Top Active Directory Interview Preparation Guide

Download PDF

Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictionaries used by SAP, Domino etc with the help of MIIS (Microsoft Identity Integration Server)

A clean PC is defined as a computer with only the following items on it before you run Discover:
★ The operating system
★ The service packs for the operating system
If you install Veritas Software Console on the computer, it is by definition no longer a clean PC. You must install Veritas Software Console somewhere, but not on the clean PC.

1) Start with a clean PC, or one that is representative of the computers in your network.
2) Start Discover to take a picture of the representative PC's software configuration. This
is the Before snapshot.
3) Install a program on the PC on which you took the Before snapshot.
4) Reboot the PC.
5) Run the new program to verify that it works.
6) Quit the program.
7) Start Discover and take an After snapshot of the PC's new configuration. Discover compares the Before and the After snapshots and notes the changes. It creates a Microsoft Installer package with information about how to install that program on such a PC in the future.
8) (Optional) Use Veritas Software Console to customize the Microsoft Installer package.
9) Clean the reference computer to prepare to run Discover again.
10) (Optional) Perform a test installation of the program on non-production workstations.

To create a new site link:
1) Click Active Directory Sites and Services.
2) Expand the Inter-Site Transports node, right-click IP (or click SMTP if you want to
use SMTP as the inter-site transport protocol), and then click New Site Link. If you have only one site in Active Directory, you receive a message that states that two sites are required for the site link to work. Click OK to continue.

1) Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2) Under DNS, expand the applicable DNS server, expand Forward Lookup Zones (or Reverse Lookup Zones) , and then click the applicable zone.
3) On the Action menu, click Properties.
4) On the General tab, verify that the zone type is Active Directory-integrated.
5) In the Allow dynamic updates? box, click Only secure updates.

1) Right-click the zone, and then click Properties.
2) Click Aging.
3) Click to select the Scavenge Stale Resource Records check box, and then set the interval that you want the Aging feature to use.
If the Aging feature is not enabled at the server level, and you attempt to enable the Aging feature at the zone level, the Aging feature does not work. After you select the appropriate aging periods and you enable the Scavenging feature on the server, outdated records are scavenged.

1) Open the DNS manager.
2) In the left pane, under the DNS icon, right-click the server name.
3) Click Set Aging/Scavanging for all zones.
4) Click to select the Scavenge Stale Resource Records check box, and then set the interval that you want the Aging feature to use.

When any records are orphaned, dynamic DNS on a Windows 2000-based server does not age these records by renaming them or by moving computers to different subnets out of their zones, unless the server is configured to perform this task. Orphans can occur if a group of computers are installed from an image, and then renamed at a later time on another subnet. The reverse look up pointers may not be deleted if the computer is disconnected from the network immediately after the installation. The automatic deletion of these records is possible by enabling the Aging and Scavenging feature on the DNS server.

1) Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2) In the console tree, click Host name (where Host name is the host name of the DNS server).
3) In the console tree, click Reverse Lookup Zones.
4) Right-click Reverse Lookup Zones, and then click New Zone.
5) When the New Zone Wizard starts, click Next to continue.
6) Click Standard secondary, and then click Next. In the Network ID box, type the network ID (for example, type 192.168.0), and then click Next.
7) On the Zone File page, click Next, and then click Finish.

1) Open the DNS MMC in the Secondary Name Server.
2) In the console tree, under DNS, click Host name (where Host name is the host name of the DNS server).
3) In the console tree, click Forward Lookup Zones.
4) Right-click Forward Lookup Zones, and then click New Zone.
5) When the New Zone Wizard starts, click Next to continue.
6) Click Standard secondary, and then click Next.
7) In the Name box, type the name of the zone (for example, example.com), and then click Next.
8) On the Master DNS Servers page, type the IP address of the primary name server for this zone, click Add, click Next, and then click Finish.

1) Open DNS MMC.
2) In the console tree, click Host name (where Host name is the host name of the DNS server).
3) In the console tree, click Forward Lookup Zones.
4) Right-click the zone that you want (for example, example.com), and then click Properties.
5) Click the Name Servers tab, and then click Add.
6) In the Server name box, type the host name of the server that you want to add, for example, namesvr2.example.com.
7) In the IP address box, type the IP address of the name server that you want to add (for example, 192.168.0.22), and then click Add.
8) Click OK, and then click OK.
9) In the console tree, click Reverse Lookup Zones, right-click the zone that you want, and then click Properties.
10) Click the Name Servers tab, and then click Add.
11) In the Server name box, type the host name of the server that you want to add, for example, namesvr2.example.com.
12) In the IP address box, type the IP address of the name server that you want to add (for example, 192.168.0.22), and then click Add.
13) Click OK, and then click OK.

1) Start the DNS snap-in.
2) Under DNS, expand Server1 (where Server1 is the host name of the DNS server). Expand Forward Lookup Zones.
4) Under Forward Lookup Zones, right-click the zone that you want (for example, Microsoft.com), and then click New Alias.
5) In the Alias name box, type www.
6) In the Fully qualified name for target host box, type the fully qualified host name of the DNS server on which IIS is installed. For example, type dns.microsoft.com, and then click OK.

1) Select the scope or DHCP server on which you want to permit dynamic DNS updates.
2) On the Action menu, click Properties, and then click the DNS tab.
3) Click to select the Automatically Update DHCP Client Information In DNS check box.
4) To update a client's DNS records based on the type of DHCP request that the client makes and only when it is requested, click Update DNS Only If DHCP Client Requests.
5) To always update a client's forward and reverse lookup records, click Always Update DNS.
6) Click to select the Discard Forward Lookups When Leases Expire check box to have the DHCP server delete the Host resource record for a client when its DHCP lease expires and is not renewed.
7) Click to select the Enable Updates For DNS Clients That Do Not Support Dynamic Updates check box to enable the DHCP server to update the forward and reverse lookup records for clients that cannot update their own forward lookup records. If you do not select this check box, the DHCP server does not automatically update the DNS records of non-Windows 2000 clients.

1) Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
2) Click the appropriate DHCP server or a scope on the appropriate DHCP server.
3) On the Action menu, click Properties.
4) Click the DNS tab.
5) To enable DNS dynamic update for DHCP clients that support it, click to select the Automatically update DHCP client information in DNS check box. This check box is selected by default.
6) To enable DNS dynamic update for DHCP clients that do not support it, click to select the Enable updates for DNS clients that do not support dynamic updates check box. This check box is selected by default.

1) Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2) Click the appropriate zone under either Forward Lookup Zones or Reverse Lookup Zones.
3) On the Action menu, click Properties.
4) On the General tab, verify that the zone type is either Primary or Active Directory integrated.
5) If the zone type is Primary, click Yes in the Allow dynamic updates? list.
6) If the zone types is Active Directory-integrated, click either Yes or Only secure updates in the Allow dynamic updates? list, depending on whether you want DNS dynamic updates to be secure.

1) Click Start, point to Settings, and then click Network and Dial-up Connections.
2) Right-click the network connection that you want to configure, and then click Properties.
3) Click either the General tab (for the local area connection) or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties.
4) Click Advanced, and then click the DNS tab.
5) To use DNS dynamic update to register both the IP addresses for this connection and the full computer name of the computer, click to select the Register this connection's addresses in DNS check box. This check box is selected by default.
6) To configure a connection-specific DNS suffix, type the DNS suffix in the DNS suffix for this connection box.
7) To use DNS dynamic update to register the IP addresses and the connection-specific domain name for this connection, click to select the Use this connection's DNS suffix in DNS registration check box. This check box is selected by default.

Windows 2000 computers try to dynamically register host address (A) and pointer (PTR) resource records. All computers register records based on their full computer name. Dynamic updates can be sent for any of the following reasons or events:
★ An IP address is added, removed, or modified for any one of the installed network connections.
★ An IP address lease changes or renews. For example, if you use the ipconfig /renew command.
★ You use the ipconfig /registered command to manually force a refresh of the client name registration in DNS.
★ At startup time, when the computer is turned on.
When one of these events triggers a dynamic update, the DHCP Client service (not the DNS Client service) sends updates. This process is designed so that if a change to the IP address information occurs because of DHCP, corresponding updates in DNS are performed to synchronize name-to-address mappings for the computer. The DHCP Client service performs this function for all network connections used on the system, including connections that are not configured to use DHCP.

The DNS service allows client computers to dynamically update their resource records in DNS and improves DNS administration. You can use DDNS in conjunction with DHCP to update resource records when a computer's IP address is changed.

To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server. Set the child DNS server to point to itself only.

For each additional DC that is running DNS, the preferred DNS setting is the parent DNS server (first DC in the domain), and the alternate DNS setting is the actual IP address of network interface.

Check for a disjointed namespace, and then run Netdiag.exe /fix. You must install Support Tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.

If you are able to query the ISP's DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the root hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.

No. If a Windows 2000-based or Windows Server 2003-based server or workstation does not find the DC in DNS, you may experience issues joining the domain or logging on to the domain. A Windows 2000-based or Windows Server 2003-based computer's preferred DNS setting should point to the Windows 2000 or Windows Server 2003 DC running DNS. If you are using DHCP, make sure that you view scope option #15 for the correct DNS server settings for your LAN.

Legacy operating systems continue to use NetBIOS for name resolution to find a DC; however it is recommended that you point all computers to the Windows 2000 or Windows Server 2003 DNS server for name resolution.

★ Net time mypdc /set /y
★ This synchronizes the local computer time with the server named Mypdc.
★ The /set - Time not only be queried, but synchronized with the specified server.
★ The /y switch skips the confirmation for changing the time on the local computer