What is Active Directory ?

Active Directory is a Meta Data. Active Directory is a data base which store a data
base like your user information, computer information and also other network object
info. It has capabilities to manage and administor the complite Network which
connect with AD.
>What is domain ?
indows N! and indows "###, a domain is a set of network resources
$applications, printers, and so forth% for a group of users. !he user need only to log
in to the domain to gain access to the resources, which may be located on a number
of di&erent servers in the network. !he 'domain' is simply your computer address
not to confused with an ()*. A domain address might look something like
"++.+,#.-./.
>What is domain controller ?
A Domain controller $D0% is a server that responds to security authentication
re1uests $logging in, checking permissions, etc.% within the indows 2erver
domain. A domain is a concept introduced in indows N! whereby a user may be
granted access to a number of computer resources with the use of a single
username and password combination.
>What is LDAP ?
*ightweight Directory Access 3rotocol *DA3 is the industry standard directory access
protocol, making Active Directory widely accessible to management and 1uery
applications. Active Directory supports *DA3v4 and *DA3v".
>What is KCC ?
500 $ knowledge consistency checker % is used to generate replication topology for
inter site replication and for intrasite replication.with in a site replication tra6c is
done via remote procedure calls over I3 while between site it is done through either
)30 or 2M!3.
>Where is the AD database held? What other folders are related to AD?
!he AD data base is store in c78windows8ntds8N!D2.DI!.
>What is the SYSVOL folder?
!he sys9:* folder stores the server's copy of the domain's public ;les. !he contents
such as group policy, users etc of the sysvol folder are replicated to all domain
controllers in the domain.
>What are the Windos Server !""# $eyboard shortc%ts ?
inkey opens or closes the 2tart menu. inkey < =)>A5 displays the 2ystem
3roperties dialog bo?. inkey < !A= moves the focus to the ne?t application in the
taskbar. inkey < 2@IA! < !A= moves the focus to the previous application in the
taskbar. inkey < = moves the focus to the noti;cation area. inkey < D shows the
desktop. inkey < > opens indows >?plorer showing My 0omputer. inkey < A
opens the 2earch panel. inkey < 0!)* < A opens the 2earch panel with 2earch for
0omputers module selected. inkey < A+ opens @elp. inkey < M minimiBes all.
inkey < 2@IA!< M undoes minimiBation. inkey < ) opens )un dialog. inkey <
( opens the (tility Manager. inkey < * locks the computer.
>Where are the Windos &' Primary Domain Controller (PDC) and its
*ac$%+ Domain Controller (*DC) in Server !""# ?
!he Active Directory replaces them. Now all domain controllers share a multimaster
peerCtoCpeer read and write relationship that hosts copies of the Active Directory.
>, am tryin- to create a ne %niversal %ser -ro%+. Why can/t , ?
(niversal groups are allowed only in nativeCmode indows 2erver "##4
environments. Native mode re1uires that all domain controllers be promoted to
indows 2erver "##4 Active Directory.
>What is LSDO0 ?
ItDs group policy inheritance model, where the policies are applied toLocal
machines, Sites, Domains and OrganiBational 0nits.
>Why doesn/t LSDO0 or$ %nder Windos &' ?
If the NTConfg.pol ;le e?ist, it has the highest priority among the numerous
policies.
>What/s the n%mber of +ermitted %ns%ccessf%l lo-ons on Administrator
acco%nt? (nlimited. )emember, though, that itDs the Administrator account, not
any account thatDs part of the Administrators group.
> What/s the di1erence beteen -%est acco%nts in Server !""# and other
editions?
More restrictive in indows 2erver "##4.
> 2o many +assords by defa%lt are remembered hen yo% chec$
34nforce Passord 2istory 5emembered3?
(serDs last . passwords.
> Can 6C Server and ,nfrastr%ct%re +lace in sin-le server ,f not e7+lain
hyE
No, As Infrastructure master does the same job as the F0. It does not work together.
> Which is service in yo%r indos is res+onsible for re+lication of Domain
controller to another domain controller.
500 generates the replication topology.
(se 2M!3 G )30 to replicate changes.
> What ,ntrasite and ,ntersite 5e+lication E
Intrasite is the replication with in the same site H intersite the replication between
sites.
> What is lost 8 fo%nd folder in ADS E
ItDs the folder where you can ;nd the objects missed due to conIict.
>?7 you created a user in :( which is deleted in other D0 H when replication
happed AD2 didnDt ;nd the :( then it will put that in *ost H Aound Aolder.
> What is 6arba-e collectionE
Farbage collection is the process of the online defragmentation of active directory.
It happens every +" @ours.
> What System State data containsE
0ontains 2tartup ;les,
)egistry
0om < )egistration Database
Memory 3age ;le
2ystem ;les
AD information
0luster 2ervice information
2J29:* Aolder
What is the di1erence beteen Windos !""" Active Directory and
Windos !""# Active Directory? ,s there any di1erence in !""" 6ro%+
Polices and !""# 6ro%+ Polices? What is meant by ADS and ADS services
in Windos !""#?
indows "##4 Active Directory introduced a number of new security features, as
well as convenience features such as the ability to rename a domain controller and
even an entire domain
indows 2erver "##4 also introduced numerous changes to the default settings
that can be a&ected by Froup 3olicy C you can see a detailed list of each available
setting and which :2 is re1uired to support it by downloading the Froup 3olicy
2ettings )eference.
AD2 stands for Automated Deployment 2ervices, and is used to 1uickly roll out
identicallyCcon;gured servers in largeCscale enterprise environments. Jou can get
more information from the AD2 homepage.
>, ant to set%+ a D&S server and Active Directory domain. What do , do
9rst? ,f , install the D&S service 9rst and name the :one ;name.or-; can ,
name the AD domain ;name.or-; too?
Not only can you have a DN2 Bone and an Active Directory domain with the same
name, it's actually the preferred way to go if at all possible. Jou can install and
con;gure DN2 before installing Active Directory, or you can allow the Active
Directory Installation iBard $dcpromo% itself install DN2 on your server in the
background.
>2o do , determine if %ser acco%nts have local administrative access?
Jou can use the net localgroup administrators command on each workstation
$probably in a login script so that it records its information to a central ;le for later
review%. !his command will enumerate the members of the Administrators group on
each machine you run it on. Alternately, you can use the )estricted Froups feature
of Froup 3olicy to restrict the membership of Administrators to only those users you
want to belong.
>Why am , havin- tro%ble +rintin- ith <P domain %sers?
In most cases, the inability to print or access resources in situations like this one will
boil down to an issue with name resolution, either DN2 or IN2GNet=I:2. =e sure
that your indows K3 clients' wireless connections are con;gured with the correct
DN2 and IN2 name servers, as well as with the appropriate Net=I:2 over
!03GI3 settings. 0ompare your wireless settings to your wired *AN settings and look
for any discrepancies that may indicate where the functional di&erence may lie.
>What is the ,S'6? Who has that role by defa%lt?
indows "### Domain controllers each create Active Directory )eplication
connection objects representing inbound replication from intraCsite replication
partners. Aor interCsite replication, one domain controller per site has the
responsibility of evaluating the interCsite replication topology and creating Active
Directory )eplication 0onnection objects for appropriate bridgehead servers within
its site. !he domain controller in each site that owns this role is referred to as the
InterC2ite !opology Fenerator $I2!F%.

>What is di1erence beteen Server !""# vs !""=?
+. 9irtualiBation. $indows 2erver "##L introduces @yperC9 $9 for 9irtualiBation% but
only on .-bit versions. More and more companies are seeing this as a way of
reducing hardware costs by running several 'virtual' servers on one physical
machine.%
". 2erver 0ore $provides the minimum installation re1uired to carry out a speci;c
server role, such as for a D@03, DN2 or print server%
4. =etter security.
-. )oleCbased installation.
M. )ead :nly Domain 0ontrollers $):D0%.
.. >nhanced terminal services.
,. Network Access 3rotection C Microsoft's system for ensuring that clients
connecting to 2erver "##L are patched, running a ;rewall and in compliance with
corporate security policies.
L. 3ower2hell C Microsoft's command line shell and scripting language has proved
popular with some server administrators.
/. II2 , .
+#. =itlocker C 2ystem drive encryption can be a sensible security measure for
servers located in remote branch o6ces. NbrN !he main di&erence between "##4
and "##L is 9irtualiBation, management. "##L has more inCbuild components and
updated third party drivers.
++. indows Aero.
>What are the re>%irements for installin- AD on a ne server?
+ !he Domain structure.
" !he Domain Name .
4 storage location of the database and log ;le.
- *ocation of the shared system volume folder.
M DN2 con;g Methode.
. DN2 con;guration.
>What is LDP?
*D3 7 *abel Distribution 3rotocol $*D3% is often used to establish M3*2 *23s when
tra6c engineering is not re1uired. It establishes *23s that follow the e?isting I3
routing, and is particularly well suited for establishing a full mesh of *23s between
all of the routers on the network.