MCSA Interview Question Answers
What is SID and Lingering objects?
What is SID and Lingering objects?
When a domain controller is detached for a certain time span that is longer than the TSL, one or more objects that are eliminated from Active Directory on all other domain controllers may rest on the detached domain controller. Such objects are known as lingering objects. Because the domain controller is offline throughout the time that the tombstone is on live, the domain controller never obtains the copy of the tombstone.
How Sysvol is relevant to MCSA?
Explain File Replication Service (FRS).
In Windows 2000, the SYSVOL share is used to authorize users. The SYSVOL share encompass group policy information which is also copied to all local domain controllers. File replication service (FRS) is used to copy the SYSVOL share. The “Active Directory Users and Computers” tool is used to alter the file replication service timetable.
Describe Lightweight Directory Access Protocol (LDAP).
An LDAP URL names the server holding Active Directory services and the Attributed Name of the object. For example:
Describe universal group membership caching.
By default, the universal group membership information included in the cache of each domain controller will be again refreshed every 8 hours. Up to 500 universal group memberships can be upgraded in a single time at once. Universal groups could not be generated in mixed mode.
What is an ACL or access-control list?
What is an ACE or access-control entry?
How Is Multi-Master Operation executed?
There is a cohorts of Flexible Single Master Operations (FSMO) which can only be accomplished on a single controller. An administrator decides which operations should be done on the master controller. These operations are all allocated and done on the master controller by default and can be transmitted later. FSMO operations prototypes include:
Schema Master: The schema master domain controller takes into account all upgrades and changes to the schema. There can be just one schema master in all of the forest.
Domain naming master: The domain naming master domain controller takes into charge the extra or removing of domains in the forest and accountability of assure that domain names are peculiarly available in the forest. There can be just one domain naming master in the whole forest.
What is an Infrastructure Master?
The infrastructure is responsible for upgrading references from objects in its domain to objects in other domains. At any single time, there can be just one domain controller acting as the infrastructure master in every domain.
This works when we are renaming any group membership object this role takes into account.
Here it should be noted that the Infrastructure Master (IM) role must be taken by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will not upgrade object information because it does not include any mention to objects that it does not contain. This is because a Global Catalog server has a partial copy of every object in the forest. This facility results in the cross-domain object references in that domain will not be upgraded and a warning to that extent will be logged on that DC’s event log.
And if all the domain controllers in a domain also host the global catalog, all the domain controllers have the existing data, and it is not necessary to note as to which domain controller holds the infrastructure master role in the first place.
What is Relative ID (RID) Master?
What PDC Emulator and what does it do?
Tasks done by the PDC emulator:
- User account and password changes.
- SAM directory replication requests.
- Domain master browser requests.
- Authentication requests.
- Group Policy Objects (GPO).
What are the New Active Directory features in Windows Server 2003?
- Numerous selection of user objects.
- Drag-and-drop functionality.
- Effective search capabilities. Search functionality is object-oriented and offers the best search that minimizes.
- Saved queries. Save usually used search parameters for the purpose of reusability in Active Directory Users and Computers.
- Active Directory command-line tools.
InetOrgPerson class. The inetOrgPerson class has been inserted to the base purpose as a security principal and can be used in a similar way as the user class. The user Password features can also be used to set the account password.
Capability to add extra domain controllers with the supportive backup media. Minimizing the time it takes to append an extra domain controller in an already existing domain with the support of backup media.
Universal group membership caching. It blocks the need to identify a global catalog across a WAN when logging on by storing global group membership information on an authorized domain controller.
Secure LDAP traffic. Active Directory management tools sign and enclose all LDAP traffic by a norm. Signing LDAP traffic assures that the data set in compact mode comes from a familiar source and that it has not been meddled with.
Active Directory Quotas. Quotas can be mentioned in Active Directory to stop the number of objects a user, group, or computer can use privately in a given directory partition.
What are Windows Functional levels?
14. How many types of domain and forest functional levels?
- Windows 2000 Mixed (supports NT4/2000/2003 DCs)
- Windows 2000 Native (supports 2000/2003 DCs)
- Windows Server 2003 Interim (supports NT4/2003 DCs)
- Windows Server 2003 (supports only 2003 DCs)