Active Directory L2 and L3 Interview Question and Answer
- Last Updated: Thursday, 23 March 2017 08:56
- Hits: 33017
13) What is Active Directory Default Storage?
Active Directory Data base folder: - D:\WINDOWS\NTDS
Store active Directory log: - D:\WINDOWS\NTDS
SYSVOL By default Location: - D:\WINDOWS\SYSVOL
What is SYSVOL Folder?
SYSVOL:-The SYSVOL folder stores the server copy of domain public files. The contents of the SYSVOL folder are replicated to all domain controllers in the domain. It’s must be located on an NTFS Volume
14) Some Important ports for Active directory.
Default Dynamic Ports used for RPC traffic– 1025 to 5000 for Server 2003, And Port 49152 to 65535 for Server 2k8 and R2
LDAP – TCP and UDP 389
LDAP SSL – TCP 636
LDAP GC – TCP 3268
LDAP GC SSL – TCP 3269
Kerberos – TCP and UDP 88
DNS – TCP and UDP 53
DHCP – UDP 67 for server, UDP 68 for client side
Windows Time – UDP (User Datagram Protocol) 123
DCOM, RPC, EPM (Group policy) – UDP Dynamic
Kerberos change/set password - TCP and UDP 464
Net Logon, NetBIOS Name Resolution – UDP 137
DFSN, NetBIOS Session Service, Net Logon – TCP 139
SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc – TCP and UDP 445
AD DS Web Services - TCP 9389
15) What data contains in System State backup in DC/AD Server?
Ø Boot files, including the system files, and all files protected by Windows File Protection (WFP).
Ø Active Directory (on a domain controller only).
Ø Sysvol (on a domain controller only).
Ø The registry.
Ø Performance counters configuration information.
Ø Component Services Class registration database.
Optional - Certificate Services (on certification authority only).
Cluster database (on a cluster node only).
16) What Fine-Grained Password and Account lockout policy in Active Directory?
This feature is introduced in Windows Server 2008. To store fine-grained password policies, includes two new object classes in the Active Directory Domain Services (AD DS) schema:
1) Password Settings Container, 2) Password Settings
In this feature you can create a new password and account lockout policy for group or user as well container specific.
17) How to find which DCs are holding which FSMO roles?
netdom query fsmo
18) Command to find out the logon server.
Command - "echo %logonserver%" -Or- "whoami" -Or- “net l”
Click here for details How to find the logon logon server in AD domain environment
19) How to find Global catalog server in forest?
Command - "dsquery server -domain domainname.com -isgc"
20) What is tombstone lifetime and default value?
When an Active Directory (AD) object, such as a user or computer account, is deleted, the object actually remains in the directory for a period of time known as the tombstone lifetime.
Server 2000 and 2003 – 60 Days
Server 2003 SP1 and later till 2012 – 180 Days
How to Edit – Open adsiedit.msc, and browsing the Configuration partition for the AD forest. Navigate to CN=Directory Service, CN=Windows NT, CN=Services, CN=Configuration, DC=domain, DC=com. Right-click the CN=Directory Service object and select Properties. Look for the tombstone Lifetime value.
21) How to determine Schema version? And what version on server 2003/2008/2012?
Ø Open ADSIEDIT.MSC and browse for Schema configuration.
Ø Right click on “CN=Schema,CN=Configuration,DC=domain,DC=local” and go to properties.
Ø Find attribute “object version” and its value
Ø From registry - HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\SchemaVersion,
Ø And search schema version.
Windows 2000 Server - 13
Windows 2003 RTM, SP1, SP2 - 30
Windows 2003 R2 - 31
Windows 2008 - 44
Windows 2008 R2 - 47
Windows Server 2012 Beta - 52
Windows Server 2012 - 56
Windows Server 2012 R2 - 69