Interview Question & Answer MCSE & CCNA

MCSE - Windows: Active Directory, Functional Levels, FSMO Roles

GlobalCatalog, What is LDAP, KDC

57.Explain Global Catalog. What kind of AD infrastructure makes most use of GlobalCatalog?

The Global catalog is a container which contains a searchable partial replica of all objects from all domains of the forest, and full replica of all objects from thedomain where it is situated. The global catalog is stored on domain controllersthat have been designated as global catalog servers and is distributed throughmultimaster replication. Global catalogs are mostly used in multidomain,multisite and complex forest environment, where as Global catalog does notfunction in a single domain forest.

58.Global Catalog and Infrastructure master roles cannot be configure in same Domain Controller. Why?

In a forest that contains only a single Active Directory domain, there is no harmin placing both GC and Infrastructure master in same DC, becauseInfrastructure master does not have any work to do in a single domainenvironment. But in a forest with multiple and complex domain structure, theinfrastructure master should be located on a DC which is not a Global Catalogserver. Because the global catalog server holds a partial replica of every objectin the forest, the infrastructure master, if placed on a global catalog server, willnever update anything, because it does not contain any references to objectsthat it does not hold.

59.How do you check all the GCs in the forest?

Command line method: nslookup gc._msdcs.<forest root DNS Domain Name>,nltest /dsgetdc:corp /GC. GUI method: Open DNS management, and under‘Forward Lookup Zone’, click on GC container. To check if a server is GC or not,go to Active Directory Sites and Services MMC and under ‘Servers’ folder, takeproperties of NTDS settings of the desired DC and find Global Catalog option ischecked59.

60. How many objects can be created in Active Directory? (both 2003 and 2008)

As per Microsoft, a single AD domain controller can create around

2.15 billion objects during its lifetime.

 

61.Can you explain the process between a user providing his Domain credential to his workstation and the desktop being loaded? Or how the AD authenticationworks?

When a user enters a user name and password, the computer sends the username to the KDC. The KDC contains a master database of unique long termkeys for every principal in its realm. The KDC looks up the user's master key(KA), which is based on the user's password. The KDC then creates two items:a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expirationtime. The KDC encrypts this ticket by using its own master key (KKDC), whichonly the KDC knows. The client computer receives the information from theKDC and runs the user's password through a one-way hashing function, whichconverts the password into the user's KA. The client computer now has asession key and a TGT so that it can securely communicate with the KDC. Theclient is now authenticated to the domain and is ready to access otherresources in the domain by using the Kerberos protocol.

62.What is LDAP?

Lightweight Directory Access Protocol (LDAP) is an Internet standard protocolwhich is used as a standard protocol for Active Directory functions. It runsdirectly over TCP, and can be used to access a standalone LDAP directoryservice or to access a directory service that is back-ended by X.500.

63.Which is default location of Active Directory? What are the main files related to AD?

Active Directory related files are by default located at %SystemRoot%\ntdsfolder. NTDS.DIT is the main Active Directory database file. Apart from thisother files such as EDB.LOG, EDB.CHK, RES1.LOG, TEMP.EDB etc. are alsolocated at the same folder.

64.In a large forest environment, why we don’t configure all Domain Controllers as GCs?

Global Catalog servers produce huge traffic related to the replicationprocess.There for making all the domain controllers in the forest as GlobalCatalog servers will cause network bandwidth poroblem. GCs should be placedbased on Network bandwidth and user or application requirement.