MCSA Interview Question Answers

MCSA Interview Question Answers

Question 1
What is SID and Lingering objects?
Answer A security identifier (SID) is a data figure in binary alignment that includes a variable number of values. When a DC generates a security main object like a user or group, it links a unique Security ID (SID) to the object. This SID comprised of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is peculiar for each security Principal SID designed in a domain.

When a domain controller is detached for a certain time span that is longer than the TSL, one or more objects that are eliminated from Active Directory on all other domain controllers may rest on the detached domain controller. Such objects are known as lingering objects. Because the domain controller is offline throughout the time that the tombstone is on live, the domain controller never obtains the copy of the tombstone.

Answer : Sysvol is a divided directory that stores the server copy of the domain’s public files, which are copied multiple times among all domain controllers in the domain. The Sysvol has the data in a GPO: the GPT, which contains Administrative Template-based Group Policy settings, script files, security settings, and information about the applications that are obtainable for software positioning. It is in turn copied using the File Replication Service (FRS).

Answer :
In Windows 2000, the SYSVOL share is used to authorize users. The SYSVOL share encompass group policy information which is also copied to all local domain controllers. File replication service (FRS) is used to copy the SYSVOL share. The “Active Directory Users and Computers” tool is used to alter the file replication service timetable.

Answer : It describes and orders how clients and servers transmit information about a directory. LDAP version 2 and version 3 are used by Windows 2000 Server’s Active Directory.

An LDAP URL names the server holding Active Directory services and the Attributed Name of the object. For example:

LDAP://SomeServer.Myco.Com/CN=jamessmith,CN=Sys,CN=Product,CN =Division,DC=myco,DC=domain-controller

Answer :Because of the available network bandwidth and server hardware restrictions, it may not be practically possible to have a global catalog in smaller subdivision office locations. For these sites, we can run domain controllers running Windows Server 2003, which can store global group membership information in a local setting.

By default, the universal group membership information included in the cache of each domain controller will be again refreshed every 8 hours. Up to 500 universal group memberships can be upgraded in a single time at once. Universal groups could not be generated in mixed mode.

Answer : ACL in fact is a list of security protections that can be installed to an object. (An object can be a file, process, event, or anything else having a security descriptor.)

Answer : ACE has a set of access rights and a security identifier (SID) that points out a trustee for whom the rights are permitted, denied, or audited.

Answer :In Windows 2000 & 2003, every domain controller can have alterations, and the changes are copied to all other domain controllers. The everyday operations that are linked with administering users, groups, and computers are usually multi-master operations.

There is a cohorts of Flexible Single Master Operations (FSMO) which can only be accomplished on a single controller. An administrator decides which operations should be done on the master controller. These operations are all allocated and done on the master controller by default and can be transmitted later. FSMO operations prototypes include:

Schema Master: The schema master domain controller takes into account all upgrades and changes to the schema. There can be just one schema master in all of the forest.

Domain naming master: The domain naming master domain controller takes into charge the extra or removing of domains in the forest and accountability of assure that domain names are peculiarly available in the forest. There can be just one domain naming master in the whole forest.

Answer : Coherent cross-domain group membership alters all the time. The infrastructure master cannot be executed on a global catalog server (unless all DCs are also GCs.)

The infrastructure is responsible for upgrading references from objects in its domain to objects in other domains. At any single time, there can be just one domain controller acting as the infrastructure master in every domain.

This works when we are renaming any group membership object this role takes into account.

Here it should be noted that the Infrastructure Master (IM) role must be taken by a domain controller that is not a Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will not upgrade object information because it does not include any mention to objects that it does not contain. This is because a Global Catalog server has a partial copy of every object in the forest. This facility results in the cross-domain object references in that domain will not be upgraded and a warning to that extent will be logged on that DC’s event log.

And if all the domain controllers in a domain also host the global catalog, all the domain controllers have the existing data, and it is not necessary to note as to which domain controller holds the infrastructure master role in the first place.

Answer : The task of Relative ID master is to assign RID and SID to the newly generated object like users and computer systems. If RID master is inactive, we can create security objects up to RID pool can be obtained in DC. If that’s not the case we cannot create any object one down When a DC creates a security principal object like a user or group, it links a specific Security ID (SID) to the given object. This SID comprises of a domain SID (the same for all SIDs generated in a domain), and a relative ID (RID) that is unique for each security Principal SID created in a domain.

Answer : The computer Active Directory functions as a Windows NT PDC when Active Directory is in varied mode. Automatically the first server that becomes a Windows 2000 domain controller takes the role of PDC emulator.

Tasks done by the PDC emulator:

  • User account and password changes.
  • SAM directory replication requests.
  • Domain master browser requests.
  • Authentication requests.
  • Group Policy Objects (GPO).

Answer : There are some notable features here in the NAD in Windows Server 2003.

  • Numerous selection of user objects.
  • Drag-and-drop functionality.
  • Effective search capabilities. Search functionality is object-oriented and offers the best search that minimizes.
  • Saved queries. Save usually used search parameters for the purpose of reusability in Active Directory Users and Computers.
  • Active Directory command-line tools.

InetOrgPerson class. The inetOrgPerson class has been inserted to the base purpose as a security principal and can be used in a similar way as the user class. The user Password features can also be used to set the account password.

Capability to add extra domain controllers with the supportive backup media. Minimizing the time it takes to append an extra domain controller in an already existing domain with the support of backup media.

Universal group membership caching. It blocks the need to identify a global catalog across a WAN when logging on by storing global group membership information on an authorized domain controller.

Secure LDAP traffic. Active Directory management tools sign and enclose all LDAP traffic by a norm. Signing LDAP traffic assures that the data set in compact mode comes from a familiar source and that it has not been meddled with.

Active Directory Quotas. Quotas can be mentioned in Active Directory to stop the number of objects a user, group, or computer can use privately in a given directory partition.

Answer : In Windows 2000 Active Directory domains are the concept of Mixed and Native Modes. The default mixed mode allows both NT and Windows 2000 domain controllers to coexist. Once you convert to Native Mode, you are only allowed to have Windows 2000 domain controllers in your domain. The conversion is a one-way conversion — it cannot be reversed. In Windows Server 2003, Microsoft introduced forest and domain functional levels. The concept is rather similar to switching from Mixed to Native Mode in Windows 2000. The new functional levels give you additional capabilities that the previous functional levels didn’t have.

Answer : There are altogether four different domain functional stages:

  • Windows 2000 Mixed (supports NT4/2000/2003 DCs)
  • Windows 2000 Native (supports 2000/2003 DCs)
  • Windows Server 2003 Interim (supports NT4/2003 DCs)
  • Windows Server 2003 (supports only 2003 DCs)

Are you Interested In Joining ?

Attend a Free Demo Session with a sip of Coffee.


Refer the related Interview Question and Answers

MCSA Interview Question and Answers

Top 15 Windows Server Interview Questions and Answers

September 26, 2018
© 2019 Hope Tutors. All rights reserved.

Site Optimized by