General discussion

Locked

Interesting ADS questions

By k4k ·
Hi !! Techies,

Your response is highly appreciated . am alloting 1500 points. thanks in advance . here are the questions..

1. An OU within AD has been deleted, what method would you use to recover the object?

2. 2. At 10:30am on Domain controller A the marketing OU was removed, at 10:30 and 30 secs on DC B a user account was created in the marketing OU. Once replication had occurred between DC?s what would be the outcome?

3. 3. Describe the 3 types of security groups within AD and how would you use them?

4. 4. What are the main differences between a GC and a DC in a multi domain forest?

5. Describe the process that occurs when logging onto a windows AD domain using an XP or W2K client that has DHCP enabled?

6. Describe the advantages of deploying AD integrated DNS as opposed to using a combination of primary and secondary DNS zones?

7. How can you enable a client, which does not support Dynamic DNS, to register dynamically with DNS?

8. Although down level windows client cannot directly register with DNS what other method of dynamic name resolution can they use?

9. A printer is moved from VLAN A to VLAN B, how would you set up the Windows 2000/2003 print queue and printer to ensure that printing continued without further intervention?

10. What are the differences between VMware ESX and VMware GSX?

11. How many virtual machines can an ESX server host and how is this determined?

12. Within KPMG the firms DATA is stored on Network Appliance Filers, how is DATA redundancy ensured using this technology?

13. A group of people from a KPMG office require permissions to a resource on a windows file system for the next 6 months, what method would you use to grant access?

14. Within a windows AD domain I need to remove registry editing access from a group of machines, what is the easiest method to do this?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by p.j.hutchison In reply to Interesting ADS questions

Answers to some of questions below:
1. Use AD Authoratative Restore to restore the missing OU.
2. Probably get an error that the OU is missing.
3. Can be confusing this. Best read from a book to determine differences.
4. None, a GC is a small catalog of objects on a domain used for authenticating users and locating objects quickly. DC can be set up as a GC or not depending on number of DCs and no of users.
5. IP process or authentication process?
6. AD integrated has the advantage of only one copy of DNS database and is replicated as part of the domain database, no seperate databases are kept and is uses AD replication rather than seperate DNS replication.
7. You don't. Clients have to be manually registered using DNS MMC.
8. You can use WINS for alt. name resolution esp for NT4, 98 clients
9. The IP address would certainly change if moved between VLANs. So, the only change needed is the TCPIP port on the printer driver, clients will pick up new settings when they next login.
13. Use groups to provide access.
15. Use GPOs and groups to do this.

Collapse -

by Jeromey In reply to Interesting ADS questions

Sounds like you need to take a class or read a book. All the above questions can be answered by just doing a little research. It really irritates me when "technicians" do no research before asking questions. Save your 1500 points and purchase book from Amazon.

Collapse -

by gurzick In reply to Interesting ADS questions

Answer:

10. GSX is for departmental server consolidation, streamlining development and testing operations. ESX is for the enterprise level, highly scalable for mission critical enviroments.

11. 8 per CPU (80 Max.), CPU and Memory

12. Filers use built in RAID solutions depending on client configurations

Collapse -

Answers from Prabu.C

by ch.prabu In reply to Interesting ADS questions

1.We can user Authroratitve Restore method to restore deleted OU.
2. Once replication has completed, the new user created in DC B will replicate to DC A.
3. Security, Domain Local, Universal

Collapse -

Maybe a few classes are called for...

1. An OU within AD has been deleted, what method would you use to recover the object?
-Use the NTDSUtil to perform an Authoritative Restore of AD. Reboot the DC, press F8, select Directory Services Restore Mode. At the command prompt, type ntdsutil, thus, [C:\ntdsutil>ntdsutil]. The server responds with the ntdsutil prompt, type [authoritative restore], the authoritative restore prompt appears, type the command [restore object OU=bosses,DC=ourdom,DC=com]

2. At 10:30am on Domain controller A the marketing OU was removed, at 10:30 and 30 secs on DC B a user account was created in the marketing OU. Once replication had occurred between DC?s what would be the outcome?
-The user account would be created and then placed in the Lost and Found folder after the next replication.

3. Describe the 3 types of security groups within AD and how would you use them?
-There are actually 4 types divided in function by the use of scopes; Local, Domain Local, Global and Universal.
Local-On the local machine (there are no local groups on a DC). These are normally user accounts, such as Administrator, Bob, Jane, etc.
Domain Local-These are local to the domain and are best used for granting access rights to resources such as file systems or printers that are located on any computer in the domain where common access permissions are required.
Global- These are used for combining users who share a common access profile based on job function or business role. Typically, organizations use global groups for all groups where membership is expected to change frequently. These groups can only have, as members, user accounts defined in the same domain as the global group.
Universal-Are used in larger, multidomain organizations where there is a need to grant access to similar groups of accounts defined in multiple domains. It is better to use global groups as members of universal groups to reduce overall replication traffic from changes to universal group membership.
You use the Microsoft principle of AGGUDLP. Add users to Global Groups, add global groups to Universal groups and then use Domain Local groups to grant access to resources by setting permissions on them.

4. What are the main differences between a GC and a DC in a multi domain forest?
-A Global Catalog is a searchable repository (catalog) of a subset of information of every object in a domain or every domain in a multidomain forest. A Domain Controller can host the Global Catalog and can use that information to manage (control) the domain. You must have a minimum of 1 (one) GC in a domain otherwise, users will be unable to log onto the domain and no resources can be accessed.

5. Describe the process that occurs when logging onto a windows AD domain using an XP or W2K client that has DHCP enabled?
-The DCHP protocol uses broadcasts, thus;
A. When connected to the network, the XP client sends a DHCPDiscover broadcast to request IP address information from a DHCP server.
B. All DHCP Servers broadcast a DHCPOffer with IP configuration information and the 'best offer' is accepted by the client. The 'best offer' in the Windows world is the first offer received.
C. The client then broadcasts a DHCPRequest to request the IP details from the 'best offer' server.
D. The server then broadcasts a DHCPAck acknowledging the DHCPRequest and forwards any options together with the IP information.

6. Describe the advantages of deploying AD integrated DNS as opposed to using a combination of primary and secondary DNS zones?
-Advantages:Multi-master replication, no single point of failure (SPOF), load balancing, speed of queries

7. How can you enable a client, which does not support Dynamic DNS, to register dynamically with DNS?
-Add an option within DHCP to allow the client to update its own record, then configure Active Directory-integrated zones for secure dynamic updates so that only authorized users can make changes to a zone or to a record.

8. Although down level windows client cannot directly register with DNS what other method of dynamic name resolution can they use?
-ALL Windows clients use DNS as a means of name resolution. You may opt to use the now old and pretty much unsafe HOSTS file or NetBIOS over TCP/IP (NetBT).

9. A printer is moved from VLAN A to VLAN B, how would you set up the Windows 2000/2003 print queue and printer to ensure that printing continued without further intervention?
-Set up DHCP reservation to the printer's MAC address.

10. What are the differences between VMware ESX and VMware GSX?
-GSX, aka Server is a free product, though no less than ESX. Both are aimed at datacentre deployment. VMware Server requires an underlying OS to install on, whereas ESX Server acts as an operating system, booting the hardware and managing it to achieve all required virtualization tasks, in the same way an appliance would do.

11. How many virtual machines can an ESX server host and how is this determined?
-There is no theoretical limit on the number of hosts (VMs). You can have as many as 1016 hosts per virtual switch, however, there is no limit on the virtual switches you can have.

12. Within KPMG the firms DATA is stored on Network Appliance Filers, how is DATA redundancy ensured using this technology?
-A Filer is a storage device that handles redundancy through the use of hardware-based RAID. NetApp supports either SATA, Fibre Channel, or SAS disk drives, which it groups into RAID groups of up to 28 disks -26 data disks plus 2 parity disks.

13. A group of people from a KPMG office require permissions to a resource on a windows file system for the next 6 months, what method would you use to grant access?
-AGGUDLP: Add users to Global Groups, add the global groups to Universal Groups (optional if using within a single domain). Add the resources to Domain Local groups and give permissions to the Global Group.

14. Within a windows AD domain I need to remove registry editing access from a group of machines, what is the easiest method to do this?
-Add the machines to an OU in AD. Set up a GPO Software Restriction Policy in GPO Editor to restrict the running of RegEdit.exe and RegEdt32.exe and add the DL groups to this rule. To link a GPO to a domain or OU, Use the Active Directory Users and Computers snap-in. Right-click the site, domain, or OU to which you want to link the GPO, and select Properties. Select the Group Policy tab, to create, edit, and manage GPOs.

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums