All in One Interview Questions

8/2/2019 All in One Interview Questions

http://slidepdf.com/reader/full/all-in-one-interview-questions 1/91

1

List of important Ports numbers:-

15Netstat 110POP3 37Time

21,20FTP 143IMAP 3389 Terminal services

23 Telnet 119NNTP443SSL (https) (http protocol over

TLS/SSL)

25

SMTP

123NTP (Network time

protocol) 220

IMAP3

42WINS 139NetBIOS 3268 AD Global Catalog

53DNS 161SNMP 3269AD Global Catalog over SSL

67 Bootp 180RIS500 Internet Key Exchange, IKE (IPSec)

(UDP 500)

68DHCP389LDAP (Lightweight Directory Access Protocol)

80HTTP 443

HTTPS (HTTP overSSL/TLS)

88Kerberos 520RIP

79FINGER101HOSTNAME



2

Desktop Interview Questions:-

Hardware:-

Operating system:-

Os is a software program that enables the computer hardware to communicate and operatewith the computer software. Without operating system computer would be useless.

Bios chip-

This is the most important chip in computer. It contains bios software that tells the

processor how to interact with rest of hardware in computer.

(Bios Manufacturer- AMI, PHONIX, AWARD)

CMOS:-

Complementary metal oxide semiconductor. It is type of memory chip it is parameter

memory for the bios. When pc turn off it saves some setting like, date, time, hard drive

configuration for this setting the memory must have power constant. CMOS battery

powered to CMOS chip.

Microprocessor:-

Microprocessor is a program control device.

Microprocessor speed depends on data bus width.

Difference between primary storage and secondary storage device:-

Primary storage devise storage capacity is limited, it has volatile memory eg. ROM

Secondary storage devise storage capacity is larger; it has non volatile memory eg. Floppy,

harddisk.

Difference between SDR and DDR Ram:-

SDR- stands for single data rate

SDR has 168 pins and 2 notches.

SDR comes in pc66, pc100, pc133 (Mhz)

SDR maximum frequency is 133 MHz.

SDR has low speed for data transfer.

SDR has no refreshing.

DDR-stands for Double Data Rate.DDR has 184 pins and 1 notch.

DDR comes in pc166, pc200, pc266, pc333, pc400 (Mhz)

DDR minimum frequency is 266 Mhz.

DDR has high speed data transfer.

DDR has refreshed periodically.



3

Difference between FAT and NTFS:-

FAT:-

Fat must kept when multi booting OS like NT, 95,98, DOS

Fat has no security.

Maximum size of partition is up to 2TB.

Maximum file size up to 4GB.Security at NTFS permission not support.

NTFS:-

High level security (Files and Folders)

Support file compression, encryption, and disk quota.

Support XP, Windows 2000, and windows 2003.

Maximum size of partition 2 terabyte and more.

Maximum file size up to 16 terabyte.

Disk Quota:-A disk quota is a limit set by a system administrator that restricts certain aspects of file

system usage on modern operating systems. The function of using disk quotas is to allocate

limited disk space in a reasonable way.

Alternatively referred to as a quota, disk quota management are permissions given by

administrators that set limits on the user, workgroups, or other groups of storage space. By

setting a quota, this helps prevents a server or share from becoming full of data, but allows

users to still be able to save files on a server or share.

Power supply:-

Voltage of power supply- +3.3VDC, +5VDC, -5VDC (ground), +12VDC, -12VDC (ground)

Stand by voltage - +3.3VDC, +5VDC

Hard disk- +5VDC

Floppy Drive- +3.3VDC

Mother Board- +12VDC.

Types of power supply:-

AT and ATX.

AT- this power supply connects to mother board through pair of 6 wires.

ATX- this power supply connect through a single 20 pin connector.

What is virtual memory?

Virtual memory is a hardware technique where system appears to have more memory that

is actual does.

System partition:-

It is a partition that needs to boot any operating system, system partition allows C: where

MBR (maser boot record).



4

Network :-

What is network?

Network is the chain of the computers in which u can share data centre server, mail server,

print server, web server with appropriate assign rights.

What is LAN?

Local Area Network, if your network setup in one room, one floor, one building then u can

say it’s a local area network. In such types of network all computer connect through a cable.

MAN?

Metropolin Area Network, MAN is bigger than LAN in size, within MAN all city cover

through networking. Approximately 10 to 100 kms cover through MAN. Fiber optic cable is

used in MAN.

WAN?

Wide Area Network, if your computer are very long distance like two cities, states, nations

in such cases all computers connect to satellite this type of network called as WAN.

Internet:-

Internet is also one of the types of network. Different different cities, states, nations all

networks are connected under one network are called as internet. In simple words u can

say internet is network of networks.

Router:-

Router is a devise which routes or sends packets in two or more than two different

networks.

HUB:-

HUB is a devise which access data from one port and broadcast it to all over ports.

Switch:-

Switch is a devise which accepts data from one port and send such packet on perfect

specified port with the help of MAC address.

Bridge:-Use to divide the network segment bridge keep traffic on one side from crossing to the

other

Gateway:-

Gateway converts data and repackage it to meet the requirement of the destination address.



5

OSI Model:-

Open system interconnect- OSI is a reference model which is used for software developers

to understand that how data pass from one computer to another.

Layers of OSI model:-

Application layer-user creates his particular application.Presentation layer- when user saves such file that file compressed and encrypted at source

side and vice versa.

Session layer-once user send a data to a destination computer, session layer takes place it

is responsible for end to end communication.

Transport layer-necessary to send data to the help of protocol over network.

TCP/IP and UDP- these protocols used in transport layer.

Network layer-it is responsible for send packets for perfect destination network with the

help of router. Router is no. 3 device.

Data link layer-send packet, perfect, particular destination machine with the help of mac

address. Switch Is no. 2 devise.Physical layer- responsible for sending data at appropriate destination

Hub is no. 1 devise.

Network topology:-

Topology is a way of laying out the network. Topology is either physical or logical.

Physical topology describes how the cables are run.

Logical topology describes how the network message travels.

There are 4 types of topology- BUS, STAR, RING, MESH.

Bus- bus is the simplest physical topology, it consists of a single cable that runs to every

work station, each computer shares the same data and address path. Easy to install and low

cost.

Star- there is one central devise called as HUB. Making it very easy to add new workstation.

If anyone workstation down not affect the entire network. Easy to install.

Ring- each computer connects two other computers joining them in a circle creating a

unidirectional path. When message move from workstation to workstation it is difficult to

add new computer.

Mesh-Simplest topology it terms data flow. In physical topology each device is connect toother device. It is very expensive to install and maintain.

Protocol:-

Protocol is the standard set of rules used to communicate.

IP Address-

It is primarily responsible for addressing and routing packets between hosts.



6

Class of IP Address:-

Class A 1 to 126 255.0.0.0

Class B 128 to 191 255.255.0.0

Class C 192 to 223 255.255.255.0

Class D 224 to 247 used for multicastingClass E 248 to 255 used for experimental purpose.

127.0.0.1 – loop back address.

169.254.0.1 To 169.254.255.254- APPIPA address ( Automatic private IP address )

Difference between IPv4 & IPv6:-

IPv4 IPv6

Source and destination addresses are 32 bits(4 bytes) in length.

Source and destination addresses are 128 bits (16bytes) in length. For more information, see “IPv6Addressing.”

IPsec support is optional. IPsec support is required. For more information, see“IPv6 Header.”

No identification of packet flow for QoShandling by routers is present within the

IPv4 header.

Packet flow identification for QoS handling byrouters is included in the IPv6 header using the Flow

Label field. For more information, see “IPv6 Header.”

Fragmentation is done by both routers andthe sending host.

Fragmentation is not done by routers, only by thesending host. For more information, see “IPv6Header.”

Header includes a checksum. Header does not include a checksum. For moreinformation, see “IPv6 Header.”

Header includes options. All optional data is moved to IPv6 extension headers.For more information, see “IPv6 Header.”

Address Resolution Protocol (ARP) usesbroadcast ARP Request frames to resolve anIPv4 address to a link layer address.

ARP Request frames are replaced with multicast Neighbor Solicitation messages. For moreinformation, see “Neighbor Discovery.”

Internet Group Management Protocol (IGMP)is used to manage local subnet groupmembership.

IGMP is replaced with Multicast Listener Discovery(MLD) messages. For more information, see“Multicast Listener Discovery.”



7

ICMP Router Discovery is used to determinethe IPv4 address of the best default gatewayand is optional.

ICMP Router Discovery is replaced with ICMPv6Router Solicitation and Router Advertisement messages and is required. For more information, see“Neighbor Discovery.”

Broadcast addresses are used to send trafficto all nodes on a subnet.

There are no IPv6 broadcast addresses. Instead, alink-local scope all-nodes multicast address is used.For more information, see “Multicast IPv6Addresses.”

Must be configured either manually orthrough DHCP.

Does not require manual configuration or DHCP. Formore information, see “Address Autoconfiguration.”

Uses host address (A) resource records in theDomain Name System (DNS) to map host

names to IPv4 addresses.

Uses host address (AAAA) resource records in theDomain Name System (DNS) to map host names to

IPv6 addresses. For more information, see “IPv6 andDNS.”

Uses pointer (PTR) resource records in theIN-ADDR.ARPA DNS domain to map IPv4addresses to host names.

Uses pointer (PTR) resource records in the IP6.ARPADNS domain to map IPv6 addresses to host names.For more information, see “IPv6 and DNS.”

Must support a 576-byte packet size(possibly fragmented).

Must support a 1280-byte packet size (without fragmentation). For more information, see “IPv6MTU.”

Public IP Address:-

Every IP address on the public internet is unique. Your ISP (Internet service provider)

assign one public IP address for each of your computer i.e. directly connect to the ISP.

Private IP Address:-

Used for host that requires IP connectivity but that don’t need to see on public network.

Private IP address is free for every user. Using one public IP we can access thousands of

private IP addresses in that LAN.

Range for Private IP addresses:-

10.0.0.0 to 10.255.255.255 - 16,777,215

172.16.0.0 to 172.31.255.255 – 1,048,576

192.168.0.0 to 192.168.255.255 – 65,535

Subnet Mask:-

The use of subnet mask actually tells you the number of host/terminals that could be use on

the same network.



8

Default Gateway:-

Default Gateway is the IP address given to a router which is used to communicate over the

networks.

MAC Address (Physical Address)

MAC address is unique value associated with a network adapter it is 12 digits.

TCP- (Transmission control protocol)

Connection oriented protocol, reliable communication, guaranteed to delivery of packets,

gives the acknowledgement data was received, secure data send.

UDP-(User Datagram Protocol)

Connectionless communication, unreliable, unsecured but faster than TCP.

ARP-(Address Resolution Protocol)

Address finds physical computer for which IP packets are destinated. ARP entries aredynamic.

ICMP-(Internet control manage protocol)

ICMP used for ping command, it is network layer protocol.

SMTP-(Simple mail transfer protocol)

SMTP used for sending mails and it is used for public folder.

SNMP-(Simple network management protocol)

Used for sending messages.

FTP-(File transfer protocol)

FTP is member of TCP/IP site protocol, used to copy files between two computers on the

internet.

Point to Point protocol

It is commonly used to establish a direct connection between two nodes, it is occasionally

used over broadband connection.

Kerberos protocol

It is used for an authentication. Kerberos keep one copy of authentication list to itself andone copy remained to a server.

HTTP-(Hyper text transfer protocol)

How will request send by HTTP browser from workstation to any website?

First of all your browser request will cross to your network and goes to related URL DNS

and then it resolved your web address name with related IP. In this whole process all

protocols are working simultaneously like (HTTP, ARP etc.)



9

Routing Protocol-

IGRP-Interior gateway routing protocol.

RIP- Routing Information protocol.

Difference between Workgroup and Domain?

Workgroup:-Workgroup is the Peer to Peer network; there is no any centralized management and

security. Each and every user can access any resource and data with the help of assigned

rights. No administrator task. Computers must be on the same network.

Domain:-

In domain there you find centralized management with full security. All tasks perform

under administrator. Relation between server and client. Computer can be on different local

network.

Minimum Hardware Requirements for OS-Windows XP- Processor 230 Mhz. to 300 Mhz.

Memory 64 MB to 128 MB

Disc Space Minimum 2GB, maximum any.

Standard Server- Processor 233 Mhz. to 550 Mhz.


Disc Space minimum 2 GB

Maximum support up to 4 processor.

Enterprise server- Processor 233 Mhz. to 733 Mhz.




Data Centre server- Processor 400 Mhz. to 733 Mhz.

Memory 512 MB to 1 GB (Max. 64 GB)


Minimum requirement 8 processor.


Difference between Basic disk and Dynamic disk:-Basic Disk- basic disk provide backward compatibility with older windows OS. Basic disk

contains for volume such as primary partition, extended and logical drives.

Dynamic Disk- dynamic storage is support XP Pro, windows 2000, windows 2003. A

dynamic disk contains dynamic volume such as simple volume, spanned, stripped, mirrored

and RAID 5 volumes.

Basic disk to dynamic disk convert easily and vice versa.



10

Disk management:-

Simple Volume- converts basic to dynamic.

Spanned volume- extends drive only show first HDD.

Striped- 50% data saves in second HDD raid 0.

Mirrored – Raid 1 data is mirrored in other disk.

Raid 5- parity bit is set in all HDD.

Features of XP:-

Automatic update, compression of folders, desktop cleanup wizard, fax support, remote

desktop, welcome screen, help and support centre.

Difference between NT and 2003 domain:-

NT domain- domain controller known as PDC (Primary domain controller). PDC database

read and write, for the backup purpose multiple BDC (Backup domain controller). BDC

database read only.

2003 Domain:-

No PDC and BDC concept. There is multi master domain controller who have read and write

database.

Advantages of 2003:-

Domain rename, domain controller rename, multiuser property select, admin account

deletetion, default APIPA, shadow copy, IIS version 6, security purpose, password

complexity.

Difference between 98 and XP:-

In XP high resolution, support NTFS file system, secure OS, plug and play facility for USB,

Fax support, inbuilt graphics drivers, faster than 98, XP can support 2 processors, new

version of Internet explorer.

Difference between PATA and SATA:-

PATA- Parallel advance technology attachment, this will used IDE interface of 40 pins,

transfers data parallel, low speed transmission.

SATA- Serial advanced technology attachment, this will have 7 pin interface, transfers data

serially, high speed transmission.

DNS- (Domain Name System):-

DNS used for the name resolution its mainly used to resolve from name to IP address and IP

address to name, mainly used in internet. DNS divide in form of hierarchical.

Two categories Zone-

1. Forward lookup zone- Resolved query name to IP address2. Reverse lookup zone- Resolved query IP address to name.



11

DNS zone types:-

Standard primary zone- Load master copy of zone, zone information written in text file.

Secondary zone- backup zone for the primary zone

Active directory integrated zone-information stored in active directory

Stub zone- copy of SOA (Sod of Authority) records, copy of NS record, copy of A records forthat zone with stub zone DNS traffic will be low.

DNS Record Types:-

Host (A) Record- A record used to map a DNS domain name to a host, host record

information.

Allias – Record duplicate name, for eg. www.yahoo.com

NS Record- name server records for domain.

Mail Exchanger (MX)- this record used to email application to locate a mail server.

Pointer (PTR)- this record used in reverse lookup zone.

SOA (Start of Authority) – SOA resource record is the first resource record create when

adding a new zone.

How DNS Solve Query:-

DHCP (Dynamic Host Configuration Protocol):-

DHCP provide IP address dynamically to client machine, when client machine not found

DHCP server then it get APIPA (automatic private IP address) .



12

Advantages of DHCP:-

1. DHCP capability it build with windows server 2003 so it don’t cost extra

2. Once we entered IP address configuration in one place on DHCP server it automatically

assigned to DHCP client.

3. Configuration problem automatically minimum.

DHCP Lease process:-

A DHCP lease is the amount of time that the DHCP server grants to the DHCP client

permission to use a particular IP address.

Describe Lease process of DHCP (DORA Process):-

Discover- DHCP client sends broadcast packet to identify DHCP server.

Offer-once packet received by DHCP server, the server will send the packet containing

source IP and source MAC.

Request- client will now connect DHCP server directly and request for IP address.

Acknowledgement- DHCP server will send and acknowledgement packet which contain the

IP address.

Default lease period is 8 days.

Difference between Scope and Super Scope:-

Scope in DHCP where you can specify range of IP address which will lease to DHCP client

Super Scope is the combination of multiple scope.

What is DHCP relay agent?

If you have two or more subnet you need to configure more DHCP server, in each subnet

instead of place DHCP server, we can configure DHCP relay agent whenever you want.

IIS (Internet Information Service):-

It is a software service that support website creation, configuration and management.

IIS include FTP, SMTP and NNTP.

WINS (Windows Internet Naming System):-

Wins maps net bios name to IP address.

Every host entry in LM host file.

RAS (Remote Access Service)-

RAS means Remote Access Server, we can access server remotely through VPN from

anywhere but for this high speed internet is necessary. In RAS maximum two users



13

remotely accessed. If you want to access more users then we have to make license. In RAS

Point to Point protocol is used

VPN (Virtual Private Network):-

The extension of a private network that encrypted, authenticated, linked across public

network, VPN connection can provide remote access and routed connection to private

network over the internet.

PPTP- Point to Point Tunnel Protocol

L2TP- Layer to Tunnel Protocol

These protocol are used in VPN.

IP Sec (Internet Protocol Security Systems):-

IP sec is nothing but one of the service which provide security to your packets, internet

communication by using L2TP.

IP sec provide packet like encryption, integrity, authentication level.



14

PKI Public Key Infrastructure:-

You can create certificate on your ADS.

ICS (Internet Connection Sharing):-

It is designed for a small network, in ICS your all machines must be in fixed IP range. In ICS

you required two network cards. For ICS DNS and DHCP is also required.

NAT (Network Address Translation):-

Nating designed for biggest network. An IP translation process that allow a network with

private IP address to access information on the internet. Share internet connection.



15

Active Directory:-

Active directory is a central database which controls the network. It is windows based

director service. Active directory stores information about objects on the network and make

this information available to users and network administrator. Active directory gives

network users access to permitted resources anywhere on the network using single logon

process. Active directory is a single point of administration for all network objects.

Objects of Active Directory:-

Resources (Printers), Services(Email), User(User account and groups), object is uniquely

identified by its names

Attributes- Describes the objects in Active Directory

Example- All user object share attributes to share a user name, full name and description.

System is also object but they have separate attributes.

Schema-

The set of attributes available for any particular object type is called as schema. Schema

information stored in active directory.

Contents-

Contents are used to organize the Active Directory.



16

Tree-

Tree is used to describe a set of object within active directory.

Forest-

Forest describe tree that are not part of same name space, but that share a common schema,

configuration global catalogue. Tree in forest all trust each other. Organization that aredivided into multiple domain should group the trees into a single forest.

Site-

Site is a geographical location site corresponds to logical IP subnet, they can locate closest

server in the network. Site can reduce the traffic on wide area network.

Global Catalogue Server-

Global catalogue server maintains full information about its own domain and partial

information about other domain.

How will take backup of Active Directory?

Takes system state Data Backup. Contains system state data backup are boot file, system

file, active directory, sysvol folder, certificate and registry.

FSMO Roles-

Flexible single master operations:-

1. Schema master- it maintain a structure of active directory in forest.

2. Domain naming master- controls the addition and removal domain of the forest.

3. PDC emulator- provides backward compatibility.

4. RID Master- it assign RID and SID to a newly created object.

5. Infrastructure master-synchronize cross domain group membership changes.

Why we can use exchange server?

Exchange server is a mail server; we can use this server to send mail in intranet as well as

outside.

New Features of Exchange 2003-

RPC over HTTPS

Volume shadow copy for backup

Super upgrade tool like ex deploy

Improved security

What are the requirements for installation of exchange server-

IIS, SMTP, WWW service, NNTP, Dot net framework, ASP .NET.



17

Active Directory Interview Questions:-

1. What is Active Directory?

Active Directory is a directory service used for Organizing, Managing and controlling theresources available on the network. It is used for saving information of all the resources

available on the window 2000/2003 networks. AD objects includes Users, Groups,

Computers, Printers etc. server, domains and sites are also consider as AD object.

2. Functions of Active Directory?

Centralizes control of network resources-

By centralizing control of resources such as servers, shared files and printers, only

authorized users can access resources in Active Directory.

Centralizes and Decentralizes resource management-

Administrators have centralized administration with ability to delegateadministration of subsets of the n/w to a limited number of individuals giving them

greater granularity in resource management.

Stores object securely in logical structure-

Active directory stores all the resources as objects in a secure, hierarchical logical

structure.

Optimizes network traffic –

The physical structure of active directory enables you to use network bandwidth

more efficiently e.g. it ensures that when user logon to the network, the

authentication authority that is nearest to the user, authenticate them reducing the

amount of network traffic.

3. What is the requirement of Installing Active Directory?

A computer running windows server 2003.

Minimum disk space of 250 MB and partition formatted with NTFS.

Administrative privileges for creating domain.

TCP/IP installed and configured to use DNS.

An authorative DNS server that supports SRV resource records.

4. How to install Active Directory?

Start Run dcpromo

5. How will you verify whether the AD installation is proper of not?

Verify SRV records

After AD is installed, the Domain controller will register SRV records in DNS, when it

restarts we can check this using DNS MMC or nslookup command.

If the SRV records are registered, the following folders will be there in the domain folder in

forward lookup zone.

msdes, site, tcp, adp



18

using nslookup

nslookup

is –t srv domain

if the SRV records are properly created , they will be listed.

Verify SYSVOL folder –

If SYSVOL folder is not properly created, data stores in SYSVOL such as scripts, GPO etc. willnot replicated between domain controllers.

First verify the following folder structure is created in SYSVOL

Domain, staging, staging areas, SYSVOL.

The verify necessary shares are created

Net share.

It should show two shares as netlogon and SYSVOL

Verifying database and log files-

Make sure that the following files are there at %systemroot%\ntds.

Ntds.dit, EDB.*, Res*.log.

6. Active directory post installation checkups?

Dsa.msc

Dnsmgmt.msc

Domain.msc

Dssite.msc

7. What is the location of Active directory database?

The AD database is stored in NTDS.DIT file.

C:\windows\NTDS\ntds.dit.

8. Explain about ADS database?

Active Directory includes 4 files.

NTDS.dit, EDB.log, EDB.chk, REG1.log and REG2.log

NTDS.dit – this the AD database and stores all AD Objects.

Ntds.dit consists of following tables.

Schema Table – the types of objects that can be created in active directory relationships

between them, and the attributes on each type of objects. This table is much smaller than

data table.

Link Table- consists linked attributes, which consist values referring to other objects inActive Directory, take the member of attribute on a user object. This is also smaller than

data table.

Data Table- users, groups, applications specific data and any other data stored in active

directory. Active directory has 3 types of data.

1. Schema information- definitional details about objects and attributes that one can store

in active directory. Replicates to all domain controller.



19

2. Configuration information- configuration data about forest and tree. Replicates to all

domain controllers.

3. Domain information- objects information for the domain. Replicates to all domain

controllers within a domain. The object partition becomes part of global catalogue.

EDB.log – this is the transaction log file (10MB). When edb.log is full it is renamedto edbnnnn.log, where nnnn is the increasing number starting from 1.

EDB.chk – this is the checkpoint file used to track the data not yet written to

database file. This indicates the starting point from which data is to be recovered

from the log file incase of failure.

REG1.log and REG2.log – this is reserved transaction log file of (20MB, 10MB) each,

which provides transaction log files sufficient room to be shutdown if the other

space are being used.

9. Explain Active Directory Database garbage collection process?

Garbage collection is a process that is designed to free space within the active directory

database. This process runs independently on every domain controller with a default

lifetime interval of 12 hours.

The garbage collection process has 3 main steps-

1. Removing “tombstones” from the database. Tombstones are remains of objects that

have been previously deleted.

2. Deletion of any unnecessary log files.

3. The process launches a defragmentation thread to claim additional free space.

10. Which authentication protocols are supported by ADS?

NTLM and Kerberos.

11. What is the active directory defragmentation?

Defragmentation of active directory means separating used space and empty space created

by deleted objects and reduces directory size. (Only in offline defragmentation).

12. What difference is between online and offline defragmentation?

Online Defragmentation – will be performed by garbage collection process, which runs for

every 12 hours. By default which separate used space and white space. (White space is the

space created because of object deletion in AD. E.g. User.) And improve the efficiency of ADwhen the domain controller is up and running.

Offline Defragmentation – can be done manually by taking domain controller into

restoration mode. We can only reduce the file size of directory database where as the

efficiency will be same as in online defragmentation.



20

13. How can you forcibly remove active directory from a server?

Demote the Domain Controller by running dcpromo with the / forceremoval ( dcpromo

/forceremoval) switch.

14. Structure of Active Directory :-

Physical Structure – Domain controller, sites.Logical Structure – domain, tree, forest, organizational unit (OU).

Domain Controller- domain controller are the physical storage location for the active

directory service database.

Windows 2000 server + active directory service= domain controller.

Site- a site is defined as a group of subnets. A site is a physical component of AD that is used

to define and represent physical topology of a network

Domain – domain is defined as a security boundary within which an administrator canorganize, manage and control resources. A domain can also be defined as a unit of NT

replication.

A domain is logical grouping of network, computers in which more than one computer has

shared resources (domain are the fundamental units that make up active directory).

Tree- a tree is defined as hierarchical grouping of one or more domains which shares

contagious name space or single DNS name space. E.g. techmahindra.com is the domain and

att.techmahindra.com is the tree.

Forest – a forest is a group of one or more domain trees which share a common schema and

global catalogue.

First domain in a forest is called as forest root domain.

Organizational Unit (OU) - OU is defined as a logical container which is used for

representing the physical structure of an organization. OU is administrative level containerobject in ADS that organize users, computers, groups and other OU’s together. So that any

changes, security privileges or any other administrative tasks could be accomplished more

efficiently.

15. What is Object?

Active Directory objects are the entities that makeup a network. An object is distinct name

set of attributes that represents something concrete such as user, printer, or anyapplication.

E.g. when we create a user object active directory assigns the globally unique identifier

(GUID)

and we provide values for such attributes as the users given name, surname, the logonidentifier and so on.

16. Sites?

Site is the combination of TCP/IP, subnets connected with high speed links.Site provides replication.



21

There are two types of replication

1. Intrasite replication – it is replication within the same site. It offers full timereplication between domain controller and additional domain controller when they are

within the same site.

2. Intersite replication- it is the replication between two different sites. Intersite

replication is implemented when the site are away from each other it required site link.

Site link is the logical connection between sites, which can be created and scheduled.Site link offers communication only at scheduled interval.

17. What is the use of sites?

Sites are primarily used to control replication traffic.

More specifically sites are used to control the following –

Workstation logon traffic, replication traffic, distributed file system (DSF)

Distributed file system (DFS) – is a server component that provides unified naming

convention for folder and files stored on different server on the network.

File replication service (FRS) – a windows sever 2003 service named file replication

service is responsible for replicating files in the SYSVOL folders between domain

controllers.

18. What are the objects a site contains?

Site contains only two types of objects. The first type is the domain controllers contained in

the site. The second type of the object is the site links configured to connect the site to other

sites.

19. What is the site link?

Within a site replication happens automatically. For replication to occur between sites, you

must establish a link between the sites. There are two components to this link. The actual

physical connection between the sites (usually WAN link) and site link object. The site link object is created within AD and determines the protocol used for transferring replication

traffic (internet protocol (IP) or Simple Mail Transfer Protocol (SMTP). The site link object also governs when replication is scheduled to occur.

20. What is the Active Directory Schema?

The active directory schema is the set of definitions that defines the kinds of objects and thetype of information about those objects that can be stored in active directory. The

definitions are the selves stored as objects so that active directory can manage the schema

objects with the same object management operations used for managing the rest of the

objects in the directory.There are two types of definitions in the schema – attributes and classes.

Attributes and classes are also referred to as schema objects or metadata. Attributes aredefined separately from classes. Each attribute is defined only once and can be used in

multiple classes.E.g. the description attribute is used many classes, but is defined once in the schema,

assuring consistency.

Classes also referred to as object classes, described the possible directory object that can becreated. Each class is collection of attributes. When you create an object, the attribute store

the information that describe the object. The user classes, for e.g. is composed of many

attributes, including network address, home directory, and so on.



22

Every object in AD is an instance of an object class.

Active directory does not support deletion of schema object, however objects can bemarked as deactivated providing many of the benefits of the deletion.

The structure and contents of the schema is controlled by the domain controller that holds

the schema operation master role. A copy of the schema is replicated to all domain

controllers in the forest. The use of the common schema ensures data integrity and

consistency throughout the forest.

21. Explain AD Database?

The information stored in AD is called as AD database.The information stored in AD on every domain controller in the forest is partitioned in to 3

categories, they are as follows.

Domain partition – the domain partition contains the entire object in the directory for a

domain.Domain data in each domain is replicated to every domain controller in that domain, but on

beyond its domain.

Schema Partition- the schema partition contains all objects types and their attributes that can be created in AD. This data is common to all domain controllers in the domain tree or

forest and is replicated by AD to all domain controllers in the forest.

Configuration partition.

22. What is Global Catalogue?

Global Catalogue server maintains full information about its own domain and partial

information about other domains.

The global catalogue holds a partial replica of domain data directory partitions for alldomain in the forest.

Use of Global Catalogue-

Contains partial replica of all objects in the entire forest.

Contains universal groups

Validates user principle names (UPN)

23. Global Catalogue Contains?

The attributes that are most frequently used in queries, such as a user’s first name,

last name and login name.

The information that is necessary to determine the location of any object in the

directory. The access permissions for each object and attributes that is stored in global

catalogue, if you search for an object that you do not have appropriate permission to

view the object will not appear in the search result. Access permission ensures that

users can find only object to which they have been assigned access.

24. How to check which server is having global catalogue server?First load support tools

Run cmd ldpThen you will get a window there

Click on fileselect connect to type the required server.

They you will get some information at the bottom, you can find global catalogue. If you findTRUE global catalogue is available on that server.

FALSE no global catalogue is available on that server.



23

Note- by default global catalogue service is enabled in main domain controller. By default

global catalogue service is disabled in additional domain controller. If you want to transferglobal catalogue service from main domain controller to additional domain controller then

you can transfer it.

25. What is LDAP?

LDAP stands for Lightweight Directory Access ProtocolLDAP is an internet protocol that email and other programs use to lookup information from

a server.

An LDAP aware directory service (such as AD) indexes all the attributes of all the objectsstored in directory and publish them.

LDAP aware clients can query the server in a wide variety of ways

LDAP is based on TCP/IP model

It runs on port no. 389DAP is based on OSI Model.

26. What is SYSVOL folder?

The SYSVOL folder stores the server copy to domain public files.

The contents such as group policy, users etc. of the SYSVOL folder are replicated to all

domain controllers in the domain.

File replication service (FRS) is responsible for replicating all policies and scripts.

27. What is member server?

Member server which belongs to a domain, but does not contains a copy of active directory

data.

28. What is stand alone server?

A server that belongs to a workgroup, not a domain is called as standalone server.

29. What is Desktop?The desktop which is a screen you see after you logon to windows all OS. It is most

important feature on your computer.

30. What is Client?

A client is any device such as personal computer, printer or any other server which request

services or resources from a server.

31. What is Server?

A server is a computer that provides network resources and services to workstation and

other clients.

32. What is domain controller?The first computer in the entire forest, on which you have installed active directory.

33. What is additional domain controller?

It maintains a backup copy of Active Directory which will be read only format. This is used

for load balancing and fault tolerance.

34. How to know whether a server is domain controller or not?

By My Computer properties



24

On network identification tab, the properties button will be disabled.

By typing dcpromoIf it is already a Domain controller, you will get un installation wizard for Active

directory.

You see ntds folder in regedit.

35. Explain replication in Active Directory?Windows server 2003 uses replication model call multimaster replication, in which all

replicas in Active directory database are considered equal masters. You can make changes

to the database on any domain controller and changes will be replicated to other domaincontrollers in the domain.

Domain controller in the same site replicate on the basis of notification. When changes are

made in the domain controller it notifies its replication partners (the other domain

controller in the site) the partner then request changes and replication occurs. Because of the high speed, low cost connection assumed within a site replication occurs as needed

rather than according to a schedule.

You can create additional sites when you need to control how replication traffic occurs overa slow WAN link.

36. Is it possible to rename domain name and how?

In Windows 2000 it is not possible, in windows 2003 it is possible. On domain controller bygoing to my computer properties we can change.

37. When should you create a Forest?

The organization that operates on radically different bases may require separate tree withdistinct namespace. Unique brand names often give rise to separate DNS identities.

Organization form partnership and joint ventures. While access the common resources is

described separately defined tree can enforce more direct administrative and security

restrictions.

38. How can you authenticate between forests?

There are four types of authentication1. Kerberos and NTLM network logon for remote access to server in another forest.

2. Kerberos and NTLM interactive logon for physical logon outside the user’s home forest.

3. Kerberos delegation to entire application in another forest.

4. User principal name (UPN) credential.

39. How to publish printer in active directory?

1. Logon to computer as an Administrator.

2. Click start, point to settings and then click printer.3. In printer folder right click the printer that you want to publish in active directory and

then click properties.4. Click the sharing tab, click share as and the type a share name.

5. Click to select the list in directory check box and then click ok 6. And then close printer folder.

40. What is FSMO role and explain?

Flexible Single Master Operation Role



25

Forest Level Role – Domain naming master

Schema master.

Domain Level Role- PDC Emulator

RID Master

Infrastructure Master.

Domain Naming Master- domain naming master is responsible for maintaining

relationship between the domains. Without this role it is not possible to add or remove any

domain.

Schema Master- schema contains, set of classes and attributes. E.g. users, computers and

printers are the object in active directory which are having their own set of attributes.Schema master is responsible for maintaining schema; changes to the schema will affect

entire forest.

PDC Emulator- server which is performing this role acts as a PDC in mix mode tosynchronize directory information between windows 2000 Domain controller to windows

NT. Backup domain controllers (BDC). Server which is performing this role will containlatest password information. This role is also responsible for time synchronization in theforest.

RID Master- server which is performing this role for processing RID pool request from all

domain controllers within a given domain. It is also responsible for removing an object fromits domain and putting it in another domain during an object move.

Infrastructure Master-it is responsible for managing group membership information inthe domain. This role is responsible for updating DN when name and location of object is

modified.

Operations Master Roles

The five operations master roles are assigned automatically when the first domain controller in a

given domain is created. Two forest-level roles are assigned to the first domain controller created in

a forest and three domain-level roles are assigned to the first domain controller created in a

domain.

Forestwide Operations Master Roles

The schema master and domain naming master are forestwide roles, meaning that there is only one

schema master and one domain naming master in the entire forest.

Schema Master

The schema master is responsible for performing updates to the AD DS schema. The schema masteris the only domain controller that can perform write operations to the directory schema. Those

schema updates are replicated from the schema master to all other domain controllers in the forest.

Having only one schema master for each forest prevents any conflicts that would result if two or

more domain controllers attempt to concurrently update the schema.

Domain Naming Master



26

The domain naming master manages the addition and removal of all domains and directory

partitions, regardless of domain, in the forest hierarchy. The domain controller that has the domain

naming master role must be available in order to perform the following actions:

Add new domains or application directory partitions to the forest.

Remove existing domains or application directory partitions from the forest.

Add replicas of existing application directory partitions to additional domain controllers.

Add or remove cross-reference objects to or from external directories.

Prepare the forest for a domain rename operation.

Domainwide Operations Master Roles

The other operations master roles are domainwide roles, meaning that each domain in a forest hasits own RID master, PDC emulator, and infrastructure master.

RID Master

The relative identifier (RID) operations master allocates blocks of RIDs to each domain controller in

the domain. Whenever a domain controller creates a new security principal, such as a user, group,

or computer object, it assigns the object a unique security identifier (SID). This SID consists of a

domain SID, which is the same for all security principals created in the domain, and a RID, which

uniquely identifies each security principal created in the domain.

PDC Emulator

The PDC emulator operations master acts as a Windows NT PDC in domains that contain client computers operating without AD DS client software or Windows NT backup domain controllers

(BDC). In addition, the PDC emulator processes password changes from clients and replicates the

updates to the Windows NT BDCs. Even after all Windows NT domain controllers are upgraded to

AD DS, the PDC emulator receives preferential replication of password changes performed by other

domain controllers in the domain.

If a logon authentication fails at another domain controller due to a bad password, that domain

controller forwards the authentication request to the PDC emulator before rejecting the logon

attempt.

Infrastructure MasterThe infrastructure operations master is responsible for updating object references in its domain

that point to the object in another domain. The infrastructure master updates object references

locally and uses replication to bring all other replicas of the domain up to date. The object reference

contains the object’s globally unique identifier (GUID), distinguished name and possibly a SID. The

distinguished name and SID on the object reference are periodically updated to reflect changes

made to the actual object. These changes include moves within and between domains as well as the



27

deletion of the object. If the infrastructure master is unavailable, updates to object references are

delayed until it comes back online.

41. Explain Infrastructure of FSMO Role?

When an object in one domain is referenced by another object in another domain, it

represent the reference by the GUID, the SID (for reference to security principals), and the

DN of the object being referenced. The infrastructure FSMO role holder is the DomainController responsible for updating an objects SID and distinguished name in a cross

domain object reference.

Note: - The infrastructure master role should be held by domain controller that is not a

Global Catalogue Server (GC).

42. How will you replace FSMO Role?

Place the RID and PDC emulator role on the same domain controller. Good communication

from the PDC to RID master is desirable a down level clients and application target the PDC,making it a long consumer of RID’s.

As a general rule, the infrastructure master should be located on non global catalogue

server that has direct connection object to some global catalogue in the forest, preferably inthe same Active Directory site.

At the forest level the schema master and domain naming master roles should be placed on

the same domain controller as they are rarely used and should be tightly controlled.

Additionally, the domain naming master FSMO should also be a global catalogue server.

43. How to manually configure FSMO role to separate Domain Controller?

We can configure it manually by two ways-

Through MMC-We can configure domain naming master role through active directory domains and trusts.

We can configure schema master role through Active Directory schema.

Other three roles we can configure by Active Directory users and computers.

Through command prompt-By using command NTDSUTIL type ROLES type CONNECTIONS CONNECT TO

SERVER SERVER NAME , where server name is the name of the domain controller that you

want to assign role- then type Transfer role, where role is the role which you want totransfer. For list of roles you can transfer type ? at the FSMO Maintenance prompt, and

then press enter or see the list of roles at the start of this article.

44. Where are the FSMO Roles found? The first domain controller that is installed in windows 2000 domain, by default holds all

five of the FSMO server role. Then as more domain controllers are added to the domain, the

FSMO roles can be moved to other domain controller.

45. Can you move FSMO Roles?Yes, moving a FSMO server role is a manual process, it does not happen automatically. But

what if you only have one domain controller in your domain? That is fine, if you have only

one domain controller in your organization then you have one forest, one domain and of course the one domain controller. All 5 FSMO server roles will exist on that domain

controller. There is no rule that says you have to have one server for each FSMO server role.

46. FSMO Tools AD --> DNS --> FSMO. Copy ----Paste



28

47. What will happen if Domain Naming Master fails?

Domain Naming Master must be available when adding or removing a domain from theforest (i.e. running DCPROMO). If it is not, then the domain cannot be added or removed. It

is also needed when promoting or demoting a server to/from a Domain Controller. Like the

Schema Master, this functionality is only used on occasion and is not critical unless you are

modifying your domain or forest structure.

48. What will happen if RID Master fails?

RID Master provides RIDs for security principles (users, groups, computer accounts). The

failure of this FSMO server would have little impact unless you are adding a very largenumber of users or groups.

Each DC in the domain has a pool of RIDs already, and a problem would occur only if the DC

you adding the users/groups on ran out of RIDs.

49. What will happen if PDC Emulator fails?

The server holding the PDC emulator role will cause the most problems if it is unavailable.

This would be most noticeable in a mixed mode domain where you are still running NT 4BDCs and if you are using down-level clients (NT and Win9x). Since the PDC emulator acts

as a NT 4 PDC, then any actions that depend on the PDC would be affected (User Manager

for Domains, Server Manager, changing passwords, browsing and BDC replication).

In a native mode domain the failure of the PDC emulator isn't as critical because otherdomain controllers can assume most of the responsibilities of the PDC emulator.

50. What will happen if Infrastructure Master fails?

This FSMO server is only relevant in a multi-domain environment. If you only have onedomain, then the Infrastructure Master is irrelevant. Failure of this server in a multi-domain

environment would be a problem if you are trying to add objects from one domain to

another.

51. What are the different types of profile?Local profile

Roaming profile

Mandatory profile

Local profile: It is a profile loaded for the user and saved in the local hard drivewhere the user works.And profile will be saved when a user logs off.

Local profiles are limited only to the machine where they are saved.

A user with a local profile will not be loaded with a network profile when he logs

on from another machine.

Roaming Profile: It is a profile, which is saved in the shared folder on the server.

Hence available in the entire network.

Roaming profile is a n/w profile which is available in the entire network. As aresult when a user logs in from any machine in the n/e he will be loaded with a

roaming.

Mandatory Profile: Mandatory Profile is a profile used for controlling desktop

Environment setting especially used for restricting user from saving user data,

Setting and configuration on the desktop.It is a type of roaming profile but settings are not saved when a user logs off.

Changes will be available only for the session where user is active. (Active



29

Session)

52. What types of naming convention active directory uses?

Active Directory supports several types of names for the different formats that can

access Active Directory.

These names include:

Relative Distinguished Names

The relative distinguished name (RDN) of an object identifies an object uniquely, but

only within its parent container. Thus the name uniquely identifies the object relative to the other objects within the same container. In the example

CN=wjglenn,CN=Users,DC=contoso,DC=com,

the relative distinguished name of the object is CN=wjglenn. The relativedistinguished name of the parent organizational unit is Users. For most objects, the

relative distinguished name of an object is the same as that object’s Common Nameattribute. Active Directory creates the relative distinguished name automatically,

based on information provided when the object is created. Active Directory does not

allow two objects with the same relative distinguished name to exist in the same

parent container.

The notations used in the relative distinguished name (and in the distinguished

name discussed in the next section) use special notations called LDAP attribute tags

to identify each part of the name.

The three attribute tags used include:

DC The Domain Component (DC) tag identifies part of the DNS name of the

domain, suchas COM or ORG.

OU The Organizational Unit (OU) tag identifies an organizational unit

container. CN The Common Name (CN) tag identifies the common name configured for

an ActiveDirectory object.

Distinguished Names

Each object in the directory has a distinguished name (DN) that is globally unique

and identifies not only the object itself, but also where the object resides in the

overall object hierarchy. You can think of the distinguished name as the relativedistinguished name of an object concatenated with the relative distinguished names

of all parent containers that makeup the path to the object.

An example of a typical distinguished name would be:

CN=wjglenn,CN=Users,DC=contoso,DC=com.

This distinguished name would indicate that the user object wjglenn is in the Users

container, which in turn is located in the contoso.com domain. If the wjglenn object



30

is moved to another container, its DN will change to reflect its new position in the

hierarchy. Distinguished names are guaranteed to be unique in the forest, similar to

the way that a fully qualified domain name uniquely identifies an object’s placement

in a DNS hierarchy. You cannot have two objects with the same distinguished name.

User Principal NamesThe user principal name that is generated for each object is in the form username@

domain name. Users can log on with their user principal name, and an administrator

can define suffixes for user principal names if desired. User principal names should

be unique, but Active Directory does not enforce this requirement. It’s best,however, to formulate a naming Convention that avoids duplicate user principal

names.

Canonical Names

An object’s canonical name is used in much the same way as the distinguishedname— it just uses a different syntax. The same distinguished name presented in

the preceding section would have the canonical name: contoso.com/Users/wjglenn.As you can see, there are two primary differences in the syntax of distinguished

names and canonical names. The first difference is that the canonical name presents

the root of the path first and works downward toward the object name. The second

difference is that the canonical name does not use the LDAP attribute tags (e.g., CN

and DC).

53. What are different types of groups?

Security groups: Security groups are used to group domain users into a

single administrative unit. Security groups can be assigned permissions and

can also be used as email distribution lists. Users placed into a group inherit

the permissions assigned to the group for as long as they remain members of that group. Windows itself uses only security groups.

Distribution groups: These are used for no security purposes byapplications other than Windows. One of the primary uses is within an e-

mail.

As with user accounts, there are both local and domain-level groups. Local groups

are stored in a local computer’s security database and are intended to controlresource access on that computer. Domain groups are stored in Active Directory and

let you gather users and control resource access in a domain and on domain

controllers.

54. What is a group scope and what are the different types of group scopes?

Group scopes determine where in the Active Directory forest a group is accessible

and what objects can be placed into the group. Windows Server 2003 includes three

group scopes: global, domain local, and universal.



31

Global groups are used to gather users that have similar permissions

requirements. Global groups have the following characteristics:

1. Global groups can contain user and computer accounts only from the domain in

which the global group is created.

2. When the domain functional level is set to Windows 2000 native or Windows

Server 2003 (i.e., the domain contains only Windows 2000 or 2003 servers), globalgroups can also contain other global groups from the local domain.

3. Global groups can be assigned permissions or be added to local groups in any

domain in a forest.

Domain local groups exist on domain controllers and are used to control

access to resources located on domain controllers in the local domain (for

member servers and workstations, you use local groups on those systems

instead). Domain local groups share the following characteristics:

1. Domain local groups can contain users and global groups from any domain in aforest no matter what functional level is enabled.

2. When the domain functional level is set to Windows 2000 native or WindowsServer 2003, domain local groups can also contain other domain local groups and

universal groups.

Universal groups are normally used to assign permissions to related

resources in multiple domains. Universal groups share the following

characteristics:

1. Universal groups are available only when the forest functional level is set to

Windows 2000 native or Windows Server 2003.

2. Universal groups exist outside the boundaries of any particular domain and are

managed by Global Catalog servers.3. Universal groups are used to assign permissions to related resources in multiple

domains.

4. Universal groups can contain users, global groups, and other universal groupsfrom any domain in a forest.

5. You can grant permissions for a universal group to any resource in any domain.

55. How many characters does a group name contain?

64

56. What’s the difference between local, global and universal groups?

Domain local groups assign access permissions to global domain groups for local

domain resources. Global groups provide access to resources in other trusted

domains. Universal groups grant access to resources in all trusted domains.



32

57. What is trust relationship and how many types of trust relationship is there in

exchange 2003?

Since domains represent security boundaries, special mechanisms called trust

relationships allow objects in one domain (called the trusted domain) to access

resources in another domain (called the trusting domain).

Windows Server 2003 supports six types of trust relationships:

Parent and child trusts

Tree-root trusts

External trusts Shortcut trusts

Realm trusts

Forest trusts

58. What are the different types of trust relationships

Implicit Trusts ----- Establish trust relationship automatically.

Explicit Trusts ----- We have to build manually trust relationship .NT to Win2k orForest to Forest

Transitive ----- If A B C then A C

Non-Transitive ----- If A B C then A is not trusting C

One way ----- One side

Two way ----- two sides

59. Can we establish trust relationship between two forests

In Windows 2000 it is not possible. In Windows 2003 it is possible

60. What is group policy?

The Collection of policies known as group policies and its use for control on ournetwork.

61. What are Group Policies?

Group Policies are settings that can be applied to Windows computers, users or

both. In Windows 2000 there are hundreds of Group Policy settings. Group Policiesare usually used to lock down some aspect of a PC. Whether you don't want users to

run Windows Update or change their Display Settings, or you want to insure certain

applications are installed on computers - all this can be done with Group Policies.

Group Policies can be configured either locally or by Domain Polices. Local policies

can be accessed by clicking Start, Run and typing gpedit.msc. They can also beaccessed by opening the Microsoft Management Console (Start, Run type mmc), and

adding the Group Policy snap-in. You must be an Administrator to configure/modify

Group Policies. Windows 2000 Group Policies can only be used on Windows 2000

computers or Windows XP computers. They cannot be used on Win9x or WinNT

computers.



33

62. Domain policy gets applied to whom?

Domain Policies are applied to computers and users who are members of a Domain,

and these policies are configured on Domain Controllers. You can access Domain

Group Polices by opening Active Directory Sites and Services (these policies apply to

the Site level only) or Active Directory Users and Computers (these policies apply to

the Domain and/or Organizational Units).

63. From Where to create a Group Policy?

To create a Domain Group Policy Object open Active Directory Sites and Services

and right click Default-First-Site-Name or another Site name, choose properties,then the Group Policy tab, then click the New button. Give the the GPO a name, then

click the Edit button to configure the policies.

For Active Directory Users and Computers, it the same process except you right click

the Domain or an OU and choose properties.

64. Who can Create/Modify Group Policies?

You have to have Administrative privileges to create/modify group policies. Thefollowing table shows who can create/modify group policies:

Policy Type Allowable Groups/Users

Site Level Group Policies: - Enterprise Administrators and/or Domain

Administrators in the root domain. The root domain is the first domain created in a

tree or forest. The Enterprise Administrators group is found only in the root

domain.

Domain Level Group Policies:-Enterprise Administrators, Domain Administrators

or members of the built-in group - Group Policy Creator Owners. By default only the

Administrator user account is a member of this group.

OU Level Group Policies: - Enterprise Administrators, Domain Administrators or

members of the Group Policy Creator Owners. By default only the Administratoruser account is a member of this group.

Additionally, at the OU level, users can be delegated control for the OU GroupPolicies by starting the Delegate Control Wizard (right click the OU and choose

Delegate Control).However, the wizard only allows the delegated user to Link

already created group policies to the OU. If you want to give the OU administratorscontrol over creating/modifying group policies, add them to the Group Policy

Creator Owners group for the domain.

Local Group Policies:-The local Administrator user account or members of thelocal Administrators group.

65. How are Group Policies Applied?

Group Polices can be configured locally, at the Site level, the Domain level or at the

Organizational Unit (OU) level. Group Policies are applied in a Specific Order, LSDO –

Local policies first, then Site based policies, then Domain level policies, then OU



34

polices, then nested OU polices (OUs within OUs). Group polices cannot be linked to

a specific user or group, only container objects.

In order to apply Group Polices to specific users or computers, you add users (or

groups) and computers to container objects. Anything in the container object will

then get the policies linked to that container. Sites, Domains and OUs are considered

container objects.Computer and User Active Directory objects do not have to put in the same

container object. For example, Sally the user is an object in Active Directory. Sally's

Windows 2000 Pro PC is also an object in Active Directory. Sally the user object can

be in one OU, while her computer object can be another OU. It all depends on howyou organize your Active Directory structure and what Group Policies you want

applied to what objects.

User and Computer Policies

There are two nodes in each Group Policy Object that is created. A Computer nodeand a User Node. They are called Computer Configuration and User Configuration

(see image above). The polices configured in the Computer node apply to thecomputer as a whole. Whoever logs onto that computer will see those policies.

Note: Computer policies are also referred to as machine policies.User policies are user specific. They only apply to the user that is logged on. When

creating Domain Group Polices you can disable either the Computer node or User



35

node of the Group Policy Object you are creating. By disabling a node that no

policies are defined for, you are decreasing the time it takes to apply the polices.

To disable the node polices: After creating a Group Policy Object, click that Group

Policy Object on the Group Policy tab, then click the Properties button. You will see

two check boxes at the bottom of the General tab.

It's important to understand that when Group Policies are being applied, all the

policies for a node are evaluated first, and then applied. They are not applied one

after the other. For example, say Sally the user is a member of the Development OU,and the Security OU. When Sally logs onto her PC the policies set in the User node of

the both the Development OU and the Security OU Group Policy Objects are

evaluated, as a whole, and then applied to Sally the user. They are not applied

Development OU first, and then Security OU (or visa- versa). The same goes for

Computer policies. When a computer boots up, all the Computer node polices forthat computer are evaluated, then applied.

When computers boot up, the Computer policies are applied. When users login, the

User policies are applied. When user and computer group policies overlap, the

computer policy wins.Note: IPSec and EFS policies are not additive. The last policy applied is the policy

the User/computer will have.

When applying multiple Group Policies Objects from any container, Group Policies

are applied from bottom to top in the Group Policy Object list. The top Group Policy

in the list is the last to be applied. In the above image you can see three Group Policy



36

Objects associated with the Human Resources OU. These polices would be applied

No Windows Update first, then No Display Settings, then No Screensaver. If there

were any conflicts in the policy settings, the one above it would take precedence.

66. How to disable Group Policy Objects

When you are creating a Group Policy Object, the changes happen immediately.There is no "saving" of GPOs. To prevent a partial GPO from being applied, disable

the GPO while you are configuring it. To do this, click the Group Policy Object on the

Group Policy tab and under the Disable column, double click - a little check will

appear. Click the Edit button, make your changes, then double click under theDisable column to re-enable the GPO. Also, if you want to temporarily disable a GPO

for troubleshooting reasons, this is the place to do it. You can also click the Options

button on the Group Policy tab and select the Disabled check box.

67. When does the group policy Scripts run?

Startup scripts are processed at computer boot up and before the user logs in.

Shutdown scripts are processed after a user logs off, but before the computer shutsdown.Login scripts are processed when the user logs in.

Logoff scripts are processed when the user logs off, but before the shutdown script

runs.

68. When the group policy gets refreshed/applied?

Group Policies can be applied when a computer boots up, and/or when a user logs

in.

However, policies are also refreshed automatically according to a predefined

schedule. This is called Background Refresh.

Background refresh for non DCs (PCs and Member Servers) is every 90 mins, with a+/- 30 min.Interval. So the refresh could be 60, 90 or 120 mins. For DCs (Domain

Controllers), background refresh is every 5 mins.

Also, every 16 hours every PC will request all group policies to be reapplied (userand machine) These settings can be changed under Computer and User Nodes,

Administrative Templates, System, Group Policy.

69. Which are the policy which does not get affected by background refresh?

Policies not affected by background refresh. These policies are only applied at logontime:

Folder Redirection

Software InstallationLogon, Logoff, Startup, Shutdown Scripts

70. Which are the two types of default policies?

There are two default group policy objects that are created when a domain is

created. The Default Domain policy and the Default Domain Controllers policy.



37

Default Domain Policy - this GPO can be found under the group policy tab for that

domain. It is the first policy listed. The default domain policy is unique in that

certain policies can only be applied at the domain level.

If you double click this GPO and drill down to Computer Configuration, Windows

Settings, Security Settings, Account Policies, you will see three policies listed:

Password Policy

Account Lockout Policy

Kerberos Policy

These 3 policies can only be set at the domain level. If you set these policies

anywhere else-Site or OU, they are ignored. However, setting these 3 policies at the

OU level will have the effect of setting these policies for users who log on locally to

their PCs. Login to the domain you get the domain policy, login locally you get the

OU policy.

If you drill down to Computer Configuration, Windows Settings, Security Settings,Local Policies, Security Options, there are 3 policies that are affected by Default

Domain Policy: Automatically log off users when logon time expires.

Rename Administrator Account - When set at the domain level, it affects the

Domain Administrator account only.

Rename Guest Account - When set at the domain level, it affects the Domain Guest

account only.

The Default Domain Policy should be used only for the policies listed above. If you

want to create additional domain level policies, you should create additional domain

level GPOs.Do not delete the Default Domain Policy. You can disable it, but it is not

recommended.

Defaults Domain Controllers Policy - This policy can be found by right clicking theDomain Controllers OU, choosing Properties, then the Group Policy tab. This policy

affects all Domain Controllers in the domain regardless of where you put the domain

controllers. That is, no matter where you put your domain controllers in ActiveDirectory (whatever OU you put them in), they will still process this policy.

Use the Default Domain Controllers Policy to set local policies for your domain

controllers, e.g. Audit Policies, Event Log settings, who can logon locally and so on.

71. How to refresh Group Policies suing the command line?

Secedit.exe is a command line tool that can be used to refresh group policies on a

Windows 2000 computer. To use secedit, open a command prompt and type:secedit /refreshpolicy user_policy to refresh the user policies

secedit /refreshpolicy machine_policy to refresh the machine (or computer)

policies

These parameters will only refresh any user or computer policies that have changed

since the last refresh. To force a reload of all group policies regardless of the last

change, use:



38

secedit /refreshpolicy user_policy /enforce

secedit /refreshpolicy machine_policy /enforce

Gpupdate.exe is a command line tool that can be used to refresh group policies on a

Windows XP computer. It has replaced the secedit command. To use gpupdate, open

a command prompt and type:

gpupdate /target:user to refresh the user policies

gpupdate /target:machine to refresh the machine (or computer) policies

gpupdate /force

Notice the /force switch applies to both user and computer policies. There is no

separation of the two like there is with secedit.

72. What is Domain Policy, Domain controller policy, Local policy and Group

policy?Domain Policy will apply to all computers in the domain, because by default it will

be associated with domain GPO, Where as Domain controller policy will be applied

only on domain controller. By default domain controller security policy will be

associated with domain controller GPO. Local policy will be applied to that

particular machine only and effects to that computer only.

73. Who can create site level Group Policy?

Enterprise Admin

74. Who can create Domain lever Group Policy?

Domain Admin

75. Who can create Organization Unit lever Group Policy?

Domain Admin

76. Who can create Local Group Policy?

Local Administrator or Domain Administrator

77. What is the hierarchy of Group Policy?

Local policy

|

Site Policy|

Domain Policy

|

OU Policy

|

Sub OU Policy (If any are there)



39

78. GPMC & RSOP in windows 2003?

GPMC is tool which will be used for managing group policies and will display

information like how many policies applied, on which OU’s the policies applied,

What are the settings enabled in each policy, Who are the users effecting by these

polices, who is managing these policies. GPMC will display all the above information.

RSoP provides details about all policy settings that are configured by an

Administrator, including Administrative Templates, Folder Redirection, Internet

Explorer Maintenance, Security Settings, Scripts, and Group Policy Software

Installation.When policies are applied on multiple levels (for example, site, domain, domain

controller, and organizational unit), the results can conflict. RSoP can help you

determine a set of applied policies and their precedence (the order in which policies

are applied).

79. What is GPMC tool?

The Group Policy Management Console (GPMC) is a tool for managing group policiesin Windows Server 2003. It provides administrators a single consolidated

environment for working on group policy-related tasks. GPMC provides a single

interface with drag-and-drop functionality to allow an administrator to manage

group policy settings across multiple sites, domains, or even forests. GPMC is used to

back up, restore, import, and copy group policy objects. It also provides a reporting

interface on how group policy Objects (GPOs) have been deployed.

80. What are the functional levels we have in Windows 2003?

There are 2 types of functional levels in Windows 2003.

Forest Functional Level

Domain Functional Level

81. What is forest functional level in Windows 2003?

The functional level of Active Directory forest that has one or more domaincontrollers running Windows server 2003. The functional level of a forest can be

raised to enable new Active Directory features that will apply to every domaincontroller in the forest.

There are 3 forest functional level.

Windows 2000 (Supports NT, 2000, 2003 domain controllers)

Windows server 2003 interim (supports only NT, 2003 domain controllers)

Windows server 2003 (Supports only 2003 family domain controllers)

Note: When you raise the functional level to windows server 2003 interim or

windows server 2003 you will get advanced forest wide Active Directory features.

82. What is domain functional level in Windows 2003?

The functional level of Active Directory domain that has one or more domain

controllers running Windows server 2003. The functional level of a domain can be



40

raised to enable new Active Directory features that will apply to that domain only.

There are 4 domain functional level.

Windows 2000 mixed (supports NT, 2000, 2003 domain controllers) Windows 2000 native (supports 2000, 2003 domain controllers only)

Windows server 2003 interim (supports NT, 2003 domain controllers only) Windows server 2003 (Supports only 2003 domain controllers)

Note: When you raise the domain functional level you will get additional features.

Note: By default domain operates at the Windows 2000 mixed mode functionallevel.

83. How to raise forest functional level in Windows 2003?

Start Programs Administrative toolsActive Directory Domains and Trusts

Right click on the Active Directory Domains and Trusts Select Raise Forest functional level Select the required forest functional level click OK

Note: To perform this you must be member of Domain Admin group (in the forest root domain) or the Enterprise admin group.

84. How to raise domain functional level in Windows 2003?

Start Programs Administrative tools Active Directory Users and computes

Right click on the domain name Select Raise domain functional level Select

the appropriate domain level click OK

Note: If the functional level is windows server 2003 then you will get all the features

that are available with 2003. When Windows NT or Windows 2000 domain

controllers are included in your domain or forest with domain controller running

Windows server 2003, Active Directory features are limited.Note: Once if you raise the domain or forest functional level you cannot revert back.

85. Advantages of different functional levels?

Whenever you are in Windows 2000 mixed mode the advantage is you can use

Windows NT, 2000, 2003 domain controllers. The limitations are you cannot create universal groups

You cannot nest groups

You cannot convert groups (i.e., conversion between security groups anddistribution groups)

some additional dial in features will be disabled

You cannot rename the domain controller. SID history disabled.

86. What is replication?

Replication is a process through which the changes made to a replica on one domain

controller are synchronized to replicas on all the other domain controllers in the

network. Each domain controller stores three types of replicas:



41

Schema partition: This partition stores definitions and attributes of objects

that can be created in the forest. The changes made in this partition are

replicated to all the domain controllers in all the domains in the forest.

Configuration partition: This partition stores the logical structure of the

forest deployment. It includes the domain structure and the replication

topology. The changes made in this partition are replicated to all the domaincontrollers in all the domains in the forest.

Domain partition: This partition stores all the objects in a domain. Changes

made in this partition are replicated to all the domain controllers within the

domain.

Note: Windows Server 2003 supports a new type of directory partition named

Application directory partition. This partition is available only to Windows 2003

domain controllers. The applications and services use this partition to store

application-specific data.

87. How to monitor replicationWe can user Replmon tool from support tools

88. What is multimaster replication?

Active Directory follows the multimaster replication which every replica of the

Active Directory partition held on every domain is considered an equal master.

Updates can be made to objects on any domain controller, and those updates are

then replicated to other domain controllers.

89. What is clustering?

A cluster is a group of two or more computers (servers) connected to provide fault

tolerance and load balancing. It is dedicated to run a specific application. Eachserver in a cluster is known as a node. The failover and failback capabilities of a

cluster bring the application downtime to zero.

Note: Server clustering is intended to provide high availability for applications andnot for data.

90. What is Clustering? Briefly define & explain it?

Clustering is a technology, which is used to provide High Availability for mission

critical applications. We can configure cluster by installing MCS (Microsoft clusterservice) component from Add remove programs, which can only available in

Enterprise Edition and Data center edition.

In Windows we can configure two types of clustersNLB (network load balancing) cluster for balancing load between servers. This

cluster will not provide any high availability. Usually preferable at edge servers like

web or proxy.

Server Cluster: This provides High availability by configuring active-active or

active-passive cluster. In 2 node active-passive cluster one node will be active and

one node will be stand by. When active server fails the application will FAILOVER to



42

stand by server automatically. When the original server backs we need to FAILBACK

the applicationQuorum: A shared storage need to provide for all servers which keeps information

about clustered application and session state and is useful in FAILOVER situation.

This is very important if Quorum disk fails entire cluster will fails

Heartbeat: Heartbeat is a private connectivity between the servers in the cluster,which is used to identify the status of other servers in cluster.

91. What is the difference between Authoritative and Non-Authoritative

restoration?

Although you might have several domain controllers (DCs) providing fault tolerance

for your domain, you still need to perform regular backups. Windows backs up AD

as part of the System State and restores the directory by booting a DC into the

Directory Services restore mode.

The default Directory Services restore mode is a non-authoritative restoration. In

this mode, Windows restores a DC's directory from the backup. Then, the DCreceives from its replication partner’s new information that's been processed since

the backup. For example, let's say we restore a DC using a 2-day-old backup. After

the DC starts, its replication partners send all updates that have occurred in the past

2 days. This type of restore is typically used if a DC fails for hardware or software

reasons.

An authoritative restoration restores the DC's directory to the state it was in when

the backup was made, then overwrites all other DCs to match the restored DC,

thereby removing any changes made since the backup. You don't have to perform an

authoritative restoration of the entire directory--you can choose to make only

certain objects authoritative. When you restore only parts of the directory, Windowsupdates the rest of the restored database by using information from the other DCs

to bring the directory up-to-date, then replicates the objects that you mark as

authoritative to the other DCs. This type of restore is most useful if you deleted, forexample, an organizational unit (OU). In this case, you could restore an AD backup to

a DC, mark the OU as authoritative, and then start the DCs normally. Because youmarked the OU as authoritative, Windows will ignore the fact that the OU was

previously deleted, replicate the OU to the other DCs, and apply all other changes

made since the backup to the restored DC from its replication partners.

92. What is DFS & its usage

DFS is a distributed file system used to provide common environment for users toaccess files and folders even when they are shared in different servers physically.

There are two types of DFS domain DFS and Stand alone DFS. We cannot provide

redundancy for standalone DFS in case of failure. Domain DFS is used in a domain

environment which can be accessed by /domain name/root1 (root 1 is DFS root

name). Stand alone DFS can be used in workgroup environment which can be

accessed through /server name/root1 (root 1 is DFS root name). Both the cases we

need to create DFS root (Which appears like a shared folder for end users) and DFS



43

links ( A logical link which is pointing to the server where the folder is physically

shared)

The maximum number of Dfs roots per server is 1.

The maximum numbers of Dfs root replicas are 31.

The maximum number of Dfs roots per domain is unlimited.

The maximum number of Dfs links or shared folders in a Dfs root is 1,000

93. What is REPLMON?

Replmon displays information about Active Directory Replication.

94. What is ADSIEDIT?

ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level

editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network

administrators can use it for common administrative tasks such as adding, deleting,and moving objects with a directory service. The attributes for each object can be

edited or deleted by using this tool. ADSIEdit uses the ADSI applicationprogramming interfaces (APIs) to access Active Directory. The following are the

required files for using this tool: ADSIEDIT.DLL ADSIEDIT.MSCNETDOM.

95. What is NETDOM?

NETDOM is a command-line tool that allows management of Windows domains and

trust relationships. It is used for batch management of trusts, joining computers to

domains, verifying trusts, and secure channels.

96. What is REPADMIN?

This command-line tool assists administrators in diagnosing replication problems

Between Windows domain controllers. Administrators can use Repadmin to viewthe replication topology (sometimes referred to as RepsFrom and RepsTo) as seen

from the perspective of each domain controller. In addition, Repadmin can be used

to manually create the replication topology (although in normal practice this shouldnot be necessary), to force replication events between domain controllers, and to

view both the replication metadata and up-to-dateness vectors.

97. What is nesting?

The creation of an OU inside another OU.IMP: - once you go beyond about 12 OUs deep in a nesting structure, you start

running into significant performance issues.

98. What is volume shadow copy?

The Windows Backup provides a feature of taking a backup of files that are opened

by a user or system. This feature is known as volume shadow copy. Volume shadow

copy makes a duplicate copy of all files at the start of the backup process. In this

way, files that have changed during the backup process are copied correctly. Volume

shadow copy ensures the following:

Applications continue to write data to the volume during a backup



44

Backups are scheduled at any time without locking out users.

99. What is Performance Monitor?

Performance Monitor is used to get statistical information about the hardware and

software components of a server. Performance Monitor is used for the following:

Monitor objects on multiple computers.

Log data pertaining to objects on multiple computers, over time.

Analyze the effects of changes made to a computer.

Launch programs and send notifications when thresholds are reached. Export data for analysis in spreadsheet or database applications.

Save counter and object settings for repeated use.

Create reports for use in analyzing performance, over time.

100. What is System Monitor?

System Monitor is a Windows graphical tool for measuring the performance of a

host or remote computer. It is used to view reports on CPU load, memory usage, andinterrupt rate, and the overall throughput of the traffic on a network. Using System

Monitor, administrators can perform the following functions:

Create charts and reports to measure a computer's efficiency.

Identify and troubleshoot possible issues, such as unbalanced resource use,

insufficient hardware, or poor program design.

Plan for additional hardware needs.

System Monitor can also be used to monitor the resource use of specific components

and program processes.

101. What is Active Directory Migration Tool (ADMT) ?

The Active Directory Migration Tool (ADMT) is used to migrate from an earlier

implementation of Windows NT to Windows Server 2003 or Windows 2000 Server.ADMT supports not only migration from Windows NT 4.0 to Active Directory but

also interforest and intraforest migrations. ADMT is designed to migrate an ActiveDirectory Schema from one forest to another, regardless of whether a change in

operating systems is involved.

ADMT 2.0 has many new features such as a command-line interface and a better

interface to work with Microsoft Exchange Server. ADMT also supports a user-

account password migration.

102. What is DSMOD?

DSMOD is a command-line utility that is used to modify existing objects, such as

users, computers, groups, servers, OUs etc., in Active Directory.

103. What is NTDSUTIL utility?



45

NTDSUTIL.EXE is a command-line tool that is used to manage Active Directory. This

utility is used to perform the following tasks:

Performing database maintenance of Active Directory. Managing and controlling operations master roles.

Removing metadata left behind by domain controllers.

Note: The NTDSUTIL utility is supposed to be used by experienced administrators.

104. What is DCDIAG tool? AD Troubleshooting tool.

Domain Controller Diagnostic (DCDIAG) is a diagnostic tool that is used to analyze

the domain controllers in a forest to report problems or issues. The scope of this

tool covers the functions of the domain controllers and interactions across an entire

enterprise. The DCDIAG tool is used to diagnose the domain controller status for the

following issues:

Connectivity Replication Integrity of topology

Permissions on directory partition heads Permissions of users

Functionality of the domain controller locator

Consistency among domain controllers in the site

Verification of trusts

Diagnosis of replication latencies

Replication of trust objects

Verification of File Replication service

Verification of critical services

Note: DCDIAG is an analyzing tool, which is mostly used for the reporting purposes.

Although this tool allows specific tests to berun individually, it is not intended as a general toolbox of commands for performing

specific tasks.

105. Integration of DNS and Active Directory

The integration of DNS and Active Directory is essential because a client computerin a Windows 2000 network must be able to locate a domain controller so that users

can log on to a domain or use the services that Active Directory provides. Clients

locate domain controllers and services by using A resource records and SRVrecords. The A resource record contains the FQDN and IP address for the domain

controller. The SRV record contains the FQDN of the domain controller and the

name of the service that the domain controller provides.

106. How will take backup of Active Directory?

Take the system state data backup. This will back up the active directory



46

Database. Microsoft recommend only Full backup of system state database

What are the content of System State backup?

The contents are Boot files, system files

Active directory (if it’s done on DC) Sysvol folder (if it done on DC)

Cerficate service (on a CA server)

Cluster database (on a clsture server)

Registry Performance couter configuration information

Coponet services class registration database

107. What is WSUS?

It is Microsoft Software Update Server, and it is designed to automate the process of distributing Windows operating system patches.

It works by controlling the Automatic Updates applet already present on allWindows machines. Instead of many machines at UVA all going to Microsoft's

website to download updates, the SUS server downloads all updates to an ITC-

owned server and workstations then look there for updates.

108. What is the Minimum Free Disk Space required?

Minimum of 6 GB free disk space is recommended to store the WSUS content.

109. How WSUS Works?

WSUS is an update component of Windows Server and offers an effective and quick

way to help keep systems up-to-date. WSUS provides a management infrastructure

consisting of the following:Microsoft Update: The Microsoft Web site to which WSUS components connect for

updates of Microsoft products.

Windows Server Update Services server: The server component that is installed

on a computer running a Microsoft Windows 2000 Server with Service Pack 4 (SP4)or Windows Server 2003 operating system inside the corporate firewall. WSUS

server provides the features that administrators need to manage and distribute

updates through a Web-based tool, which can be accessed from Internet Explorer onany Windows computer in the corporate network. In addition, a WSUS server can be

the update source for other WSUS servers.

Automatic Updates: The client computer component built into Microsoft Windows

Server 2003, Windows XP, and Windows 2000 with SP3 operating systems.

Automatic Updates enables both server and client computers to receive updates

from Microsoft Update or from a server running WSUS.

110. Difference between NT & 2000



47

Windows NT SAM database is a flat database. And windows 2000 active

directory database is a hierarchical database. In Windows NT only PDC is having writable copy of SAM database but the

BDC is only having read only database. In case of Windows 2000 both DC and

ADC is having write copy of the database.

Windows NT will not support FAT32 file system. Windows 2000 supportsFAT32.

Default authentication protocol in NT is NTLM (NT LAN manager). In

windows 2000 default authentication protocol is Kerberos V5.

Features introduced in windows 2000, those are not in Windows NT.

NTFS v5 supports Disk quotas.

Remote Installation Service

Built in VPN & NAT support

IPv6 supports. USB support.

Distributed File System. Clustering support. ICS (Internet Connection Sharing)

111. Difference between PDC & BDC

PDC contains a write copy of SAM database where as BDC contains read only copy of

SAM database. It is not possible to reset a password without PDC in Windows NT.

But both can participate in the user authentication. If PDC fails, we have to manually

promote BDC to PDC from server manger.

112. Difference between DC & ADC.

There is no difference between in DC and ADC both contains write copy of AD. Bothcan also handles FSMO roles (If transfers from DC to ADC). Functionality wise there

is no difference. ADC just require for load balancing & redundancy. If two physical

sites are segregated with WAN link come under same domain, better to keep oneADC in other site, and act as a main domain controller for that site. This will reduce

the WAN traffic and also user authentication performance will increase.

113. What is the difference between Win2k Server and Win2k3?

1. We can’t rename domain in Win2k,u can rename in Win2k32. IIS 5.0 in Win2k and IIS 6.0 in Win2k3

3. No Volume Shadow Copying in Win2k, its available in Win2k3

4. Active Directory Federation Systems in Win2k3Like that some other security features added in Win2k3, main features are above.

114. Difference between 98 and XP-

In XP high resolution, support NTFS file system, secure OS, plug and play facility for

USB, Fax support, inbuilt graphics drivers, faster than 98, XP can support 2

processors, new version of Internet explorer.



48

115. Advantages of 2003

Domain rename, domain controller rename, multiuser property select, admin

account deletetion, default APIPA, shadow copy, IIS version 6, security purpose,

password complexity

116. How to load Admin Pack?

In windows 2000 CD (Only server family),Click on i386 folder Click on adminpak.msi

OrGo to command prompt (in server operating system only) Go to winnt/system32

directory type adminpak.msi or type Msiexec /i adminpak.msi

Note: Adminpak.msi is not included in the professional CD.

If you want to load the administrative tools in the local computer you can load. But

youmust have administrative permissions for the local computer to install and run

Windows 2000 Administration Tools.



49

DNS Interview Questions:-

1. What are the basic requirements (Hardware/Software) to implement the

Windows DNS server?

Server Hardware Requirements:Microsoft's suggested minimum hardware requirements (and some Microsoft

recommendations) forWindows Server 2003 (Standard) is listed here:

· CPU speed: 133MHz (550MHz recommended)

· RAM: 128MB (256MB recommended; 4GB maximum on Standard Server)

· Disk space for setup: 1.5GB

· CD-ROM drive: 12X

· Monitor: Super VGA capable of providing 800 x 600 resolution

2. DNS requirements:

First and foremost has to support SRV records (SRV record identifies a particular

service in a particular computer) (in windows 2000 we use SRV records to identify

Domain controllers, identifying Global Catalogue, etc.

Second and third are not requirements but recommended.

Second is Dynamic Updates

Third one is IXFR (Incremental Zone Transfer)

Note: Most DNS servers support AXFR (i.e., Entire zone transfer)

In incremental we transfer only changes, but in AXFR we transfer whole.

3. How to Install the DNS Service on an Existing Server

1.Click Start, point to Control Panel, and then click Add or Remove Programs.

2.Click Add or Remove Windows Components.

3. In the Components list, click Networking Services (but do not select or clear the

check box), and then click Details.

4. Click to select the Domain Name System (DNS) check box, and then click OK.5. Click Next.

6. When you are prompted, insert the Windows Server 2003 CD-ROM into the

computer's CD-ROM drive or DVD-ROM drive.

7. On the Completing the Windows Components Wizard page, click Finish whenSetup is complete.8. Click Close to close the Add or Remove Programs window.

4. What is DNS?

DNS used for the name resolution its mainly used to resolve from name to IP

address and IP address to name, mainly used in internet. DNS divide in form of hierarchical.



50

Two categories Zone-

Forward lookup zone- Resolved query name to IP address.

Reverse lookup zone- Resolved query IP address to name.

5. What is DNS Zone? Types of DNS zones & Explain?

A zone is simply a contiguous section of the DNS namespace. Records for a zone are

stored and managed together. Often, sub-domains are split into several zones to

make manageability easier. For example, support.microsoft.com and

msdn.microsoft.com are separate zones, where support and msdn are sub-domains

within the Microsoft.com domain.

Primary Zone:

Primary zones are created on the primary DNS servers. It is aread /write copy.

Secondary Zone:

There are created on the second DNS server where it holds a read only copy of the

zone. Secondary zones provide fall tolerance and load balancing to the primary

zone. Secondary zone is a back up for primary zone

AD integrated zones:

These are useful when we want to maintain zone information in the AD . zone is

saved in the AD as a result when we back up AD we are also backing up zone

information.

If it is a primary zone, zone is saved as a normal text file as a result we have to back

p the zone separately, AD integrated zone is created when we install AD with adomain name.

Stub zone:

Stub zone is a newly added feature in WIN 2003 stub zone contains name server

information or name server records and SOA records (Start of Authority) Stub zonesprovide fault tolerance & load balancing besides providing the name server & SOA

record information. Stub zones are useful for resolving the query faster.

6. Why Use Stub Zones?

The idea behind stub zones is to speed up name resolution and reduce network

traffic. This is a benefit for every network where you are able to use them.

7. DNS resource records, explain?

DNS zone database is made up of a collection of resource records. Each resource

record specifies information about a particular object. For example, address

mapping (A) records maps a host name to an IP address, and reverse-lookup pointer(PTR) records map an IP address to a host name. The server uses these records to



51

answer queries for hosts in its zone. For more information, use the table to view

DNS resource records.NS (NS Record): Name server resource record specifies the authoritative DNS server

for the particular zone.

SOA (Start of Authority): This resource record specifies the DNS server providingauthoritative information about the zone.

A ( Allias): Standard hostname resource record contains hostname to IP Address

mapping.

CNAME: This resource record allows you to use more than one name to point a

single host.

MX (Mail Exchanger): This resource record is used by e-mail applications to locate amail server within a zone.

PTR (Pointer): Used to map IP address to their associated hostnames. These records

are only used in reverse lookup zones.

SRV: This resource records is used to specify the location of specific services in a

domain.



52

8. What is FQDN (Fully Qualified Domain Name)?

Hostname.Domain.com

Give an Example for FQDN?

For example, the fully qualified domain name (FQDN)

barney.northwind.microsoft.com can be broken down as follows:

Host name: barney

Third-level domain: north wind (stands for North wind Traders Ltd., a

fictitious Microsoft subsidiary) Second-level domain: Microsoft (Microsoft Corporation)

Top-level domain: com (commercial domain)

The root domain has a null label and is not expressed in the FQDN

9. What is a Host name?

An alias given to a computer on TCP/IP network to identify it on the network. Host

names are friendlier way to TCP/IP hosts than IP address.A host name can contain A-Z, 0-9,“.”,“-“, characters.

10. What is name Resolution?

The process of translating the name into some object or information that the name

represents is called name resolution. A telephone book forms a namespace in which

the names of telephone subscribers can be resolved to the phone numbers.

11. Where to create the primary, secondary, Active Directory Integrated zones?

If you want to create an Active Directory integrated zone, the server must be

Domain Controller.If you want to create the Primary DNS, you can create on Domain Controller or

Member server. But if create on member you could not get 4 options under the

domain which are meant for Active directory.You can create Secondary zone on a Member Server or on a Domain Controller.

There is no difference between them.

12. What are the features of Widows 2000 DNS?

Supports SRV (service) records

Supports Dynamic Updates

Supports IXFR (Incremental Zone Transfer)

Supports security

Explain each one of the above?

In windows 2000 Domain you need to have a DNS server to find different

services. The SRV records identify these services.

When you enable the Dynamic updates, all the records in the zone are

automatically created. As we add a computer to the domain, as we add a Domain



53

controller to the domain the corresponding records are automatically created. I.e.,

you need to create a record in the DNS zone manually to identify those computers or

services.

When an update is made in the Master it has to be replicated to the Secondary.

Previous we used to transfer the entire zone (which is called AXFR (entire zone

transfer)). But with Windows 2000 domain we transfer on the records that havebeen modified. This is called IXFR (Incremental Zone Transfer).

We get the security with Active Directory Integrated zone. We can set permission

on Active Directory like who can use and who can't use the DNS. And also we have

Secure Dynamic updates with Active Directory Integrated zone. By this onlyspecified computers only can dynamically update the records in the zone.

13. What are the commands do we use for DNS?

Nslookup (and all interactive mode commands)

Ipconfig /fulshdns

Ipconfig /registerdns

Note: A best strategy of using DNS in corporate network is use two DNS servers.

One is on internal network and another one is between two firewalls. For more

security keep the zone as secondary in the DNS server which is between firewalls.

14. What is the difference between Primary zone and Secondary zone?

Primary zone has read and write permissions, where as Secondary zone has read

only permission.Note: Secondary zone is used for Backup and Load balancing.

15. How to check whether DNS is working or not?

Type the command“nslookup” at command prompt

Then it gives the DNS server name and its IP address

16. What is Dynamic Updates in DNS?

Generally we need to create a host record for newly joined computer (either client or Member server or Domain controller). If you enable dynamic Update option, then

DNS it self creates associated host record for newly joined computers.

17. How to get Dynamic Update option?

Right Click on any zone propertieson General tab u will get Allow Dynamic

Updates? [_Yes/No/Secure Updates]Note: Put always Dynamic Updates“YES”

Note: If it is Active Directory Integrated zone you will get above three options.

But if it is Primary or Secondary zone you will get only“YES/NO” (You won’t

get secure updates)

18. What is an iterative query?The query that has been sent to the DNS server from aClient is called iterative query.



54

(i. e., iterative query is nothing but give the answer for my question, don’t ask to

contact that person or this person or don’t say some thing else. Simply just answer

to my question. That’s all)

19. What is Recursive query?

Now your DNS server requests the root level DNS server for specific IP address.Now DNS server says that I don’t know but I can give the address other person who

can help you in finding IP address.

20. How to configure the DNS?

Open the DNS ConsoleThen you will find there

DNS Server nameForward Lookup Zone

Reverse Lookup Zone

Note: If you have selected create automatically zones during the setup, then it

creates the root zone and domain zone under forward lookup zone.If no zones are there under forward lookup zone first create root zone then create

domain zone.

21. How to create a zone?

Right click on forward lookup zonenew zone Active Directory Integrated

Primary Secondary

Select any one of above.

Note: The option Active Directory Integrated Zone is available on when you have

installed the Active Directory; if you have not installed Active Directory the option isdisabled.Note: If you want to select a Secondary zone u should have already a primary zone

or Active Directory Integrated zone.

DNS Name [____________________]

Give the DNS name

Note: If you r creating a root zone then just type in the name box “.” (only dot)

Then click Next

Finish.

After creating the root zone then create another zone with Domain NameRight click on Forward Lookup zone New zoneActive Directory Integrated

(you can choose any one)DNS Name [___]Next Finish.

Creation of zone in Reverse lookup zone

Right Click on Reverse lookup zonNew zoneType Network IdNext

NameFinish.



55

After this

Right Click on zoneselect Create associate Ptr (pointer) recordNext finish.

22. What tabs are there on properties of Domain?

General

Start of Authority (SOA)Named servers

WINS

Zone transfers

23. What tabs are there on properties of sever?

Interface

ForwardersAdvanced

Root hints

Logging

Monitoring

24. Is there any possibility to have two Primary DNS zones?

No, you should not have two primary DNS zones. Why because if u have two primary

DNS zones some clients contacts first one, some clients contacts second one

according to their configuration in TCP/IP properties. Then you will get problems.

Actually Primary DNS zone means Single master. i.e., master is only one that is only

one primary DNS zone. But you can have as many as Secondary zones.

To overcome from above problem (i.e., single master problem) in Windows 2000 we

have Active Directory Integrated zones, which are multi masters.

25. How to create a Secondary DNS zone?

To create a secondary zone you should have Primary DNS zone or Active Directory

Integrated DNS zone.

You have to follow the same procedure as same as primary DNS configuration.

But at the time selection, select Secondary zone instead of primary zone. After that it

asks the primary DNS zone address provide that address.

Create forward lookup zone and reverse lookup zone as usual.Then,

Right click on forward lookup zoneNew zone Active Directory Integrated

Primary

Secondary

Select Secondary zone

(Note:-The option Active Directory Integrated Zone is available on when you have

installed the Active Directory; if you have not installed Active Directory the option is



56

disabled.)

Then it asks for Primary DNS zone details, provide those details then click on

finish.

Now go to Primary or Active Directory integrated zone then right click on zone

name propertiesclick on zone transfer Tab

Select allow zone Transfers

Here you can see three options.

To any server

Only to servers listed on the Name servers tabOnly to the following servers

Select anyone and give the details of secondary zone (only in case of second and

third option).

Click on apply, then OK.

Note: In zone transfers tab you can find another option Notify, this is toautomatically notify secondary severs when the zone changes. Here also you can

select appropriate options.

Note: In secondary zone you cannot modify any information. Every one has read

only permission.

Whenever Primary DNS is in down click on “change” tab on general tab of

properties, to change as primary, then it acts as primary, there you can writepermission also.

26. What is the default time setting in primary zone to refresh, Retry, Expire

intervals for secondary zone?

The default settings are

To Refresh interval 10 minutesTo Retry interval, 15 minutes

To Expire after 1 day

27. Suppose the Secondary zone is Expired then, how to solve the problem?

First go to primary zone check primary zone is working or not.

IF primary zone is working then go to secondary zone, Right click on zone name

select the“Transfer from Master” then it automatically contacts the primary DNS,

if any updates are there then it takes the updates from the Primary.

28. How to know whether the recent changes in Primary are updated to

secondary zone or not?

Compare the Serial Number on Start of Authority tab in both secondary on primary

DNS zone properties.

If both are same then recent updates are made to secondary zone.

If not (i.e., secondary is less then primary) click on “Transfer from Master”



57

How to change form Primary to Secondary or Secondary to primary or Active

directory integrated to secondary or primary like that (simply one type of zone to

another type of zone)?

Go to the properties of the zone click on general tab, there you can find the option

called“Change” click on it then select appropriate option.Then click on OK.

29. How to pause the zone?

Go to properties of a zone click on General tabclick on Pause button.

30. How does DNS server know the root domain server addresses?

Every DNS server that has installed on Internet has pre configured with root DNS

server addresses.

Every single server can get to the root. So that only every DNS server on the Internet

first contacts root DNS servers for name resolution.

31. Where can you find the address of root servers in the DNS server?

Open the DNS console Right click on the domain name drag down to

properties click on Root hints. Here you can find different root server addresses.

Note: When you install DNS service in a 2000 server operating system (still you

have not configured anything on DNS server), then it starts its functionality as

caching only DNS server.

32. What is a forwarder?

(Open DNS consoleRight click on Domain name Click on forwarder tab)

A forwarder is server, which has more access than the present DNS server. May beour present DNS server is located in internal network and it cannot resolve the

Internet names. May be it is behind a firewall or may it is using a proxy server or

NAT server to get to the Internet. Then this server forwards the query to another

DNS server that can resolve the Internet names.

33. What is DNS & WINS ?DNS is a Domain Naming System/Server, use for resolve the Host names to IP

addresses and also do the IP address to host name. It uses fully qualified domain

names. DNS is a Internet standard used to resolve host names. Support up to 256

characters.

WINS is a Windows Internet Name Service, which resolves Netbios names to IP

Address and also resolve the IP address to Netbios names. This is proprietary of Microsoft and meant for windows only. Support up to 15 characters.

34. What is TTL & how to set TTL time in DNS?

TTL is Time to live setting used for the amount of time that the record should

remain in cache when name resolution happened.

We can set TTL in SOA (start of authority record) of DNS.



58

35. What is DNS namespace?

DNS namespace is the hierarchical structure of the domain name tree. It is defined

such that the names of all similar components must be similarly structured, but

similarly identifiable. The full DNS name must point to a particular address.

Consider the following image of DNS namespace of the Internet:

The salessrv1 and salessrv2 are host names of the hosts configured in the

sales.ucertify.com domain. The fully qualified domain name (FQDN) of the host salessrv1 is salessrv1.sales.ucertify.com. No two hosts can have the same FQDN.

36. NSLOOKUP:

NSLOOKUP is a utility for diagnosing and troubleshooting Domain Name System

(DNS) problems. It performs its function by sending queries to the DNS server andobtaining detailed responses at the command prompt. This information can be

useful for diagnosing and resolving name resolution issues, verifying whether or not

the resource records are added or updated correctly in a zone, and debugging other

server-related problems. This utility is installed along with the TCP/IP protocol

through the Control Panel.

37. How do I clear the DNS cache on the DNS server?

To clear DNS Cache do the following:1. Start

2. Run

3. Type "cmd" and press enter4. In the command window type "ipconfig /flushdns"

5. If done correctly it should say "Successfully flushed the DNS Resolver Cache."

38. How DNS Works?

DNS uses a client/server model in which the DNS server maintains a static database

of domain names mapped to IP addresses. The DNS client, known as the resolver,

performs queries against the DNS servers. The bottom line? DNS resolves domain

names to IP address using these steps



59

Step 1: A client (or “resolver”) passes its request to its local name server. For

example, the URL term www.idgbooks.com typed into Internet Explorer is passed to

the DNS server identified in the client TCP/IP configuration. This DNS server is

known as the local name server.

Step 2: If, as often happens, the local name server is unable to resolve the request,

other name servers are queried so that the resolver may be satisfied.

Step 3: If all else fails, the request is passed to more and more, higher-level nameservers until the query resolution process starts with far-right term (for instance,

com) or at the top of the DNS tree with root name serversBelow is the Steps explained with the help of a chart.

How DNS works



60

39. DNS with Active Directory?

Active Directory uses the same hierarchal naming convention as DNS. Because of

this, the client computer uses DNS servers to locate Active Directory domain

controllers and other Active Directory resources on the network.

Without DNS, Active Directory couldn’t function, because client computers wouldn’t be able to locate these domain controllers and resources.

Bottom line is, Active Directory is dependent on DNS. Active Directory can’t be

implemented until the DNS server service is installed.

40. What is Host File?

The "Hosts" file in Windows and other operating systems is used to associate host

names with IP addresses. Host names are the www.yahoo.com addresses that you

see every day. IP addresses are numbers that mean the same thing as the wwwwords - the computers use the numbers to actually find the sites, but we have words

like www.yahoo.com so humans do not need to remember the long strings of numbers when they want to visit a site.

We can put names and addresses into the Hosts file so your computer does not have

to ask a DNS server to translate the domain name into an IP number. This speeds up

access to the host site you want to see because your computer no longer has to

query other systems on the Internet for the address translation.

41. What is LM Host File?

A text file in a windows network that provides name resolution of NetBIOS host

names to IP addresses. The LMHOSTS files were the Windows counterpart to the

HOSTS files in UNIX, but have long since given way to the WINS naming system. LM

stands for "LAN Manager," the name of Microsoft's earlier network operatingsystem (NOS).

42. How many SOA record does each zone contain?

Each zone will have one SOA record. This records contains many miscellaneous

settings for the zone, such as who is responsible for the zone, refresh intervalsettings, TTL (Time To Live) settings, and a serial number (incremented with every

update).

43. Short summary of the records in DNS.

The NS records are used to point to additional DNS servers. The PTR record is used

for reverse lookups (IP to name). CNAME records are used to give a host multiplenames. MX records are used when configuring a domain for email.

44. Can I use an A record instead of an MX record?

> I have a single machine running DNS mail and web for a domain

> and I'm not sure that I have DNS setup properly. If the machine

> that is running the mail is the name of the domain does there need

> to be an MX record for mail?



61

Technically, no. Nearly all mailers will look up A records for a domain name in a mail

destination if no MX records exist.

> If an MX record is not needed, how would you put in an MX

> record for a backup mailserver.

You can't. If you want to use a backup mailer, you need to use MX records.

> www cname 192.168.0.1> mail cname 192.168.0.1

> pop cname 192.168.0.1

> smtp cname 192.168.0.128

These CNAME records are all incorrect. CNAME records create an alias from onedomain name to another, so the field after "CNAME" must contain a domain name,

not an IP address. For example: www CNAME foo.example.

45. What are a zone's NS records used for?

> Could you elaborate a little bit on why do we need to put NS records for

> the zone we are authoritative for ?

> The parent name server handles these already. Is there any problem if our

> own NS records have lower TTLs than the records from parent name server ?

That's a good question. The NS records from your zone data file are used for several

things:

- Your name servers returns them in responses to queries, in the authority section of

the DNS message. Moreover, the set of NS records that comes directly from yourname server supersedes the set that a querier gets from your parent zone's name

servers, so if the two sets are different, yours "wins."

- Your name servers use the NS records to determine where to send NOTIFY

messages.

- Dynamic updaters determine where to send updates using the NS records, which

they often get from the authoritative name servers.

46. What's the largest number I can use in an MX record?

> Could you tell us the highest possible number we can use for the MX

> preference ?

Preference is an unsigned, 16-bit number, so the largest number you can use is

65535.



62

47. Trouble Shooting Of DNS

(1) C:\> NS Lookup

(2) IP Config / Flush DNS

(3) IP Config / Registeredes

(4) IP Config / Display DNS(5) IP Config / Clear Cache

48. DNS Suffix

For DNS, a character string that represents a domin name. The DNS Suffix showswhere a host is located relative to the dns root, specifying a host location in the DNS

hierarchy.Usually,the DNS Suffix describes the latter portion of a DNS name,

following one or more of the first labels of a DNS name.



63

DHCP Interview Questions:-

1. What is DHCP?

DHCP provide IP address dynamically to client machine, when client machine not foundDHCP server then it get APIPA (automatic private IP address).

2. Advantages of DHCP ?

DHCP capability it build with windows server 2003 so it don’t cost extra

Once we entered IP address configuration in one place on DHCP server it

automatically assigned to DHCP client.

Configuration problem automatically minimum.

3. IP leasing process:1.DHCP discover:

The client machine when turned ON broad casts the network id, broad castes id, MAC

address on Network for discovering DHCP server.

2.Offer:

The DHCP server listening to the request made by the client offers a

pool of IP addresses to the client machine.

3.Selection:

The client machine on receiving the pool of IP address selects

an IP and requests the DHCP server to offer that IP.

4.Acknowledgement:

The DHCP sends a conformation about the allotment of the IP assigned to the client as an

acknowledgement.

5. IP lease:

If the client machine is not restarted for 8 days, exactly after 4days the client machine

requests the DHCP server to extend the IP lease duration, on listening to this the DHCP

server adds 8 more days for existing 4 days =12 days

If the client machine is restarted again the DHCP lease process takes place and again the

client gets an IP for 8 days.

4. DHCP requirements:

Domain Controller or member server

Static IP

Active Directory

DNS (if it is win 2003)



64

5. DHCP Installation steps:

Installing DHCP server (insert 2003 server CD)

On DC

Start settingcontrol paneladd\remove programs add \remove windows

Components Select n/w servicesclick on details

Select DHCP server ok next

Authorization: When we have multiple DHCP servers we can designate one of

the DHCP servers as an authorized DHCP server.

Authorizing DHCP server:

On DC

Start Programsadmin tools

DHCP right click on the server

Click authorize

Refresh

6. How to open DHCP?

Start ProgramsAdministrative ToolsDHCP

Or

Start Rundhcpmgmt.msc

7. Scope:Scope is a range of IP addresses from which the DHCP server assigns

IPs to the clients.

8. Difference between Scope and Super Scope-

Scope in DHCP where you can specify range of IP address which will lease to DHCP client

Super Scope is the combination of multiple scope.

9. Creating a Scope:

Open DHCP ServerRight click on server

New scope scope name

Specify the range next

Specify if we want any exclusion

Lease durationNext DHCP options

Router next specify the domain name

Server name client on resolve add next WINS server next yes I

want next finish

Configuring a client machine to obtain IP from DHCP server

By default all the clients configured as obtain IP automatically

On client machine



65

Right click on my n/w places

Properties LAN properties

TCP/IP double click

Ensure that “obtain an IP address automatically” is selected.

Releasing an existing IP: (give up an IP)Start runcmdipconfig /release

Obtaining a new IP

Start runcmdipconfig /renew

Super Scopes:

Group of scopes is called as super scope.

Note: when we have multiple scopes only one scope can be active in order to

enable all the scopes we have to merge all the scopes with super scope.

Creating super scope:Requires multiple scopes

Create 2 scopes.

Right click on server

Say new super scope

Specify the super scope name

Select 2 scopes by holding ctrl key

Next finish

Address Pool:

gives the range of IP addresses we have specified.

Address leases:

Specifies the client (names) and the IP addresses assigned

Reservations: useful when we want to dedicate a particular IP to a particularsystem. Ex: managerial systems, important clients.

10. Backing up DHCP:

Open DHCP - right click on DHCP – select backup

Select location where we want to save – ok.

11. Restoring DHCP server:

Uninstall DHCP serverInstall DHCP server

Open DHCP

Right click on it Click on restorespecify the backed up path

We should notice our previous scopes.





67

17. What is the process of assigning IP address by DHCP service?

There are four stages in assigning IP address to a host by DHCP server.

1) DHCP discover

2) DHCP offer

3) DHCP request

4) DHCP Acknowledge

DHCP Discover:

Whenever client has to obtain an IP address from a DHCP server it will broadcast

a message called “DHCP discover” , which contains destination address255.255.255.255

and source IP address as 0.0.0.0 and its MAC address.

DHCP offer:

The DHCP server on the network will respond to DHCP discover by sending a

DHCP offer message to the client requesting an IP address.DHCP request:

The client after receiving offer message will send a “DHCP request” messageasking the DHCP server to confirm the IP address it has offered to it through DHCP

offer message.

DHCP Acknowledge:

DHCP server will respond to the “DHCP request” message by sending

acknowledge message through which it confirms the IP address to other machine.

Note: You can also enable DHCP in work group for dynamic allocation of IP

addresses.

Configure the server operating system in work group as a DHCP then go for client inTCP/IP properties select obtain IP address automatically. Then the client gets IP

address from the DHCP server.Note: You need not to configure DNS or anything.

18. What is APIPA ?

On occasion, a network PC boots up and finds that the DHCP server is not available.When this happens, the PC continues to poll for a DHCP server using different wait

periods.

The Automatic Private IP Addressing (APIPA) service allows the DHCP client to

automatically configure itself until the DHCP server is available and the client can be

configured to the network. APIPA allows the DHCP client to assign itself an IPaddress in the range of 169.254.0.1 to 169.254.254.254 and a Class B subnet mask

of 255.255.0.0. The address range that is used by APIPA is a Class B address that Microsoft has set aside for this purpose.

19. If DHCP is not available what happens to the client?

Client will not get IP and it cannot be participated in network. If client already got

the IP and having lease duration it use the IP till the lease duration expires.



68

20. What is subnetting and supernetting

Subnetting is the process of borrowing bits from the host portion of an address to

provide bits for identifying additional sub-networks.

Supernetting merges several smaller blocks of IP addresses (networks) that are

continuous into one larger block of addresses. Borrowing network bits to combineseveral smaller networks into one larger network does supernetting.

21. what is the difference between Authorized DHCP and Non Authorized DHCP

To avoid problems in the network causing by mis-configured DHCP servers, serverin windows 2000 must be validate by AD before starting service to clients. If an

authorized DHCP finds any DHCP server in the network it stop serving the clients.

22. what are the problems that are generally come across DHCP

Scope is full with IP addresses no IP’s available for new machines

If scope options are not configured properly eg default gateway

Incorrect creation of scopes etc.

23. DHCP User Class and Vendor Class Options?

DHCP provides support for a host of new features. The user-specified and vendor-

specified DHCP options—features that let administrators assign separate options toclients with similar configuration requirements. For example, if DHCP-aware clients

in your human resources (HR) department require a different default gateway or

DNS server than the rest of your clients, you can configure DHCP Class IDs to

distribute these options to HR clients. The options that Class IDs provide override

any scope or global default options that the DHCP server typically assigns.

24. DHCP relay agent where to place it?DHCP Relay agent u need to place in Software Router.

25. DHCP database path folder

C:\WINDOWS\system32\dhcp

26. Can DHCP support statically defined addresses?

Yes. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. This is really a server matter and the client should work either way. The RFC refers to this as manual allocation.

27. Can a DHCP server back up another DHCP server?

You can have two or more servers handing out leases for different addresses. If each has a dynamic pool accessible to the same clients, then even if one server

is down, one of those clients can lease an address from the other server.

However, without communication between the two servers to share theirinformation on current leases, when one server is down, any client with a lease

from it will not be able to renew their lease with the other server. Such

communication is the purpose of the "server to server protocol" (see next

question). It is possible that some server vendors have addressed this issue with their own

proprietary server-to-server communication.



69

28. Where is DHCP defined?

In Internet RFCs.

29. Can DHCP support remote access?

PPP has its own non-DHCP way in which communications servers can handclients an IP address called IPCP (IP Control Protocol) but doesn't have the same flexibility

as DHCP or BOOTP in handing out other parameters. Such a

communications server may support the use of DHCP to acquire the IP addresses it gives

out. This is sometimes called doing DHCP by proxy for the client. I know that Windows NT'sremote access support does this.

A feature of DHCP under development (DHCPinform) is a method by which a

DHCP server can supply parameters to a client that already has an IP number.With this, a PPP client could get its IP number using IPCP, then get the rest of its parameters

using this feature of DHCP.

SLIP has no standard way in which a server can hand a client an IP address, but many

communications servers support non-standard ways of doing this that can be utilized byscripts, etc. Thus, like communications servers supporting PPP, such communications

servers could also support the use of DHCP to acquire the IP addresses to give out.

The DHCP protocol is capable of allocating an IP address to a device without an

IEEE-style MAC address, such as a computer attached through SLIP or PPP, but to do so, it

makes use of a feature which may or may not be supported by the DHCP server: the ability

of the server to use something other than the MACaddress to identify the client. Communications servers that acquire IP numbers

for their clients via DHCP run into the same roadblock in that they have just one MAC

address, but need to acquire more than one IP address. One way such a communications

server can get around this problem is through the use of a set of unique pseudo-MAC

addresses for the purposes of its communications with the DHCP server. Another way (usedby Shiva) is to use a different "client ID type" for your hardware address. Client ID type 1

means you're using MAC addresses. However, client ID type 0 means an ASCII string.

30. What is DHCP Spoofing?

Ascend Pipeline ISDN routers (which attach Ethernets to ISDN lines) incorporate a feature

that Ascend calls "DHCP spoofing" which is essentially a tiny server implementation that hands an IP address to a connecting Windows 95 computer, with the intention of giving it

an IP number during its connection process.

31. How can I control which clients get leases from my server?

There is no ideal answer: you have to give something up or do some extra work.

You can put all your clients on a subnet of your own along with your ownDHCP server.

You can use manual allocation.Perhaps you can find DHCP server software that allows you to list which

MAC addresses the server will accept. DHCP servers that support roaming

machines may be adapted to such use.

You can use the user class option assuming your clients and serversupport it: it will require you to configure each of your clients with a user

class name. You still depend upon the other clients to respect your wishes.



70

Windows Important Questions:-

1. Proxy server:-

In computer networks, a proxy server is a server (a computer system or an application

program) which services the requests of its clients by forwarding requests to other servers.

A client connects to the proxy server, requesting some service, such as a file, connection,web page, or other resource, available from a different server. The proxy server provides

the resource by connecting to the specified server and requesting the service on behalf of

the client. A proxy server may optionally alter the client's request or the server's response,and sometimes it may serve the request without contacting the specified server. In this case,

it would 'cache' the first request to the remote server, so it could save the information for

later, and make everything as fast as possible.A proxy server that passes all requests and replies unmodified is usually called a gateway or

sometimes tunneling proxy.

A proxy server can be placed in the user's local computer or at specific key points between

the user and the destination servers or the Internet.

2. The different types of Proxy Servers:-There are many different types of Proxy Servers out there. Depending on the purpose youcan get Proxy Servers to route any of these common protocols, and many more:

FTP, HTTP, Gopher, IRC, MSN, AIM, ICQ, VOIP, SSL

So out of the common types of Proxy Servers, you end up with the following:

FTP Proxy Server:

Relays and caches FTP Traffic.

HTTP Proxy Server:

A one way request to retrieve Web Pages.

Socks Proxy Server:

A newer protocol to allow relaying of far more different types of data, whether TCP or UDP.

NAT Proxy Server:

This one works a little different, it allows the redirection of all packets without a Program

having to support a Proxy Server.

SSL Proxy Server:

An extension was created to the HTTP Proxy Server which allows relaying of TCP data

similar to a Socks Proxy Server. This one done mainly to allow encryption of Web Page

requests.

Furthermore, a Proxy Server can be split into another two Categories:

Anonymous:

An Anonymous Proxy Server blocks the remote Computer from knowing the identity of the

Computer using the Proxy Server to make requests.



71

Transparent:

A Transparent Proxy Server tells the remote Computer the IP Address of your Computer.This provides no privacy.

3. What proxy can:-

While using GET/POST method (regular surfing the web):

* disable access to certain sites, like www.porno.com or www.icq.com;* disable access to sites, containing banned keywords, like "porno" or even "proxy";

* cut off certain parts on pages (banners);

* disable receiving of files with predefined extensions (*.mp3, *.zip, *.exe, *.rar etc.) and/or

predefined sizes (both in Kbs and/or in pixels, for example - 468x60);* log web surfing activity and send report to system administrator with all web pages

visited;* disable use of any protocols (for example, disable access to "https://..." and/or "ftp://..."sites);

* disable access from any computers to this proxy. In other words it is quite possible that of two near by computers one may work with proxy and another may not;

While using CONNECT method (visiting "https://..." sites, building proxy chains, port

mapping through proxy etc.) or using SOCKS proxy:

* completely disable CONNECT method (or turn off SOCKS proxy). Then ICQ will not work and there will be no access to "https://..." sites;

* disable connection through proxy to certain servers, for example, login.icq.com;

* disable connection through proxy to certain ports, for example, port 25 (SMTP), port 6667

(IRC), port 5190 (ICQ);* disable connection through proxy to all ports except specified, for example, port 443. In

this case proxy names "HTTPS proxy";

4. What proxy cannot:-

* use heuristic analyzer, i.e. make semantic analysis of page contents and disable all sites

with certain materials, despite the keywords;* filter information, for example, block some pages using keywords while using CONNECT

method (or in SOCKS proxy);

* let pass back connections from internet (SOCKS 5 can do it but this is also non-trivial

task);

Resume: proxy server is a computer program, so as any program it has its own merits and

demerits. If administrator tuned a proxy and forgot about it then proxy server always can

be bypassed. Otherwise, your attempts to bypass proxy server are always a battle with sysadmin and all your solutions are temporary - until administrator find and close just another

"hole".

5. What is Backup and types of backup?

Backup: Backup allows to make a secure copy of any object on different location. Backup

extension file name is .bkf.



72

Normal: A normal backup copies all the files which we select and marks each file as having

been backed up (in other words, the archive attribute is cleared). If we take the backupagain it will consider from normal backup.

Incremental: An incremental backup backs up only those files that have been created or

changed since the last normal or incremental backup. It marks files as having been backed

up (in other words, the archive attribute is cleared). If you use a combination of normal andincremental backups, you will need to have the last normal backup set as well as all

incremental backup sets to restore your data.

Differential: A differential backup copies files that have been created or changed since the

last normal or incremental backup. It does not mark files as having been backed up (in other

words, the archive attribute is not cleared). If you are performing a combination of normal

and differential backups, restoring files and folders requires that you have the last normalas well as the last differential backup.

Copy: A copy backup copies all the files you select, but does not mark each file as havingbeen backed up (in other words, the archive attribute is not cleared). Copying is useful if

you want to back up files between normal and incremental backups because copying does

not affect these other backup operations.

Daily: A daily backup copies all the files that you select that have been modified on the day

the daily backup is performed. The backed-up files are not marked as having been backed

up (in other words, the archive attribute is not cleared).

System State backup: In Backup, a collection of system specific data maintained by the OS

that must be backed up as a unit. It is not a backup of the entire system. The System State

data includes the registry, COM+ Class Registration Database, system files, boot files, and

files under Windows File Protection.

For servers, the System State data also includes the Certificate Services database (If theserver is a certificate server).

If the server is Domain Controller, the System State data also includes the AD database andthe SYSVOL directory.

If the server is a node in a cluster, it includes the Cluster database information. The IIS

Metabase is included if IIS is installed.

ASR Backup: ASR is a recovery option that has two parts: ASR backup and ASR restore. You

can access the backup portion through the Automated System Recovery Preparation Wizard

located in Backup. The Automated System Recovery Preparation Wizard backs up the

System State data, system services, and all disks associated with the operating system

components. It also creates a floppy disk, which contains information about the backup, thedisk configurations (including basic and dynamic volumes), and how to accomplish a

restore.

6. Working of ping, telnet, and gopher?

ping is a computer network tool used to test whether a particular host isreachable across an IP network. It works by sending ICMP “echo request” packets to the

target host and listening for ICMP “echo response” replies. ping estimates the round-trip



73

time, generally in milliseconds, and records any packet loss, and prints a statistical

summary when finished.

TELNET (TELecommunication NETwork) is a network protocol used on the Internet or

local area network (LAN) connections. It was developed in 1969 beginning with RFC 15

and standardized as IETF STD 8, one of the first Internet standards.

The term telnet also refers to software which implements the client part of the protocol.

TELNET clients have been available on most Unix systems for many years and are

available for virtually all platforms. Most network equipment and OSs with a TCP/IPstack support some kind of TELNET service server for their remote configuration

(including ones based on Windows NT). Because of security issues with TELNET, its use

has waned as it is replaced by the use of SSH for remote access.

"To telnet" is also used as a verb meaning to establish or use a TELNET or other

interactive TCP connection, as in, "To change your password, telnet to the server and run

the passwd command".

Most often, a user will be telneting to a Unix-like server system or a simple network

device such as a switch. For example, a user might "telnet in from home to check his mail

at school". In doing so, he would be using a telnet client to connect from his computer toone of his servers. Once the connection is established, he would then log in with his

account information and execute operating system commands remotely on that computer,

such as ls or cd.

On many systems, the client may also be used to make interactive raw-TCP sessions,

even when that option is not available, telnet sessions are equivalent to raw TCP as long

as byte 255 never appears in the data.

packet internet gopher (PING)

DefinitionMethod used in determining the response time of an internet connection. PING software

sends a request to an website, and times the receipt of reply (echo) called pong. A part of the Internet Protocol, PING is not directly accessible to the user.

packet internet gopher (PING) is in the Data Management, Communications, & Networks

and Internet & World Wide Web subjects.

7. What is RAID? Types of RAID?

Lets start with the basics. RAID Redundant Array of Independent Discs. In the old days it also used to mean Redundant Array of Inexpensive Discs. A RAID system is a collection

of hard drives joined together using a RAID level definition ( see level below). There are

many uses for RAID. First it can be used to stripe drives together to give more overallaccess speed (level 0). Second it can be used mirror drives (level 1). Third it can be usedto increase uptime of your overall storage by striping drives together and then keeping

parity data, if a drive should fail the system keeps operating (level 5). Most people use

RAID level 5 for the uptime purposes and its ability to join together 16 drives, giving alarge storage block. Read about RAID levels below and see which one suits you best.

RAID Levels

Configure and price a RAID system



74

RAID 0

This is the simplest level of RAID, and it just involves striping. Data redundancy is not even present in this level, so it is not recommended for applications where data is critical.

This level offers the highest level of performance out of any single RAID level. It also

offers the lowest cost since no extra storage is involved. At least 2 hard drives are

required, preferably identical, and the maximum depends on the RAID controller. None

of the space is wasted as long as the hard drives used are identical. This level has becomepopular with the mainstream market for it's relatively low cost and high performance

gain. This level is good for most people that don't need any data redundancy. There are

many SCSI and IDE/ATA implementations available. Finally, it's important to note that if any of the hard drives in the array fails, you lose everything.


RAID 1

This level is usually implemented as mirroring. Two identical copies of data are stored ontwo drives. When one drive fails, the other drive still has the data to keep the system

going. Rebuilding a lost drive is very simple since you still have the second copy. This

adds data redundancy to the system and provides some safety from failures. Someimplementations add an extra RAID controller to increase the fault tolerance even more.

It is ideal for applications that use critical data. Even though the performance benefits are

not great, some might just be concerned with preserving their data. The relative simplicity

and low cost of implementing this level has increased its popularity in mainstream RAIDcontrollers. Most RAID controllers nowadays implement some form of RAID 1.


RAID 2

This level uses bit level striping with Hamming code ECC. The technique used here issomewhat similar to striping with parity but not really. The data is split at the bit level

and spread over a number of data and ECC disks. When data is written to the array, the

Hamming codes are calculated and written to the ECC disks. When the data is read from

the array, Hamming codes are used to check whether errors have occurred since the data

was written to the array. Single bit errors can be detected and corrected immediately. Thisis the only level that really deviates from the RAID concepts talked about earlier. The

complicated and expensive RAID controller hardware needed and the minimum numberof hard drives required, is the reason this level is not used today.


RAID 3

This level uses byte level striping with dedicated parity. In other words, data is stripedacross the array at the byte level with one dedicated parity drive holding the redundancy

information. The idea behind this level is that striping the data increasing performance

and using dedicated parity takes care of redundancy. 3 hard drives are required. 2 for

striping, and 1 as the dedicated parity drive. Although the performance is good, the addedparity does slow down writes. The parity information has to be written to the parity drive

whenever a write occurs. This increased computation calls for a hardware controller, sosoftware implementations are not practical. RAID 3 is good for applications that deal

with large files since the stripe size is small.Configure and price a RAID system

RAID 4

This level is very similar to RAID 3. The only difference is that it uses block levelstriping instead of byte level striping. The advantage in that is that you can change the

stripe size to suit application needs. This level is often seen as a mix between RAID 3 and

RAID 5, having the dedicated parity of RAID 3 and the block level striping of RAID 5.



75

Again, you'll probably need a hardware RAID controller for this level. Also, the

dedicated parity drive continues to slow down performance in this level as well.Configure and price a RAID system

RAID 5

RAID 5 uses block level striping and distributed parity. This level tries to remove the

bottleneck of the dedicated parity drive. With the use of a distributed parity algorithm,

this level writes the data and parity data across all the drives. Basically, the blocks of dataare used to create the parity blocks which are then stored across the array. This removes

the bottleneck of writing to just one parity drive. However, the parity information still has

to be calculated and written whenever a write occurs, so the slowdown involved with that still applies. The fault tolerance is maintained by separating the parity information for a

block from the actual data block. This way when one drive goes, all the data on that drive

can be rebuilt from the data on the other drives. Recovery is more complicated than usual

because of the distributed nature of the parity. Just as in RAID 4, the stripe size can bechanged to suit the needs of the application. Also, using a hardware controller is probably

the more practical solution. RAID 5 is one of the most popular RAID levels being used

today. Many see it as the best combination of performance, redundancy, and storageefficiency.

8. What are the perquisite for installation of Exchange Server ?

The pre requisite are

IIS

SMTP

WWW serviceNNTP

.NET Framework

ASP.NET

Then run Forest prepThe run domain prep

9. Does Windows Server 2003 support IPv6?

Yes, run ipv6.exe from command line to disable it.

10. What’s new in Terminal Services for Windows 2003 Server?

Supports audio transmissions as well, although prepare for heavy network load.

11. How do you double-boot a Win 2003 server box?

The Boot.ini file is set as read-only, system, and hidden to prevent unwanted editing. To

change the Boot.ini timeout and default settings, use the System option in Control Panelfrom the Advanced tab and select Startup.

12. what is the use of terminal servicesTerminal services can be used as Remote Administration mode to administer remotelyas well as Application Server Mode to run the application in one server and users can

login to that server to user that application.

13. How to take DNS and WINS,DHCP backup

%System root%/system32/dns

%System root%/system32/WINS

%System root%/system32/DHCP



76

14. What is recovery console

Recovery console is a utility used to recover the system when it is not bootingproperly or not at all booting. We can perform fallowing operations from recovery

console.

We can copy, rename, or replace operating system files and folders.

Enable or disable service or device startup the next time that start computer

Repair the file system boot sector or the Master Boot Record

Create and format partitions on drives

15. what is RIS and what are its requirements

RIS is a remote installation service, which is used to install operation system remotely.

Client requirements

PXE DHCP-based boot ROM version 1.00 or later NIC, or a network adapter that issupported by the RIS boot disk.

Should meet minimum operating system requirements

Software Requirements

Below network services must be active on RIS server or any server in the network

Domain Name System (DNS Service)

Dynamic Host Configuration Protocol (DHCP)

Active directory “Directory” service

16. How to deploy the patches and what are the softwares used for this process

Using SUS (Software update services) server we can deploy patches to all clients in

the network. We need to configure an option called “Synchronize with Microsoft

software update server” option and schedule time to synchronize in server. We need toapprove new update based on the requirement. Then approved update will be deployed

to clients.

We can configure clients by changing the registry manually or through Group policy

by adding WSUS administrative template in group policy.

17. What is WINS?

WINS (Windows Internet Naming Service) resolves’ Windows network computer names

(also known as NetBIOS names) to Internet IP addresses, allowing Windows computers on a

network to easily find and communicate with each other.

18. How WINS Works?By default, when a computer running Microsoft® Windows® 2000, Windows XP, or a

Windows Server 2003 operating system is configured with WINS server addresses (eithermanually or through DHCP) for its name resolution, it uses hybrid node (h-node) as its node

type for NetBIOS name registration unless another NetBIOS node type is configured. For

NetBIOS name query and resolution, it also uses h-node behavior, but with a fewdifferences.



77

For NetBIOS name resolution, a WINS client typically performs the following general

sequence of steps to resolve a name:

1. Client checks to see if the name queried is its local NetBIOS computer name, which it

owns.

2. Client checks its local NetBIOS name cache of remote names. Any name resolved for a

remote client is placed in this cache where it remains for 10 minutes.3. Client forwards the NetBIOS query to its configured primary WINS server. If the primary

WINS server fails to answer the query--either because it is not available or because it does

not have an entry for the name--the client will try to contact other configured WINS serversin the order they are listed and configured for its use.

4. Client broadcasts the NetBIOS query to the local subnet.

5. Client checks the Lmhosts file for a match to the query, if it is configured to use the

Lmhosts file.6. Client tries the Hosts file and then a DNS server, if it is configured for one

19. Network Configuration and Management Utilities

Administrators use various utilities to configure and manage networks. Following are some

commonly used utilities:

IPCONFIG: IPCONFIG is a command-line utility used to display current TCP/IP network configuration values, and to update or release the Dynamic Host Configuration Protocol

(DHCP) allocated leases. It is also used to display, register, or flush Domain Name System

(DNS) names.

NSLOOKUP: NSLOOKUP is a utility for diagnosing and troubleshooting Domain Name

System (DNS) problems. It performs its function by sending queries to the DNS server and

obtaining detailed responses at the command prompt. This information can be useful for

diagnosing and resolving name resolution issues, verifying whether or not the resource

records are added or updated correctly in a zone, and debugging other server-relatedproblems. This utility is installed along with the TCP/IP protocol through the Control Panel.

PING: PING is a command-line utility used to test connectivity with a host on a TCP/IP-

based network. This is achieved by sending out a series of packets to a specified destination

host. On receiving the packets, the destination host responds with a series of replies. These

replies can be used to determine if the network is working properly.

TRACERT: TRACERT is a route-tracing Windows utility that displays the path an IP packet

takes to reach its destination. It shows the Fully Qualified Domain Name (FQDN) and the IP

address of each gateway along the route to the remote host.

PATHPING: PATHPING is a command-line utility that pings each hop along the route for aset period of time and shows the delay and packet loss along with the tracing functionality

of TRACERT, which helps determine a weak link in the path.

NBTSTAT: NBTSTAT is a Windows utility used to check the state of current NetBIOS over

TCP/IP connections, update the NetBIOS name cache, and determine the registered namesand scope IDs.



78

NETSTAT: NETSTAT is a command-line utility that displays protocol related statistics and

the state of current TCP/IP connections. It is used to obtain information about the openconnections on a computer, incoming and outgoing data, and also the ports of remote

computers to which the computer is connected. The NETSTAT command gets all this

networking information by reading the kernel routing tables in the

memory.

TELNET: TELNET is a command-line connectivity utility that starts terminal emulation with

a remote host running the Telnet Server service. TELNET allows users to communicate with

a remote computer, offers the ability to run programs remotely, and facilitates remoteadministration. The TELNET utility uses the Telnet protocol for connecting to a remote

computer running the Telnet server software, to access files. It

uses TCP port 23 by default.

Windows 7 System Requirements

If you want to run Windows 7 on your PC, here's what it takes: 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor.

1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit).

16 GB available hard disk space (32-bit) or 20 GB (64-bit).

DirectX 9 graphics device with WDDM 1.0 or higher driver.

Additional requirements to use certain features:

Internet access (fees may apply).

Depending on resolution, video playback may require additional memory

and advanced graphics hardware. Some games and programs might require a graphics card compatible with

DirectX 10 or higher for optimal performance.

For some Windows Media Center functionality a TV tuner and additional

hardware may be required.

Windows Touch and Tablet PCs require specific hardware.

HomeGroup requires a network and PCs running Windows 7.

DVD/CD authoring requires a compatible optical drive.

BitLocker requires Trusted Platform Module (TPM) 1.2.

BitLocker To Go requires a USB flash drive.

Windows XP Mode requires an additional 1 GB of RAM and an additional

15 GB of available hard disk space.

Music and sound require audio output.

Product functionality and graphics may vary based on your system

configuration. Some features may require advanced or additional hardware.



79

PCs with multi-core processors:

Windows 7 was designed to work with today's multi-core processors. All 32-

bit versions of Windows 7 can support up to 32 processor cores, while 64-bit

versions can support up to 256 processor cores.

PCs with multiple processors (CPUs):

Commercial servers, workstations, and other high-end PCs may have more

than one physical processor. Windows 7 Professional, Enterprise, and

Ultimate allow for two physical processors, providing the best performance

on these computers. Windows 7 Starter, Home Basic, and Home Premium will

recognize only one physical processor.

See why Windows 7 is better

Makes everyday tasks simpler and easier Windows

XP

Windows

Vista

Windows

7

Multi-task more easily Windows Taskbar

oo

Communicate and share with free photo, e-

mail, and IM programs

Windows Live

Essentials oo

Browse the web easily and more safely Internet Explorer 8

oo

Find files and programs instantly Windows Search

oo

Open the programs and files you use most in

just a click or two

Pin oo

Jump Lists oo



80

Navigate lots of open windows more quickly Snap oo

Peek oo

Shake oo

Easily share files, photos, and music among

multiple PCs at home

HomeGroup oo

Print to a single printer from any PC in the

house

HomeGroup oo

Simplify managing printers, cameras, music

players, and other devices

Device

Management oo

Organize lots of files, documents, and photos

effortlessly

Libraries oo

Connect to any available wireless network in

just three clicks

View Available

Networks oo

Works the way you want it to Windows

XP

Windows

Vista

Windows

7

Personalize your desktop with themes, photos,

and gadgets

Performance

Improvements

oo

Connect to company networks securely Domain Join oo

Run lots of programs at once with better 64-bit Support



81

performance on 64-bit PCs oo

Built-in protection against spyware and other

malicious software

Windows

Defender oo

Help keep your data private and secure BitLocker oo

Manage and monitor your children’s PC use Parental Controls

oo

Run many Windows XP productivity programs Windows XP

Mode oo

Designed for faster sleep and resume Sleep and Resume

oo

Improved power management for longer

battery life

Power

Management oo

Makes new and exciting things possible Windows

XP

Windows

Vista

Windows

7

Watch and record TV on your PC Windows Media

Center oo

Create and share movies and slideshows in

minutes

Windows Live

Movie Maker oo

Get the most realistic game graphics and vivid

multi-media

DirectX 11 oo



82

Stream music, photos, and videos around your

house

Play To oo

Connect to music and photos on your home PC

while away from home

Remote Media

Streaming oo

Touch and tap instead of point and click Windows Touch

oo

= Included in this version of Windows

= Improved in Windows 7

Top 10 Differences between Windows XP and Windows 7

If you skipped over Windows Vista like so many others have, you may be in

for a shock when you upgrade from Windows XP to Windows 7. Microsoft’s

newest operating system is a major shift in usability, convenience, and overall

computing from previous versions of Windows.

Although not all are earth-shattering changes, listed below are the Top 10

differences between Windows XP and Windows 7. Many of these changes mayseem like a big deal because you’ve gotten so used to how things work in XP. If

you are considering upgrading from XP to Windows 7, be prepared for these

changes.

1. No e-mail Client

Outlook Express (OE) has been a trusted friend since Windows 95, so much so

that many people have never used another e-mail client. OE was removed

from Windows Vista but was replaced with Windows Mail. Strangely,Windows does not ship with any e-mail client at all. Users must either

purchase an e-mail client such as Outlook, use a free service such as Windows

Live Mail, or download an open source e-mail client such as Thunderbird.

2. 32-bit vs. 64-bit



83

Although Windows XP did have a 64-bit version (Windows XP x64), many

people are unaware that it even existed. When upgrading from XP to Windows

7, you will have to decide whether you want the 32-bit version (x86) or the

64-bit version (x64). Which you choose largely depends on your computer’s

hardware and the availability of drivers and other software to makeeverything work in your PC.

3. Aero Desktop

The Aero Desktop is really nothing more than a collection of window and

desktop behaviors that make Windows 7 the prettiest version of the operating

system to date. Features such as Aero Snap let you quickly organize open

windows and transparency makes it easy to see what’s underneath other

windows. With Windows XP think opaque, with Windows 7, think translucent.

4. Documents and Settings

The Documents and Settings folder, the location for all protected personal filesand folders, has been replaced with a simple Users folders. Not a big deal, but

many tech support personnel have spent hundreds of hours answering the

simple question of where the Documents and Settings folder went in Windows

5. Start Menu



84

The Start menu in Windows 7 has been completely reworked and has been

met with several criticisms. No longer does the Start menu use fly-outs and

scroll-outs to show you what shortcuts to programs and folders you have on

your computer.

Now you must use a more conservative folder system that forces you to use a

scroll bar to access shortcuts that can’t be displayed because you’ve reached

the maximum number that can be shown at one time. Luckily, if you really like

the Windows XP Start menu, there is a way to make the Windows 7 Start

menu behave like XP.

6. Ribbon



85

Introduced in Office 2007, it is clear that Microsoft will continue to push the

Ribbon interface over the more familiar drop-down menu and toolbar

approach to using programs. If you want to get a taste of the Ribbon, start up

Microsoft Paint or WordPad on a computer running Windows 7 and you can

see for yourself whether the Ribbon is going to be useful or just anothertechnology forced upon you.

7. Libraries

Windows 7 Libraries are nothing more than collections of files that are

similar. Similar content that is located in multiple areas of your computer are

brought together into the Library system to make finding files easier.

Of course, you can choose to use or not use Libraries depending on whether

you find them useful. However, if you store a lot of media on your computer

such as music or video and you want access to them without having to

physically move them the same location or folder, Libraries may be for you.

8. DirectX 11

If you are a gamer, you know that you must keep up with advances in both

hardware and software technology to get the most from your games.

Windows XP will not support DirectX versions beyond 9.0c so if your games

require a higher version such as 10 or 11, you have no choice but to move a

more recent version of Windows.

As more and more people make the switch to Windows 7, the game

developers and publishers are likely to take full advantage of more recent

DirectX versions. Stick with XP too long, and you may be shut out of the

newest games.

9. HomeGroup



86

Whether you have a simple or complicated home network, you know that any

help you can get to make administration easier is always welcomed.

HomeGroup is a major shift in home networking simplicity that makes older

paradigms seem archaic.

Not much has changed in setting up a home network since Windows NT 4, an

operating system from before Windows 95 that you may never have heard of.

Marrying simplicity, easy setup, and stable connections, HomeGroup takes the

guesswork and troubleshooting out of home networking on any scale.

10. Touch Support

Although touch interfaces have been around for a better part of a decade,

touch has not yet replaced the familiar keyboard/mouse combination of

navigating personal computers. Still, Windows 7 is the first operating systemfrom the software giant to natively support touch as a computer interface.

If you think that you would like to be on the frontier of this emerging interface

paradigm, Windows 7 is your only real choice if you want to run a Microsoft

operating system.

Conclusion

Some people have become so comfortable working with Windows XP that

they have avoided upgrading to Microsoft’s newest operating system. TheWindows Vista fiasco didn’t help matters, forcing some diehard fans of XP to

downgrade to make their PCs functional again.

If you are considering upgrading from Windows XP to Windows 7, be

prepared for some new things, some missing things, and a few things in

between. Still, the stability and usability of Windows 7 has been more or less

established so you can rest assured that you are taking a step in the right

direction by leaving XP behind.

Difference between win2k3 and win2k8 server

1: 2008 is a combination of vista and windows 2003 R2

Some new services are introduce in it



87

2: RODC new domain controller in it (Read Only Domain Controller), we cannot rename domain

controller name in 2008.

In 2003 we can rename domain controller name but you must be member of domain admin

groups for rename domain controller.

3: Shadow copy for each and every folder to help prevent inadvertent loss of data in win

2008.

In windows 2003 shadow copy is available only for shared folders.

4: Boot sequence is changed in 2008.

5: installation is 32 bit where as 2003 it is 16 as well as 32 bit, that’s why installation of 2008 is

faster.

6. Services are known as role in it in 2008.

7: Group policy editor is separate option in ADS (2008).

8: WDS (windows deployment services) instead of RIS in 2003 server.

9: The main difference between 2003 and 2008 is Virtualization, management.

2008 has more inbuilt components and updated third party drivers Microsoft introduces new

feature with 2k8 that is Hyper-V Windows Server 2008 introduces Hyper-V (V for

Virtualization) but only on 64bit versions.

10: In Windows Server 2008, Microsoft is introducing new features and technologies, some of

which were not available in Windows Server 2003 with Service Pack 1 (SP1), that will help to

reduce the power consumption of server and client operating systems, minimize

environmental byproducts, and increase server efficiency.

11: windows server 2003 Supports 32&64 bit version and 2008 supports only 64 bit.

The offline domain join capability in Windows Server 2008.

Windows Server 2008 Hardware Requirements

Before investing time and resources into downloading and installing Windows Server 2008, the first step is to gain an appreciation of the hardware requirementsnecessary to effectively run the operating system. The following table provides anoverview of Microsoft's recommended minimum hardware:

Category Minimum / Recommended Requirements



88

Processor • Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor)

• Recommended: 2GHz or faster

Note: For Itanium based systems an Intel Itanium 2 processor is required.

Memory • Minimum: 512MB RAM

• Recommended: 2GB RAM or greater • Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and Datacenter)

• Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and

Itanium-Based Systems)

Available Disk

Space

• Minimum: 10GB

• Recommended: 40GB or greater

Note: Systems with RAM in excess of 16GB will require greater amounts of disk

space to accommodate paging, hibernation, and dump files

Drive DVD-ROM drive

Display and

Peripherals

• Super VGA or greater-resolution monitor (800x600)

• Keyboard

• Microsoft Mouse or compatible pointing device

Windows Server 2008 Editions and System Requirements

Standard Edition

Windows Server 2008 Standard is one of Microsoft's entry level server offerings(alongside Windows Web Server 2008) and is one of the least expensive of thevarious editions available. Both 32-bit and 64-bit versions are available, and in termsof hardware Standard Edition supports up to 4GB of RAM and 4 processors.

Windows Server 2008 is primarily targeted and small and mid-sized businesses(SMBs) and is ideal for providing domain, web, DNS, remote access, print, file andapplication services. Support for clustering, however, is notably absent from thisedition.

An upgrade path to Windows Server 2008 Standard is available from Windows 2000

Server and Windows Server 2003 Standard Edition.

Windows Server 2008 Enterprise Edition

Windows Server 2008 Enterprise Edition provides greater functionality andscalability than the Standard Edition. As with Standard Edition both 32-bit and 64-bitversions are available. Enhancements include support for as many as 8 processorsand up to 64GB of RAM on 32-bit systems and 2TB of RAM on 64-bit systems.



89

Additional features of the Enterprise edition include support for clusters of up to 8nodes and Active Directory Federated Services (AD FS).

Windows Server 2000, Windows 2000 Advanced Server, Windows Server 2003Standard Edition and Windows Server 2003 Enterprise Edition may all be upgraded

to Windows Server 2008 Enterprise Edition.

Windows Server 2008 Datacenter Edition

The Datacenter edition represents the top end of the Windows Server 2008 productrange and is targeted at mission critical enterprises requiring stability and highuptime levels. Windows Server 2008 Datacenter edition is tied closely to theunderlying hardware through the implementation of custom Hardware AbstractionLayers (HAL). As such, it is currently only possible to obtain Datacenter edition aspart of a hardware purchase.

As with other versions, the Datacenter edition is available in 32-bit and 64-bitversions and supports 64GB of RAM on 32-bit systems and up to 2TB of RAM on64-bit systems. In addition, this edition supports a minimum of 8 processors up to amaximum of 64.

Upgrade paths to Windows Server 2008 Datacenter Edition are available from theDatacenter editions of Windows 2000 and 2003.

Windows Web Server 2008

Windows Web Server 2008 is essentially a version of Windows Server 2008designed primarily for the purpose of providing web services. It includes InternetInformation Services (IIS) 7.0 along with associated services such as Simple MailTransfer Protocol (SMTP) and Telnet. It is available in 32-bit and 64-bit versions andsupports up to 4 processors. RAM is limited to 4GB and 32GB on 32-bit and 64-bitsystems respectively.

Windows Web Server 2008 lacks many of the features present in other editions suchas clustering, BitLocker drive encryption, multipath I/O, Windows Internet NamingService (WINS), Removable Storage Management and SAN Management.

Windows Server 2008 Features Matrix

Now that we have covered in general terms the various different editions of Windows Server 2008 we can now look in a little more detail at a feature by featurecomparison of the four different editions. This is outlined in the following featurematrix:



90

Feature Enterprise Datacenter Standard Web Itanium

ADFS Web Agent Yes Yes Yes No No

Directory uIDM Yes Yes Yes No No

Desktop Experience Yes Yes Yes Yes No

Windows Clustering Yes Yes No No Yes

Windows Server Backup Yes Yes Yes Yes Yes

Windows Network Load Balancing (WNLB) Yes Yes Yes Yes Yes

Simple TCP/IP Services Yes Yes Yes No Yes

SMTP Yes Yes Yes Yes No

Subsystem for Unix-Based Applications (SUA) Yes Yes Yes No Yes

Telnet Client Yes Yes Yes Yes Yes

Telnet Server Yes Yes Yes Yes Yes

Microsoft Message Queuing (MSMQ) Yes Yes Yes No Yes

RPC Over HTTP Proxy Yes Yes Yes No Yes

Windows Internet Naming Service (WINS) Yes Yes Yes No No

Wireless Client Yes Yes Yes No No

Windows System Resource Manager (WSRM) Yes Yes Yes Yes Yes

Simple SAN Management Yes Yes Yes No No

LPR Port Monitor Yes Yes Yes No No

The Windows Foundation Components for WinFX Yes Yes Yes Yes Yes

BITS Server Extensions Yes Yes Yes No Yes

iSNS Server Service Yes Yes Yes Yes No

BitLocker Drive Encryption Yes Yes Yes No Yes

Multipath IO Yes Yes Yes No Yes

Removable Storage Management Yes Yes Yes No Yes

TFTP Yes Yes Yes No Yes

SNMP Yes Yes Yes Yes Yes

Server Admin Pack Yes Yes Yes Yes No

RDC Yes Yes Yes No Yes

Peer-to-Peer Name Resolution Protocol Yes Yes Yes Yes Yes

Recovery Disk Yes Yes Yes Yes Yes

Windows PowerShell Yes Yes Yes Yes Yes



91