ACTIVE DIRECTORY & DOMAIN

What is Active Directory?

Active Directory is a feature of Windows Server OS and it contains User Accounts, Objects/Host Names, Group Policies and Domain Services. For example, Active Directory will have information about a user login credentials. In addition, it can contain group policy that will apply different permissions to user accounts that belong to specific groups within organization; within a domain.

What is a Group Policy?

Active Directory assigns a Group Policy to each new user added in to the database. For example; if you work in Desktop Support, your user login credentials and permissions will be assigned to a Group Policy. In Active Directory you can take any user and place them in to a Group that has predetermined settings. Group policy can restrict read/write or execute and restrict access to network resources.

 What are GPOs (Group Policy Objects)?

This is the frequently asked Windows Server Interview Questions. The settings that control the working environment of user accounts and computer accounts are known as Group Policy Object (GPO). This help is defining the security options, software installation, registry-based policies and maintenance options, script options and folder redirection options

There are two types of Group Policy Objects:

• • Nonlocal Group Policy objects: These are available only in an Active Directory environment and are stored on a domain controller

• Local Group Policy Objects: These are stored on local computers (individual computers)

Explain if it is possible to connect Active Directory to other 3rd party Directory services?

Yes, you can connect other vendors directory services with Microsoft version.  By using dirXML or LDAP to connect to other directories.

Explain where is the AD database is held?

AD database is saved in %systemroot%/ntds.  Files that controls the AD structure are

• NTDS.DIT

All the Active Directory changes are not written directly to the NTDS.DIT database file. They are first written to EDB.Log and thereon from the log file to the database.

NTDS.DIT: This is the Active Directory database and contains all the AD objects. The default location is %system root%nrdsnrds.dit, this database is based upon the Jet database.

• EDB.Log

EDB.Log: This file is to track the transactions on the database, when EDB.Log is full it gets renamed to EDB Num.log where a num is a number starting from 1 like EDB1.log

EDB.Che is used to tracking the updates to the database it acts as an update log file to check what operations are performed to the database.

EDB.Che: This file is used to check for the data that is not yet written to a database. This file has the starting point to the data can be recovered during failures.

• RES1.log

• RES2.log

• EDN.chk

Res1.log and Res2.log: Res stands for reserved transaction file which provides the transaction log file enough time to shut down if the disk runs out of space.

Tell Me About Active Directory Database And List The Active Directory Database Files?

The Active Directory database files as follows:

• • DIT

  • Log

  • Che

  • log and Res2.log

What Is Use Active Directory Partitions? And How To Find The Active Directory Partitions And There Location?

The different type’s of active directory partitions are as below:

• Schema Partition–This partition stores all the details of the objects and their attributes, it also replicates to other domain controllers which are present in the Forest

• Configuration Partition– This partition stores all the information about the Active Directory. The information includes  Site, site-link, subnet etc. this partition also replicates to all domain controllers which are present in the Forest

• Domain Partitions– This partition stores the information of the domain which includes user, computer, group, printer etc. this partition also replicates to all domain controllers which are present in the domain.

• Application Partition– This partition stores the applications information in Active Directory.Exampels– ForestDNSZones and DomainDNSZones

Do you know what Garbage Collection is?

Garbage Collection is a process designed to free space inside Active Directory. This is performed by default every 12 hours (defrag).

What is a Domain?

Leading in from the previous question; Domain IS a group of computers and users connected to a network. A user will have Domain login access once their credentials are created/added to that specific Domain within Active Directory. In other words, your PC login will most likely be a Domain login. As a side note, PC host names must be added to the same Domain, but user can still login even if the computer is attached to another Domain; within the same network.

Explain what is the primary function of the domain controller?

Primary function of the domain controller is to validate users to the networks, it also provide a catalog of Active Directory Objects.

Do you know what SYSVOL folder is?

System Volume folder is a directory that houses a copy of domain files found on a local hard drive within Domain Controller. This data is shared for purpose of replication across domain; for example user logon scripts and Windows Group Policy

What is the difference between a forest and a domain?

A domain is a logic based group of computers, users and devices within Active Directory. A tree is a collection of domains; in case there are multiple trees formed a forest is created.

How do you back up Active Directory?

Active Directory can be backed up by using NTBACKUP tool that comes with 2003 server. With 2008 server a command prompt is used to perform backup: type “wbadmin start systemstatebackup -backuptarget:e:”