Interview Question & Answer MCSE & CCNA

MCSE - Windows: Active Directory, Functional Levels, FSMO Roles

Selective Authentication, Active Directory Trusts, ADAC, ADSIEDIT, ADMT, Lingering Objects in AD

50.What is selective Authentication?

Selective authentication is generally used in forest trust and external trusts.Selective authentication is a security setting which allows administrators togrant access to shared resources in their organization’s forest to a limited setof users in another organization’s forest. Selective authentication method candecide which groups of users in a trusted forest can access shared resources inthe trusting forest.

51.Give me brief explanation of different types of Active Directory trusts.

Trusts can be categorized by its nature. There can be two-way trust or one-waytrust,implicit or explicit trust, transitive or non transitive trust. Trust can becategorized by types, such as parent and child, tree root trust, external trust,realm trust forest trust and shortcut trust.

52.Have you heard of ADAC?

ADAC- Active Directory Administrative Center is a new GUI tool came with Windows Server 2008 R2, which provides enhanced data management experience to the admin. ADAC helps administrators to perform common Active Directory object management task across multiple domains with the same ADAC instance.

53.What is the use of ADSIEDIT? How do we install it in Windows Server 2003 AD?

ADSIEDIT- Active Directory Service Interfaces Editor is a GUI tool which is used to perform advanced AD object and attribute management. This Active Directory tool helps us to view objects and attributes that are not visiblethrough normal Active Directory Management Consoles. ADSIEDIT can bedownloaded and installed along with Windows Server 2003 Support Tools.

54. I am unable to create a Universal Security group in my Active Directory? Whatwill be the possible reason?

 This is due to domain functional level. If domain functional level of WindowsServer 2003 AD is Windows 2000 Mixed, Universal Group option will be greyedout. You need to raise domain functional level to Windows 2000 native or above

55.What is ADMT? What is it used for?

ADMT - Active Directory Migration Tool, is a tool which is used for migrating Active Directory objects from one domain to another. ADMT is an effective tool that simplifies the process of migrating users, computers, and groups to new domains

56.What do you mean by Lingering Objects in AD? How to remove Lingering Objects?

When a domain controller is disconnected for a period that is longer than the tombstone life time, one or more objects that are deleted from Active Directory on all other domain controllers may remain on the disconnected domain controller. Such objects are called lingering objects. Lingering objects can be removed from Windows Server 2003 or 2008 using REPADMIN utility