Active Directory L2 and L3 Interview Question and Answer

Article Index

04) What is lingering object how it occurs in replication?

Objects that are deleted from the Active Directory service when the domain controller is offline can remain on the domain controller as lingering objects. Lingering objects can occur if a domain controller does not replicate for an interval of time that is longer than the tombstone lifetime (TSL). The domain controller then reconnects to the replication topology.

05)           What is LDAP

LDAP stands for Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service. The primary purpose of a directory service is to provide a systematic set of records, usually organized in a hierarchical structure.

06) What is Global Catalog (GC)?

A domain controller that contains a partial replica of every domain in Active Directory. A global catalog holds a replica of every object in Active Directory, but with a limited number of each object’s attributes.

07) What is schema?

A description of the object classes and attributes stored in Active Directory is called schema.

08) What is the update sequence number (USN)?

An update sequence number (USN) is a 64-bit number in Active Directory that increases as changes occur. Local counters on every domain controller assign USNs. Whenever an object is changed, its USN is incremented. When replication occurs, only the version of the object with the greatest USN is retained.

Local counters for USNs are considered reliable because they never decrease or "run backward." USNs are also always unique, making it easier for domain controllers to never use the same USNS at the same time.

09) What is Knowledge Consistency Checker (KCC), and what is default interval time?

KCC (Knowledge consistency checker) is responsible for generating site replication topologies between domain controllers for the forest. The Knowledge Consistency Checker (KCC) is a built-in process that runs on all domain controllers and creates a connection object for each DC in AD. By default, the KCC runs at 15-minutes intervals and designates the replication routes between domain controllers. The KCC creates replication connections between domain controllers in the same site automatically. When you have more than one site, you configure links between the sites, and then KCC can create the connections automatically between the sites as well.

10) What is the ISTG? Who has that role by default?

For inter-site replication,  there will be a Bridgehead server to manage site-site replication. one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG). ISTG is nothing but a KCC server(DC), which is responsible for reviewing the inter-site topology and creating inbound replication connection objects as necessary for bridgehead servers in the site in which it resides.

By Default the first Server has this role. If that server can no longer perform

this role then the next server with the highest GUID takes over the role of ISTG. The domain controller holding this role may not necessarily also be a bridgehead server.

11) What is the Bridgehead server?

A bridgehead server is a domain controller (DC) that functions as the primary route of Active Directory (AD) replication data moving into and out of sites. If you have more than one domain in your forest, you'll most likely have more than one bridgehead server.

12) What is ADDS dependencies services? And AD Replication Topology Dependencies and model?

Active Directory replication topology has the following dependencies:

Routable IP infrastructure -  The replication topology is dependent upon a routable IP infrastructure from which you can map IP subnet address ranges to site objects

DNS - The DNS resolves DNS names to IP addresses. AD replication topology requires that DNS is properly designed and deployed so that domain controllers can correctly resolve the DNS names of replication partners.

Net Logon service - Net Logon is required for DNS registrations.

RPC - AD replication requires IP connectivity and RPC to transfer updates between replication partners.

Intersite Messaging - Intersite Messaging is required for SMTP intersite replication.

ADDS dependencies:  -

Kerberos Key Distribution Center, Intersite Messaging, DNS Server, DFS Replication