Windows Interview Page 4
|Windows Interview Page 6|
How to change the delay of initial Notification of an Intrasite Replication partner?
How to change the default replication interval between domain controller with in a site?
The default Replication interval between the Domain controllers with in a site is 5 minutes (300 seconds). To change the interval follow the below steps
Log in as Domain Administrator è Start è Run è Regedt32.exe è Navigate to HKLM\SYSTEM\CurrentControlset\services\NTDS\ è Click on Parameters è Double click on Replication notify pause after modify (secs) è In the base box, click decimal è In the value data box, type the number of seconds for the delayèClick OK
How to change the Garbage Collection Period?
The Garbage collection period determines how often expired tombstones are removed from the directory database. This period is governed by an attribute value on the Directory services object in the configuration container. The default value is 12 (hours).
Decrease the period to perform garbage collection more frequently. Increase the period to perform garbage collection less frequently.
Log in Enterprise Admin è Start è Programs è Support tools è Tools è ADSI Edit è Expand Configuration container è Expand CN= Configuration è Expand CN = Services è Expand CN =Windows NT è Right Click CN=Directory Service è click on properties è Click Garbagecollperiod è click Set è Click OK
How to change the Priority for DNS SRV Records in the Registry?
To prevent Clients from sending all requests to a single domain controller, the domain controllers are assigned a priority value. Client always send requests to the domain controller that has the lowest priority value. If more than one domain controller has the same value, The clients randomly choose from the group of domain controllers with the same value. If no domain controllers with the lowest priority value are available, then the clients send requests to the domain controller with the next highest priority. A domain Controller’s priority value is stored in registry. When the domain controller starts, the Net Logon service registers domain controller, the priority value is registered with the rest of its DNS information. When a client uses DNS to discover a domain controller, the priority for a given domain controller is returned to the client with the rest of the DNS information. The client uses the priority values to help determine to which domain controller to send requests.
The value is stored in the LdapSrvPriority registry entry. The default value is 0 and it can be range from 0 through 65535.
Note: A lower value entered for LdapSrvPriority indicates a higher priority. A domain controller with an LdapSrvPriority setting of 100 has a lower priority than a domain controller with a setting of 10. Therefore, client attempts to use the domain controller with the setting of 100 first.
To change priority for DNS SRV records in the registry
Log on as Domain Admin è Start è Run è Regedit è HKLM\SYSTEM|CurrentControlSet\Services\Netlogon\Parameters è Click Edit è Click New è Click DWORD value è For the New value name, type LdapSrvPriority è Click Enter è Double click the value name that just you typed to open the Edit DWORD Value dialogue box è Enter a value from 0 through 65535. The default value is 0 è Choose Decimal as the Base option è Click OK è Close the Registry editor.
How to change the Weight for DNS Records in the Registry?
To increase client requests sent to other domain controllers relative to a particular domain controller, adjust the weight of the particular domain controller to a lower value than the others. All domain controllers starts with a default weight setting of 100 and can be configured for any value from 0 through 65535, with a data type of decimal. When you adjust the weight, consider it as a ratio of the weight of this domain controller to the weight of the other domain controllers. Because the default for the other domain controller is 100, the number you enter for weight is divided by 100 to establish the ratio. For example, if you specify a weight of 60, the ratio to the other domain controller is 60/100. The reduces to 3/5, so you can expect clients to be referred to other domain controller 5 times for every 3 times they get referred to the domain controller you are adjusting.
To change weight for DNS SRV records in the registry
Log on As domain Admin è Start è Run è regedit è HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters è Click edit è Click New è Click DWORD Value è For the new value name, type LdapSrvWeight èClick Enter è Double click on the value name you just typed to open the Edit DWORD Value dialogue box è Enter a Value from 0 through 65535, the default value is 100. è Choose Decimal as the Base option è Click OK è Close Registry editor.
How to check Directory Database Integrity?
Prior to performing any other troubleshooting procedures relative to a suspected database problem, or immediately following offline defragmentation, perform a database integrity check.
Restart the domain controller in Directory Services Restore Mode è Open command prompt è Type Ntdsutil, press enter è Type files, press Enter è type integrity, press enter.
Note the status that is reported when the integrity check is completed.
Ø If the integrity check completes successfully, type q and press Enter to return to the ntdsutil prompt. Then go for semantic database analysis.
Ø If the integrity check reports errors, perform directory database recovery.
Semantic Database Checkup:
At ntdsutil prompt type Semantic database analysis, press enter è At the Semantic checker: prompt type verbose on, and then press Enter è at the semantic checker: prompt type Go and then press enter
Complete the Database Integrity check as follows:
Ø If no errors are detected in the status at the end of the procedure, type quit again to close Ntdsutil.exe, and then restart in normal mode.
Ø If Symantic Database analysis reports recoverable errors, then perform semantic database analysis with fixup. If errors are not recoverable, then either restore the domain controller from backup or rebuild the domain controller.
How to do metadata clean up?
If you give the new domain controller the same name as the failed computer, then you need perform only the first procedure to clean up metadata, which removes the NTDS settings object of the failed domain controller. If you will give the new domain controller a different name, then you need to perform all three procedures.: Clean up metadata, remove failed server object from the site and remove the computer object from the domain controller container.
Log on as Enterprise admin è Open command prompt è Type ntdsutil è Type metadata cleanup è At the metadata cleanup: prompt type connect to the server servername, Where servername is the name of the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller, press Enter è Type quit and press Enter to return to the metadata cleanup: prompt. è Type Select operation target and press Enter è Type List domains and press Enter, this list the all domains in the forest with a number associated with each. è Type select domain number, where number is the number corresponding to the domain in which he failed server was located, press Enter è Type list sites, press enter è Type select site number, where number is the number of the site in which the domain controller was a member, press enter è Type list servers in site press Enter è Type Select server number, and then press Enter where number refers to the domain controller to be removed. è Type quit press Enter, the metadata cleanup menu is displayed. è Type remove selected server press Enter.
At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.
Type quit, and press Enter until you return to the command prompt.
If a new domain controller receives a different name than the failed domain controller, perform the following additional steps.
Note: Do not perform the additional steps if the computer will have the same name as the failed computer,. Ensure that the hardware failure was not the cause of the problem. If the faulty hardware is not changed, then restoring through reinstallation might not help.
To remove the failed server object from the sites
In the Active Directory sites and services, Expand the appropriate site è Delete the server object associated with the failed domain controller.
To remove the failed server object from the domain controllers container
In Active Directory users and computers, expand the domain controllers container è Delete the computer object associated with the failed domain controller.
How to view the list of preferred list of Bridgehead servers?
To see all servers that have been selected as preferred bridgehead servers in a forest, you can view the bridgeheadserverlistBL attribute on the IP container object.
Log in Domain Admin è Open ADSI edit è Expand Configuration container è Expand CN=Configuration,DC=ForestRootDomainName, CN=Sites, and CN=Inter-Site Trasports. è Right Click on CN=IP and then click properties è In the Select a property to view box, click bridgeheadServerListBL.
The Values box displays the distinguished name for each server object that is currently selected as a preferred bridgehead server in the forest. If the value is <not set>, no preferred bridgehead servers are currently selected.
How to view replication metadata of an object?
Replication metadata identifies the history of attributes that have been replicated for a specified object. Use this procedure to identify time, dates, and Update Sequence Numbers (USNs) of attribute replications, as well as the domain controller on which replication originated.
To view replication metadata of an object
Log in as Domain Admin è Open command prompt and type the following command press enter.
Repadmin /showmeta distinguishedName serverName
§ Distinguisedname is the LDAP distinguished name of an object that exists on ServerName.
§ Domain Name is the domain of ServerName
§ Username is the name of an administrative account in that domain.
Note: If you are logged on as an administrator in the domain of the destination domain controller, omit the /u: and /pw: switches.
How to verify the Existence of the Operations Master?
How do you verify whether Operations Masters working properly or not?
This test verifies that the operations masters are located and that they are online and responding.
Dcdiag /s:domaincontroller /test:knowsofroleholders
Dcdiag /s:domaincontroller /test:fsmocheck
How to verify that Windows Time Service is Synchronizing Time?
To verify use the following commands.
Net stop w32time
W32tm –once –test
Net start w32time
How to verify Successful Replication to a Domain Controller?
Use Repadmin.exe to verify success of Replication to a specific domain controller. Run the /showreps command on the domain controller that receives replication (the destination domain controller). In the output under INBOUND NEIGHBORS, Repadmin.exe shows the LDAP distinguished name of each directory partition for which inbound directory replication has been attempted, the site and name of the source domain controller, and whether it succeeded or not, as follows.
Ø Last attempt @ YYYY-MM-DD HH:MM.SS was successful.
Ø Last attempt @ [Never} was successful.
To verify successful replication to a domain controller
Use the following command
Repadmin /showreps ServerName /u:domainName\Username /pw:*
Where servername is the name of the destination domain controller.
How to verify Replication is Functioning?
To check if replication is working, use the following command
To verify that the proper permissions are set for replication, use the following command.
How to verify Network connectivity?
To verify network connectivity first ping to the self IP address, and then ping to the default gateway, and then ping to the remote computer.
To verify that the routers on the way to the destination are functioning correctly. Use the pathping command.
Pathping <IP address>
What is the switch that is used to restart in Directory service Restore mode in boot.ini file?
Use the following switch along with the path.
/safeboot:dsrepair (I hope this switch is available in Windows 2003 only)
Suppose ipconfig /registerdns command is not working. What could be the problem?
The dhcp client service might be stopped. So go to the services.msc and enable the dhcp client service.
What are the functional levels we have in Windows 2003?
There are 2 types of functional levels in Windows 2003.
Ø Forest Functional Level
Ø Domain Functional Level
What is forest functional level in Windows 2003?
The functional level of Active Directory forest that has one or more domain controllers running Windows server 2003. The functional level of a forest can be raised to enable new Active Directory features that will apply to every domain controller in the forest. There are 3 forest functional level.
Ø Windows 2000 (Supports NT, 2000, 2003 domain controllers)
Ø Windows server 2003 interim (supports only NT, 2003 domain controllers)
Ø Windows server 2003 (Supports only 2003 family domain controllers)
Note: When you raise the functional level to windows server 2003 interim or windows server 2003 you will get advanced forest wide Active Directory features.
What is domain functional level in Windows 2003?
The functional level of Active Directory domain that has one or more domain controllers running Windows server 2003. The functional level of a domain can be raised to enable new Active Directory features that will apply to that domain only. There are 4 domain functional level.
Ø Windows 2000 mixed (supports NT, 2000, 2003 domain controllers)
Ø Windows 2000 native (supports 2000, 2003 domain controllers only)
Ø Windows server 2003 interim (supports NT, 2003 domain controllers only)
Ø Windows server 2003 (Supports only 2003 domain controllers)
Note: When you raise the domain functional level you will get additional features.
Note: By default domain operates at the Windows 2000 mixed mode functional level.
How to raise forest functional level in Windows 2003?
Start è Programs è Administrative tools è Active Directory Domains and Trusts è Right click on the Active Directory Domains and Trusts è Select Raise Forest functional level è Select the required forest functional level è click OK
Note: To perform this you must be member of Domain Admin group (in the forest root domain) or the Enterprise admin group.
How to raise domain functional level in Windows 2003?
Start è Programs è Administrative tools è Active Directory Users and computes è Right click on the domain name è Select Raise domain functional level è Select the appropriate domain level è click OK
Note: If the functional level is windows server 2003 then you will get all the features that are available with 2003. When Windows NT or Windows 2000 domain controllers are included in your domain or forest with domain controller running Windows server 2003, Active Directory features are limited.
Note: Once if you raise the domain or forest functional level you cannot revert back.
Advantages of different functional levels:
When ever you are in Windows 2000 mixed mode the advantage is you can use Windows NT, 2000, 2003 domain controllers. The limitations are
Ø you cannot create universal groups
Ø You cannot nest groups
Ø You cannot convert groups (i.e., conversion between security groups and distribution groups)
Ø some additional dial in features will be disabled
Ø you cannot rename the domain controller.
Ø SID history disabled.
About cable modems
Unlike traditional modems, which convert analog and digital signals to exchange data over a telephone line, cable modems use Internet protocol to transmit data over a cable television line.
About digital subscriber lines
Digital subscriber lines, such as ADSL or DSL, are high-speed Internet connections offered by an Internet service provider (ISP). You operate as though you are on a network and are assigned an IP address.
About ISDN lines
Integrated Services Digital Networks (ISDN) are digital telephone services that can transmit digital and voice data at much faster speeds than traditional modems.
What is Automated System Recovery?
Windows server 2003 has some tools to assist the administrator in safeguarding the system against failure. One such tools is the Automated System Recovery (ASR) set that should be created after installing the server, after major changes are made and also schedule at a regular interval.
How to create an ASR set?
Logon as administrator or backup operator è start è Run è ntbackup.exe è Select Automated System Recovery
How to Recovering from a system failure with the ASR set?
Insert the original operating system Installation CD into CD drive è Restart your computer è boot from CD è Press F6 when prompted for Automated System Recovery è Insert the Floppy disks of ASR
How to redirect output of a command to a text file from command prompt?
To redirect output of a command to a text file use the following syntax,
Commandname > filename.txt
What is the command that is used to display and modify security permissions of a folder?
The command is xcacls.exe.
What is teaming?
Teaming is the concept of combing two or more LAN cards for more speed. For n number of LAN cards there will be only one IP address. By teaming you can increase speed. For example if you are teaming 5 LAN cards of 100 MBPS now your network speed is 500 MBPS.
Note: You can assign one IP address to n number of LAN cards and at the same you can assign n number of IP addresses to LAN card.