Windows Active Directory (AD) Interview Questions & Answers

Article Index

25) What happen if PDC Emulator Failure ?

The loss of the PDC emulator affects network users, Like login problem, Changing password problem and etc. Therefore, when the PDC emulator is not available, you might need to immediately seize the role. If the current PDC emulator will be unavailable for an unacceptable length of time and its domain has clients without Windows Server 2003 client software, or if it contains Windows NT backup domain controllers, seize the PDC emulator role to the domain controller you’ve chosen to act as the standby PDC emulator. When the original PDC emulator is returned to service, you can return the role to the original domain controller.

26) What happen if Infrastructure Master Failure ?

Temporary loss of the infrastructure master is not visible to network users. It is not visible to network administrators either, unless they have recently moved or renamed a large number of accounts. If the infrastructure master will be unavailable for an unacceptable length of time, you can seize the role to a domain controller that is not a global catalog but is well connected to a global catalog (from any domain), ideally in the same site as a global catalog server. When the original infrastructure master is returned to service, you can transfer the role back to the original domain controller.

27) What data contains in System State backup in DC/AD Server ?

Boot files, including the system files, and all files protected by Windows File Protection (WFP).

Active Directory (on a domain controller only).

Sysvol (on a domain controller only).

The registry.

Performance counter configuration information.

Component Services Class registration database.

Optional - Certificate Services (on certification authority only).

Cluster database (on a cluster node only).

28) What Fine-Grained Password and Account lockout policy in Active Directory ?

This feature are introduce in Windows Server 2008. To store fine-grained password policies, includes two new object classes in the Active Directory Domain Services (AD DS) schema:

1) Password Settings Container, 2)Password Settings

In this feature you can create a New password and account lockout policy for group or user as well container specific.

29) How to find which DCs are holding which FSMO roles ?

netdom query fsmo

30) Command to find out the logon server.

Command  - "echo %logonserver" -Or- "whoami" -Or- “net l”

Click here for details How to find the logon logon server in AD domain environment

31) How to find Global catalog server in forest ?

Command  - "dsquery server -domain -isgc"

Click here for determine by other methods also  - How to find global catalog servers on active directory

32) What is the default size of ntds.dit file in server 2012 ?

Default Size of NTDS.DIT in

Server 2000 - 10 MB

Server 2003 to 2012 - 12 MB

For more details click here