’sgroup policyinheritance model,wherethe policies are appliedtoLocal machines,Sites,Domainsand
Organizational Units.
10.How can yourestrictrunningcertainapplicationsonamachine?
We can do thisviaGroup Policysecuritysettingsforthe group,thenSoftware RestrictionPolicies.
11.You needto automaticallyinstall anapp,butMSI file isnotavailable.Whatdoyoudo?
A .zaptextfile canbe usedtoadd applicationsusingthe SoftwareInstaller,ratherthanthe Windows
Installer.
12.What’s the difference betweenSoftware InstallerandWindowsInstaller?
The formerhas fewerprivilegesandwill probablyrequire userintervention.Plus,ituses.zapfiles.
13.What doesIntelliMirrordo?
It helpstoreconcile desktopsettings,applications,andstoredfilesforusers,particularlythosewho
move betweenworkstationsorthose whomustperiodicallyworkoffline.
14.What’s the major difference betweenFATandNTFSon a local machine?
FAT andFAT32 provide nosecurityoverlocallylogged-onusers.Onlynative NTFSprovidesextensive
permissioncontrol onbothremote andlocal files.
15.How do FAT andNTFS differinapproachto usershares?

15. Theydon’t,bothhave supportfor sharing.
16.Can you use Start->SearchwithDFSshares?
Yes.
17.What problemscanyouhave withDFS installed?
Two usersopeningthe redundantcopiesof the file atthe same time,withnofile-lockinginvolvedin
DFS,changingthe contentsandthensaving.Onlyone file will be propagatedthroughDFS.
18.I runMicrosoft ClusterServerandcannotinstall fault-tolerantDFS.
Yeah,you can’t.Install a standalone one.
19.Is Kerberosencryptionsymmetricorasymmetric?
Symmetric
20.How doesWindows2003 Servertry to preventamiddle-manattackonencryptedline?
Time stampis attachedto the initial clientrequest,encryptedwiththe sharedkey.
21.Can WindowsServer2003 functionasa bridge?
Yes,and it’sa newfeature forthe 2003 product.You can combine severalnetworksanddevices
connectedviaseveral adaptersbyenablingIProuting.
22.Does WindowsServer2003 supportIPv6?
Yes,run ipv6.exe fromcommandline todisableit.
23.What’s the role of http.sysinIIS?
It isthe pointof contact for all incomingHTTPrequests.Itlistensforrequestsandqueuesthemuntil
theyare all processed,nomore queuesare available,orthe Webserverisshutdown.
24.Where’sASPcache locatedonIIS6.0?
On disk,asopposedtomemory,as itusedto be in IIS5.
--------------------------------------------------------------------------------------------------------
II. Top 100 -2008 R2 serverADS - HR questions&Answer:
Explainthree mainfeaturesof ActiveDirectory?

16. What do youmeanby Active Directoryfunctionallevels?How doesithelpanorganization’snetwork
functionality?
What are the Domainand Forestfunctional levelsof WindowsServer2003 AD?
What are the Domainand Forestfunctional levelsof WindowsServer2008 AD?
How to addadditional DomainControllerinaremote site withslowerWAN link?
How dowe install Active DirectoryinWindows7Computer?
What are the prerequisitestoinstall Active DirectoryinaServer?
What isFSMO role?(Orwhatare Single MasterOperations/FlexibleSingle MasterOperations/
OperationsMasterRole /SMO / OMR?)
ExplainInfrastructure MasterRole.Whatwill be the impactif DC withInfrastructure MasterRole goes
down?
What are the twoforestspecificFSMOroles?
WhichFSMO role directlyimpactingthe consistencyof GroupPolicy?
I wantto promote a newadditional DomainControllerinanexistingdomain.Whichare the groupsI
shouldbe a memberof?
Tell me one easiestwaytocheckall the 5 FSMO roles.
Can I configure twoRIDmastersina domain?
Can I configure twoInfrastructure MasterRole ina forest?If yes,please explain.
What will be the impacton the networkif DomainControllerwithPDCEmulatorcrashes?
What are the physical componentsof Active Directory?
What are the logical components of Active Directory?
What are the Active DirectoryPartitions?(Orwhatare Active DirectoryNamingContexts?Orwhatis AD
NC?)
What isgroup nesting?
ExplainGroupTypesandGroup Scopes?
What isthe feature of DomainLocal Group?
How will youtake Active Directorybackup?

17. What are the Active DirectoryRestore types?
How isAuthoritative Restore differentfromnon-AuthoritativeRestore?
Explainme,howtorestore Active Directoryusingcommandline?
Tell me fewswitchesof NTDSUTILcommand.
What isa tombstone?Whatisthe tombstone lifetime period?
What do youunderstandbyGarbage Collection?Explain.
What is Lost andFoundContainer?
Where can I locate Lost and FoundContainer?
Is Lost andFoundContainerincludedinWindowsServer2008 AD?
Have you everinstalledActive Directoryinaproductionenvironment?
Do we use clusteringinActive Directory?Why?
What isActive DirectoryRecycle Bin?
What isRODC? Why do we configure RODC?
How doyou checkcurrentlyforestanddomainfunctional levels?SaybothGUI and Commandline.
ExplainKnowledgeConsistencyChecker(KCC)
What are the toolsusedto checkand troubleshootreplicationof Active Directory?
What isSYSVOL folderusedfor?
What isthe use of KerberosinActive Directory?WhichportisusedforKerberoscommunication?
Whichversionof KerberosisusedforWindows2000/2003 and 2008 Active Directory?
Please name fewportnumbersrelatedtoActive Directory.
What isan FQDN?
Tell me fewDS commandsandits usage.
ExplainActive Directorytree andforest.
What are Intersite andIntrasite replication?
What isshortcut trust?

18. What isselective Authentication?
Give me brief explanationof differenttypesof Active Directorytrusts.
Have you heardof ADAC?
What isthe use of ADSIEDIT? Howdo we install itinWindowsServer2003 AD?
I am unable tocreate a Universal SecuritygroupinmyActive Directory?Whatwill be the possible
reason?
What isADMT? What isit usedfor?
What do youmeanby LingeringObjectsinAD?How to remove LingeringObjects?
ExplainGlobal Catalog.Whatkindof AD infrastructure makesmostuse of Global Catalog?
Global Catalogand Infrastructure masterrolescannotbe configure insame DomainController.Why?
How doyou checkall the GCs inthe forest?
How manyobjectscan be createdinActive Directory?(both2003 and 2008)
Can youexplainthe processbetweenauserprovidinghisDomaincredential tohisworkstationandthe
desktopbeingloaded?Orhowthe AD authenticationworks?
What isLDAP?
Whichis defaultlocationof Active Directory?Whatare the mainfilesrelatedtoAD?
In a large forestenvironment,whywe don’tconfigure all DomainControllersasGCs?
What isNETDOM commandline tool usedfor?
What isrole seizure?Whodowe performrole seizure?
What isISTG? What is role of ISTG in Active Directory?
Is itpossible tofindidle userswhodidnotloginforlast few months?
Tell me the orderof GPO as itapplied.
What are the usesof CSVDE and LDIFDE?
What are the differencesbetweenauserobjectandcontact object?
What do youmeanby Bridge Headserver?
What isurgentreplication?

19. Please explainRealmtrust.
Explainobjectclassandobjectattribute.
My organizationwantstoaddnewobjectattribute tothe userobject.How do you achieve it?
What do youunderstandaboutGUID?
What isthe commandusedforDomainControllerdecommissioning?
Have you everplannedandimplementedActive Directoryinfrastructureanywhere?Tell me few
considerationswe have totake duringthe ADplanning.
Name fewdifferencesfromWindowsServer2003 ADand WindowsServer2008 AD.
Whichdomainand forestfunctional level Iwill selectif IaminstallingWindowsServer2008 AD inan
Existingenvironmentwhere we have Windows Server2003 DomainControllers?
What are the replicationintervalsforIntersite andintrasitereplication?Isthere anychange in2003 and
2008?
I wantto transferRID masterrole to a new DomainController.Whatare the stepsI needtofollow?
Tell me fewusesof NTDSUTIL commands?
Name fewservicesthatdirectlyimpactthe functionalityof DomainController.
You saidthere are 5 FSMO roles.Please explainwhatwill be the impactonthe ADinfraif eachFSMO
rolesfails?
What isActive Directorydefragmentation?How doyoudo AD defragmentation?Andwhydowe doit?
Tell me Differentbetweenonlineandoffline defragmentation.
How doyou uninstall active directory?Whatare the precautionswe have totake before removing
active directory?
A userisunable to logintohisdesktopwhichisconnectedtoa domain.Whatare the troubleshooting
stepsyouwill consider?
A DomainControllercalledABCisfailingreplicationwithXYZ.How doyou troubleshootthe issue?
A useraccount isfrequentlybeinglockedout. How doyou investigatethisissue?Whatwill be the
possible solutionsuggestthe user?
Imagine youare tryingto add a Windows7 computerto Active Directorydomain.But itsshowingan
error ‘Unable tofindDomainController’.How will youhandle thisissue?
What are the servicesrequiredforActive Directoryreplication?

20. What isActive Directoryapplicationpartition?Whatare the usesof it?
Many usersof a networkare facinglatencywhile tryingtologintotheirworkstations.How doyou
investigatethisproblem?
Now,some questionsrelatedtoWindowsServer2008 Active Directory.Whatdo youmeanby IDA?
What are the newcomponentsof Windows2K8Active Directory?
I wantto editthe Active DirectorySchema.How can I bringSchemaeditorintomyMMC?
Name fewActive DirectoryBuiltingroups
What are the differencesbetweenEnterprise AdministratorsandDomainAdministratorsgroups?
I have to create 1000 userobjectsinmy Active Directorydomain.WhocanI achieve thatwithleast
administrativeeffort?Tell me few toolsthatIcan use.
Answers:
Active Directoryenablessinglesignontoaccess resourcesonthe networksuchas desktops,shared
files,printersetc.Active Directoryprovidesadvancedsecurityforthe entirenetworkandnetwork
resources. Active Directoryismore scalable andflexibleforadministration.
Functional levelshelpthe coexistence of Active Directoryversionssuchas,WindowsNT,Windows2000
Server,WindowsServer2003 and WindowsServer2008. The functional levelof adomainor forest
controlswhichadvancedfeaturesare available inthe domainorforest.Althoughlowestfunctional
levelshelptocoexistwithlegacyActiveDirectory,itwill disable someof the new featuresof Active
Directory.Butif youare settingupa new Active Directoryenvironmentwithlatestversionof Windows
ServerandAD, youcan set to the highestfunctionallevel,thusall the new ADfunctionalitywill be
enabled.
WindowsServer2003 DomainFunctional Levels:Windows2000 mixed(Default),Windows2000 native,
WindowsServer2003 interim,andWindowsServer2003.
ForestFunctional Levels:Windows2000 (default),WindowsServer2003 interim, WindowsServer.
WindowsServer2008 DomainFunctional Levels:Windows2000 Native,WindowsServer2003, Windows
Server2008, WindowsServer2008 R2.
ForestFunctional Levels:Windows2000, WindowsServer2008, WindowsServer2008 R2.
It is possible totake abackup copyof existingDomainController,andrestore itinWindowsServer
machine inthe remote locationswithslowerWAN link.
Active DirectoryisdesignedforServerOperatingSystem, anditcannotbe installedonWindows7.

21. WindowsServerOperatingSystem.Free harddiskspace withNTFSpartition.Administrator'sprivilege
on the computer.NetworkconnectionwithIPaddress,SubnetMask,GatewayandDNS address.A DNS
server,thatcan be installedalongwithfirstDomainController.WindowsServerintallationCDori386
folder.
Flexible Single-MasterOperation(FSMO) roles,manageanaspectof the domainorforest,to prevent
conflicts,whichare handledbySingledomaincontrollersindomainorforest.The taskswhichare not
suitedtomulti-masterreplication,Thereare 5 FSMO roles,andSchemaMaster and Domainnaming
masterrolesare handledbya single domaincontrollerinaforest,andPDC, RID masterand
Infrastructure masterrolesare handledbyasingle domaincontrollerineach domain.
Infrastrcture masterrole isa domain-specificrole anditspurpose istoensure thatcross-domainobject
referencesare correctlyhandled.Forexample,if youaddauser fromone domainto a securitygroup
froma differentdomain,the Infrastructure Mastermakessure thisisdone properly.Intrastrcuture
masterdoesnot have anyfunctionstodo ina single domainenvironment.Ifthe Domaincontrollerwith
Infrastructure masterrole goesdownina single domainenvironemt,there will be noimpactat all.
Where as, ina complex environmentwithmultiple domains,itmayimactcreationandmodificationof
groupsand groupauthentication.
SchemaMaster role and DomainNamingMasterrole.
PDC Emulator
You shouldbe a memberof Enterprise Adminsgrouporthe DomainAdminsgroup.Alsoyoushouldbe
memberof local Administratorsgroupof the memberserverwhichyouare goingto promote as
additional DomainController.
Use netdomquery/domain:YourDomainFSMOcommand.Itwill listall the FSMOrole handlingdomain
controllers.
No,there shouldbe onlyone DomainControllerhandlingRIDmasterrole ina Domain.
There shouldbe onlyone DomainControllerhandlingInfrastructure masterrole inadomain.Hence if
youhave two domainsina forest,youcan configure twoInfrastructure masters,one ineachdomain.
If PDC emulatorcrashes,there will be immediate impactonthe environment.Userauthenticationwill
fail as passwordchangeswontgeteffected,andthere will be frequentaccountlockoutissues.Network
time synchronizationwillbe impacted.ItwillalsoimpactDFSconsistencyandGrouppolicyreplicationas
well.
DomaincontrollersandSites.Domaincontrollersare physical computerswhichisrunningWindows
ServeroperatingsystemandActive Directorydata base.Sitesare anetworksegmentbasedon
geographical locationandwhichcontainsmultipledomaincontrollersineachsite.
Domains,OrganizationalUnits,treesandforestsare logical componentsof Active Directory.

22. Active Directorydatabase isdivided intodifferentpartitionssuchasSchemapartition,Domainpartition,
and Configurationpartition.Apartfromthese partitions,we cancreate Applicationpartitionbasedon
the requirement.
Addingone groupas a memberof anothergroupis called'groupnesting'.Thiswill helpforeasy
administrationandreducedreplicationtraffic.
Group typesare categorizedbasedonitsnature.There are two grouptypes:SecurityGroupsand
DistributionGroups.Securitygroupsare usedtoapplypermissionstoresourceswhere asdistribution
groupsare usedto create Exchange serveremail communicationgroups.Groupscopesare categorized
basedon the usage.There are three grouptypes:DomainLocal Group,Global Group and Universal
Group.
Domainlocal groupsare mainlyusedforgrantingaccessto networkresources.A Domainlocal groupcan
containaccounts fromany domain,global groupsfromanydomainanduniversal groupsfromany
domain.Forexample,if you wanttogrant permissiontoaprinterlocatedat DomainA,to 10 usersfrom
DomainB, thencreate a Global group inDomainB and add all 10 usersintothat Global group.Then,
create a Domainlocal groupat DomainA, andadd Global groupof DomainB to Domainlocal group of
DomainA,then,add Domainlocal groupof DomainA to the printer(of DomainA) securityACL.
Active DirectoryisbackedupalongwithSystemState data.Systemstate data includesLocal registry,
COM+, Boot files,NTDS.DITandSYSVOLfolder.Systemstate canbe backedupeitherusingMicrosoft's
defaultNTBACKUPtool orthirdparty toolssuchas SymantechNetBackup,IBMTivoli Storage Manager
etc.
There are twotypesof Active Directoryrestores,Authoritative restoreandNon-Authoritative restore.
Non-Authoritative means,anormal restore of a single Domaincontrollerincase that particulardomain
controllerOSor hardware crashed.Afternon-authoritative restorationcompleted,comparesitsdata
base withpeerdomaincontrollersinthe networkandacceptsall the directorychangesthathave been
made since the backup.Thisis done throughmulti masterreplication.
Where as, inAuthoritativerestore,arestoreddatabase of a Domaincontrollerforcefullyreplicatedto
all the otherdomaincontrollers.Authoritative restoreisperformedtorecoveranactive directory
resource or object(eg.anOrganizational Unit) whichaccidentallydeletedanditneedstobe restored.
We can use NTDSUTIL commandline toperformAuthoritativerestore of Active Directory.First,starta
domaincontrollerin'DirectoryService RestoreMode'.Then,restore the SystemState dataof Domain
controllerusingNTBACKUPtool.Thisisnon-authoritative restore.Once non-authoritative restoreis
completed,we have toperformauthoritative restore immediatelybefore restartingthe Domain
Controller.
Opencommandpromptand type NTDSUTIL and enter,thentype authoritative restoreandpressenter,
thentype restore database andpressenter,clickOKand thenclickYes.Thiswill restore all the datain

23. authoritative restore mode.If youwanttorestore onlya specificobjectorsub-tree,youcantype below
commandinsteadof 'restore database'.
restore subtree ou=OU_Name,dc=Domain_Name,dc=xxx
Authoritative restore,Configurablesettings,Partitionmanagement,SetDSRMPasswordetc.
A tombstone isacontainerobjectfordeleteditemsfromActive Directorydatabase,evenif objectsare
deleted,itwill be kepthiddeninthe active directorydatabase fora specificperiod.Thisperiodisknown
as tombstone lifetime.Tombstone lifetime is180 dayson WindowsServer2003 SP1 and laterversions
of WindowsServer.
Garbage collectionisaprocessof Active Directory.Thisprocessstartsbyremovingthe remainsof
previouslydeleted objectsfromthe database.These objectsare knownastombstones.Then,the
garbage collectionprocessdeletesunnecessarylogfiles.Andthe processstartsa defragmentation
threadto claimadditional free space.The garbage collectionprocessisrunning onall the domain
controllersinaninterval of 12 hours.
In multimasterreplicationmethod,replicationconflictscanhappen.Objectswithreplicationconflicts
will be storedina containercalled'LostandFound' container.Thiscontaineralsousedtostore
orphaneduseraccountsand otherobjects.
Lost and Foundcontainercanbe viewedbyenablingadvancedfeaturesfromViewmenuof Active
DirectoryUser andComputersMMC.
Yes,it isincluded.
[Neversayno] We had setup an additional domainforanew subsidiaryof the firm, andIwas a member
of the teamwhohandledinstallationandconfigurationof domaincontrollersforthe subdomain.[or] I
was supportinganexistingActive Directorynetworkenvironmentof the company,butIhave installed
and configuredActive Directoryintestenvironmentseveral occasions.
No one installsActiveDirectoryinacluster.There isnoneedof clusteringadomaincontroller.Because
Active Directoryprovidestotal redundancywithtwoormore servers.
Active DirectoryRecycle binis afeature of WindowsServer2008 AD.It helpstorestore accidentally
deletedActiveDirectoryobjectswithoutusingabackedupAD database,rebootingdomaincontrolleror
restartinganyservices.
Readonlydomaincontroller(RODC) isafeature of WindowsServer2008 OperatingSystem.RODCisa
readonlycopy of Active Directorydatabase andit can be deployedinaremote branchoffice where
physical securitycannotbe guaranteed.RODCprovidesmore improvedsecurityandfasterlogontime
for the branch office.

24. To findoutforestand domainfunctional levelsinGUImode,openADUC,rightclick onthe domainname
and take properties.Bothdomainandforestfunctional levelswill be listedthere.TOfindoutforestand
domainfunctional levels,youcanuse DSQUERY command.
KCC can be expandedasKnowledge ConsistencyChecker.Itisa protocol procecssrunningonall domain
controllers,anditgeneratesandmaintainsthe replicationtopologyforreplicationwithinsitesand
betweensites.
We can use commandline toolssuchas repadminanddcdiag.GUI tool REPLMON can also be usedfor
replicationmonitoringandtroubleshooting.
SYSVOLis a folderexitsoneachdomaincontroller,whichcontainsActvieDirectoryrelatedfilesand
folders.SYSVOLmainlystoresimportantelementsof GroupPolicyObjectsandscripts,anditisbeing
replicatedamongdomaincontrollersusingFile ReplicationService (FRS).
Kerberosisa networkauthenticationprotocol.Active DirectoryusesKerberosforuserandresource
authenticationandtrustrelationshipfunctionality.Kerberosusesportnumber88.
All versionsof WindowsServerActive Directoryuse Kerberos5.
Kerberos88, LDAP389, DNS53, SMB 445.
FQDN can be expandedasFullyQualifiedDomainName.Itisahierarchyof a domainname systemwhich
pointstoa device inthe domainatitsleftmostend.For example insystem.
Dsadd - to add an objectto the directory,Dsget - displaysrequestedpropertiesof anobjectinAD,
Dsmove - Used to move one objectfromone locationtoanotherinthe directory,DSquery - To query
specificobjects.
A tree inActive Directoryisa collectionof one ormore domainswhichare interconnectedandsharing
global resourceseachother.If a tree has more than one domain,itwill have contiguousnamespace.
Whenwe add a newdomaininan existingtree,itwillbe calledachilddomain.
A forestis a collectionof one ormore treeswhichtrust eachotherand sharinga commonschema.Italso
sharescommonconfigurationandglobal catalog.Whenaforestcontainsmore thanone tree,the trees
will notforma contiguousnamespace.
Replicationbetweendomaincontrollersinside asingle siteiscalledIntrasitereplication,whereas
replicationbetweendomaincontrollerslocatedindifferentsitesiscalledIntersite replication.Intrasite
replicationwill be veryfrequent,where asIntersitereplicationwillbe withspecificinterval andina
controlledfashionjusttopreservenetworkbandwidth.
Shortcuttrust is a manuallycreatedtransitive trustwhichisconfiguredtoenablefastandoptimized
authenticationprocess.Forexample,If we create shortcuttrust betweentwodomainsof different
trees,theycanquicklyauthenticate eachotherwithouttravelingthroughthe entire parentdomains.
short cut trustcan be eitherone-wayortwo-way.

25. Selectiveauthenticationisgenerallyusedinforesttrustandexternal trusts.Selectiveauthenticationisa
securitysettingwhichallowsadministratorstograntaccessto sharedresourcesintheirorganization’s
forestto a limitedsetof usersinanotherorganization’sforest.Selective authenticationmethodcan
decide whichgroupsof usersina trustedforestcan accesssharedresourcesinthe trustingforest.
Trusts can be categorizedbyitsnature.There can be two-waytrustor one-waytrust,implicitorexplicit
trust,transitive ornontransitive trust.Trustcan be categorizedbytypes,suchasparentand child,tree
root trust,external trust,realmtrustforesttrustand shortcuttrust.
ADAC- Active DirectoryAdministrativeCenterisa new GUI tool came withWindowsServer2008 R2,
whichprovidesenhanceddatamanagementexperience tothe admin.ADAChelpsadministratorsto
performcommonActive Directoryobjectmanagementtaskacrossmultipledomainswiththe same
ADACinstance.
ADSIEDIT- Active DirectoryService InterfacesEditorisa GUI tool whichis usedtoperformadvancedAD
objectandattribute management.ThisActive Directorytool helpsustoview objectsandattributesthat
are notvisible throughnormal Active DirectoryManagementConsoles.ADSIEDITcanbe downloaded
and installedalongwithWindowsServer2003 SupportTools.
Thisis due to domainfunctional level.If domainfunctionallevel of WindowsServer2003 AD isWindows
2000 Mixed,Universal Groupoptionwill be greyedout.Youneedtoraise domainfunctional level to
Windows2000 native or above.
ADMT - Active DirectoryMigrationTool,isa tool whichisusedfor migratingActive Directoryobjects
fromone domainto another.ADMT isan effective tool thatsimplifiesthe processof migratingusers,
computers,andgroupsto newdomains.
Whena domaincontrollerisdisconnectedforaperiodthatis longerthanthe tombstone life time,one
or more objectsthat are deletedfromActive Directoryonall otherdomaincontrollersmayremainon
the disconnecteddomaincontroller.Suchobjectsare calledlingeringobjects.Lingeringobjectscanbe
removedfromWindowsServer2003 or 2008 usingREPADMIN utility.
The Global catalog isa containerwhichcontainsasearchable partial replicaof all objectsfromall
domainsof the forest,andfull replicaof all objectsfromthe domainwhere itissituated.The global
catalog isstoredon domaincontrollersthathave beendesignatedasglobal catalogserversandis
distributedthroughmultimasterreplication.Global catalogsare mostlyusedinmultidomain,multisite
and complex forestenvironment,where asGlobal catalogdoesnotfunctioninasingle domainforest.
5 57. In a forestthat containsonlya single Active Directorydomain,there isnoharmin placingboth
GC and Infrastructure masterinsame DC, because Infrastructure masterdoesnothave anyworkto do
ina single domainenvironment.Butina forestwithmultipleandcomplex domainstructure,the
infrastructure mastershouldbe locatedonaDC whichis nota Global Catalogserver.Because the global
catalog serverholdsapartial replicaof everyobjectinthe forest,the infrastructure master,if placedon

26. a global catalogserver,will neverupdate anything,because itdoesnotcontainanyreferencesto
objectsthatit doesnothold.
58. Commandline method: nslookupgc._msdcs.<forestrootDNSDomainName>,nltest/dsgetdc:corp
/GC. GUI method:OpenDNSmanagement,andunder‘ForwardLookupZone’,clickonGC container.To
checkif a serverisGC or not, go to Active DirectorySitesandServicesMMC and under‘Servers’folder,
take propertiesof NTDSsettingsof the desiredDCandfindGlobal Catalogoptionischecked.
59. As perMicrosoft,a single ADdomaincontrollercancreate around2.15 billionobjectsduringits
lifetime.
Whena user entersauser name andpassword,the computersendsthe username to the KDC.The KDC
containsa masterdatabase of unique longtermkeysforeveryprincipalinitsrealm.The KDClooksup
the user'smaster key(KA),whichisbasedonthe user'spassword. The KDCthencreatestwo items:a
sessionkey(SA) toshare withthe useranda Ticket-GrantingTicket(TGT).The TGT includesasecond
copy of the SA, the username,and an expirationtime.The KDCencryptsthisticketbyusingitsown
masterkey(KKDC), whichonlythe KDCknows.The clientcomputerreceivesthe informationfromthe
KDC and runsthe user's passwordthrougha one-wayhashingfunction,whichconvertsthe password
intothe user'sKA. The clientcomputernow hasa sessionkeyanda TGT so that itcan securely
communicate withthe KDC.The clientisnow authenticatedtothe domainandisreadyto access other
resourcesinthe domainbyusingthe Kerberosprotocol.
III.DNS interviewQuestions:
WindowsDNSServerInterviewQuestions–Part 1
By admin| Published:June 26,2012
What isthe mainpurpose of a DNS server?
DNS serversare usedtoresolve FQDN hostnamesintoIPaddressesandvice versa.
What isthe portno of dns?
53.
What isa ForwardLookup?
ResolvingHostNamestoIP Addresses.
What isReverse Lookup?
It?sa file containshostnamestoIPmappinginformation.

27. What isa Resource Record?
It isa recordprovidesthe informationaboutthe resourcesavailableinthe N/Winfrastructure.
What are the diff.DNSRoles?
StandardPrimary,StandardSecondary,& ADIntegrated.
What isa Zone?
Zone isa subtree of DNSdatabase.
Secure servicesinyournetworkrequire reversename resolutiontomake itmore difficulttolaunch
successful attacksagainstthe services.Tosetthisup,youconfigure a reverse lookupzoneandproceed
to add records.Whichrecord typesdoyouneedto create?
PTR Records
SOA records mustbe includedineveryzone.Whatare theyusedfor?
SOA records containa TTL value,usedbydefaultinall resource recordsinthe zone.SOA recordscontain
the e-mail addressof the personwhoisresponsible formaintainingthe zone.SOA recordscontainthe
currentserial numberof the zone,whichisused inzone transfers.
By default,if the name isnotfoundinthe cache or local hostsfile,whatisthe firststepthe clienttakes
to resolve the FQDN name intoanIP address?
Performsarecursive searchthroughthe primaryDNS serverbasedonthe networkinterface
configuration.
What isprimary,Secondary,stub& AD IntegratedZone?
PrimaryZone:– zone whichissavedas normal textfile withfilename(.dns)inDBSfolder.Maintainsa
read,write copyof zone database.
SecondaryZone:– maintainsaread onlycopyof zone database onanotherDNSserver.Providesfault
tolerance andloadbalancingbyactingas backup servertoprimaryserver.
Stubzone:– containsa copyof name serverandSOA recordsusedforreducingthe DNSsearch orders.
Providesfault tolerance andloadbalancing.
How doyou manuallycreate SRV recordsinDNS?
Thisis onwindowsservergotorun —> dnsmgmt.mscrightclickonthe zone youwantto add srv record
to and choose “othernewrecord”and choose service location(srv).
What isthe mainpurpose of SRV records?

28. SRV records are usedin locatinghoststhatprovide certainnetworkservices.
Before installingyourfirstdomaincontrollerinthe network,youinstalledaDNSserverandcreateda
zone,namingitas youwouldname yourAD domain.However,afterthe installationof the domain
controller,youare unable tolocate infrastructure SRV recordsanywhere inthe zone.Whatisthe most
likelycause of thisfailure ?
The zone you createdwasnot configuredtoallow dynamicupdates. The local interface onthe DNS
serverwasnot configuredtoallowdynamicupdates.
Whichof the followingconditionsmustbe satisfiedtoconfigure dynamicDNSupdatesforlegacyclients
?
The zone to be usedfordynamicupdatesmustbe configuredtoallow dynamicupdates.The DHCP
servermustsupport,andbe configuredtoallow,dynamicupdatesforlegacyclients.
At some pointduringthe name resolutionprocess,the requestingpartyreceivedauthoritativereply.
Whichfurtheractionsare likelytobe takenafterthisreply?
Afterreceivingthe authoritativereply,the resolutionprocessiseffectivelyover.
Name 3 benefitsof usingAD-integratedzones.
Active DirectoryintegratedDNSenablesActive Directorystorage andreplicationof DNSzone databases.
Windows2000 DNS server,the DNSserverthatis includedwithWindows2000 Server,accommodates
storingzone data inActive Directory.
Whenyouconfigure a computeras a DNSserver,zonesare usuallystoredastextfilesonname servers
that is,all of the zonesrequiredbyDNSare storedina textfile onthe servercomputer.
These textfilesmustbe synchronizedamongDNSname serversbyusingasystem thatrequiresa
separate replicationtopologyandschedule calledazone transferHowever,if youuse Active Directory
integratedDNSwhenyouconfigure adomaincontrollerasa DNS name server,zone dataisstoredas an
Active Directoryobjectandisreplicatedaspartof domainreplication.
IV.DHCP serverInterviewQuestions:
WindowsServerDHCPInterviewQuestions
By admin| Published:July3,2012
Belowisthe listof Basic WindowsServerDHCPInterview QuestionsaskedinInterviewsforthe postof
WindowsSystemAdministrator/L1/L2/L3 WindowsSupportEngineer.

29. What isdhcp ?
DynamicHost ConfigurationProtocol (DHCP)isanetworkprotocol thatenablesaserverto
automaticallyassignanIPaddresstoa computerfroma definedrange of numbers(i.e.,ascope)
configuredfora givennetwork.
What is the dhcp processforclientmachine?
1. A userturns on a computerwitha DHCP client.
2. The clientcomputersendsabroadcastrequest(calledaDISCOVERorDHCPDISCOVER),lookingfora
DHCP servertoanswer.
3. The routerdirectsthe DISCOVERpacketto the correct DHCP server.
4. The serverreceivesthe DISCOVERpacket.Basedonavailabilityandusage policiessetonthe server,
the serverdeterminesanappropriate address(if any) togive tothe client.The serverthentemporarily
reservesthataddressforthe clientandsendsbackto the clientanOFFER(or DHCPOFFER) packet,with
that addressinformation.The serveralsoconfiguresthe client’sDNSservers,WINSservers,NTPservers,
and sometimesotherservicesaswell.
5. The clientsendsaREQUEST (orDHCPREQUEST) packet,lettingthe serverknow thatitintendstouse
the address.
6. The serversendsanACK(or DHCPACK) packet,confirmingthatthe clienthasa beengivenalease on
the addressfor a server-specifiedperiodof time.
7.What is dhcp scope ?
DHCP scopesare usedto define rangesof addressesfromwhichaDHCPservercan assignIPaddresses
to clients.
8.Typesof scopesinwindowsdhcp?
Normal Scope – AllowsA,B andC ClassIPaddress rangesto be specifiedincludingsubnetmasks,
exclusionsandreservations.Eachnormal scope definedmustexistwithinitsownsubnet.
MulticastScope – Usedto assignIP addressrangesforClassD networks.Multicastscopesdonothave
subnetmasks,reservationorotherTCP/IPoptions.
Multicastscope addressrangesrequire thata Time To Live (TTL) value be specified(essentiallythe
numberof routersa packet can passthroughon the way to itsdestination).
Superscope –Essentiallyacollectionof scopesgroupedtogethersuchthattheycan be enabledand
disabledasa single entity.

30. 9.What is AuthorizingDHCPServersinActive Directory?
If a DHCP serveristo operate withinanActive Directorydomain(andisnotrunningona domain
controller) itmustfirstbe authorized.
Thiscan be achievedeitheraspart of the DHCP Serverrole installation,orsubsequentlyusingeither
DHCP console orat the commandpromptusingthe netshtool.
If the DHCP serverwasnotauthorizedduringinstallation,invoke the DHCPconsole (Start ->All Programs
-> Administrative Tools ->DHCP),
rightclickon the DHCP to be authorizedandselectAuthorize.Toachieve the same resultfromthe
commandprompt,enterthe followingcommand:
netshdhcpserverserverIDinitiateauth
In the above commandsyntax,serverIDisreplacedbythe IPaddressorfull UNC name of systemon
whichthe DHCP serverisinstalled.
10.What portsare usedbyDHCP and the DHCP clients?
Requestsare onUDP port68, ServerrepliesonUDP67 .
11.List some Benefitsof usingDHCP
DHCP providesthe followingbenefitsforadministeringyourTCP/IP-basednetwork:
Safe and reliable configuration.DHCPavoidsconfigurationerrorscausedbythe needtomanuallytype in
valuesateach computer.Also,DHCPhelpspreventaddressconflictscausedbyapreviouslyassignedIP
addressbeingreusedtoconfigure anewcomputeronthe network.
Reducesconfigurationmanagement.
UsingDHCP serverscan greatlydecrease time spenttoconfiguringandreconfiguringcomputersonyour
network.Serverscanbe configuredtosupplyafull range of additional configurationvalueswhen
assigningaddressleases.Thesevaluesare assignedusingDHCPoptions.Also,the DHCPlease renewal
processhelpsassure thatwhere clientconfigurationsneedtobe updatedoften(suchasuserswith
mobile orportable computerswhochange locationsfrequently),these changescanbe made efficiently
and automaticallybyclientscommunicatingdirectlywithDHCPservers.
The followingsectioncoversissuesthataffectthe use of the DHCP Serverservice withotherservicesor
networkconfigurations.UsingDNSserverswithDHCPUsingRoutingandRemote Accessserverswith
DHCP MultihomedDHCPservers.
11.Describe the processof installingaDHCPserverinan AD infrastructure ?

31. OpenWindowsComponentsWizard.UnderComponents,scroll toand clickNetworkingServices.Click
Details.Under Subcomponentsof NetworkingServices,clickDynamicHostConfigurationProtocol
(DHCP) and thenclickOK.
ClickNext.If prompted,type the full pathtothe WindowsServer2003 distributionfiles,andthenclick
Next.Requiredfilesare copiedtoyourhard disk.
12.How to authorize a DHCPserverinActive DirectoryOpenDHCP?.
In the console tree,clickDHCP
. On the Actionmenu,clickManage authorizedservers.
. The Manage AuthorizedServersdialogbox appears.ClickAuthorize.
. Whenprompted,type the name or IP addressof the DHCP serverto be authorized,andthenclickOK.
13.What isDHCPINFORM?
DHCPInformisa DHCP message usedbyDHCPclientstoobtainDHCP options.While PPPremote access
clientsdonotuse DHCP to obtainIP addressesforthe remote accessconnection,Windows2000 and
Windows98 remote accessclientsuse the DHCPInformmessage toobtainDNSserverIPaddresses,
WINSserverIPaddresses,anda DNSdomainname.
The DHCPInformmessage issentafterthe IPCPnegotiationisconcluded.The DHCPInformmessage
receivedbythe remote accessserveristhenforwardedtoaDHCP server.The remote accessserver
forwardsDHCPInformmessagesonlyif ithasbeenconfiguredwiththe DHCPRelayAgent.
14.Describe the integrationbetweenDHCPandDNS?
Traditionally,DNSandDHCP servershave beenconfiguredandmanagedone ata time.Similarly,
changingauthorizationrightsforaparticularuseron a groupof deviceshasmeantvisitingeachone and
makingconfigurationchanges.
DHCP integrationwithDNSallowsthe aggregationof these tasksacrossdevices,enablingacompany’s
networkservicestoscale instepwiththe growthof networkusers,devices,andpolicies,whilereducing
administrativeoperationsandcosts.Thisintegrationprovidespractical operational efficienciesthat
lowertotal cost of ownership.
Creatinga DHCP networkautomaticallycreatesanassociatedDNSzone,forexample,reducingthe
numberof tasks requiredof networkadministrators.Andintegrationof DNSandDHCP inthe same
database instance providesunmatchedconsistencybetweenservice andmanagementviewsof IP
address-centricnetworkservicesdata.
V.General HRQuestions
Tell usa little bitaboutyourself.

32. What are your greateststrengths?
What are your greatestweaknesses?
What do you like aboutyourcurrentjobor what didyoulike aboutyourlast job?
Give us an example of whenyouhandledastressful situation.
Give us an example of one of the toughestproblemsyouhadtoface,and how didyou deal withit?
Why doyou thinkyoushouldgetthisposition?
Do youthinkyou are the bestpersonforthisjob?If so, why?
Why didyouapplyfor thisposition?
Why didyouapplyfor a positionwithourcompanyandwhat doyou know aboutus?
Why shouldwe hire you?
Tell usabout yourshort and longtermgoals?
Where do yousee yourself fiveyearsfromnow?
Please explain,whatdoescustomerservicemeantoyou?What doesbeingateamplayermeanto you?
Give us an example of howyouhandledaconflictwithanotheremployee?
What are yoursalary expectations?
What wouldyouconsideryourmostimportantaccomplishment?
How wouldyoudefine success?
At yourlast review,whatimprovementsdidyourmanagersuggestyoumake?
What wouldyourcoworkerssayaboutyou?
For AnyMore questionsanddetailskindlypleasevisit:
www.traininginchrompet.com