Active Directory Interview Questions and Answers

Answer - 41 : - Yes, you can use dirXML or LDAP to connect to other directories. In Novell you can use E-directory.

Answer - 42 : - IPSec provides secure gateway-to-gateway connections across outsourced private wide area network (WAN) or Internet-based connections using L2TP/IPSec tunnels or pure IPSec tunnel mode. IPSec Policy can be deployed via Group policy to the Windows Domain controllers 7 Servers.

Answer - 43 : - User Mode & Application Mode.

Answer - 44 : - RsOP is the resultant set of policy applied on the object (Group Policy).

Answer - 45 : - Windows 2K boot process on a Intel architecture. 1. Power-On Self Tests (POST) are run. 2. The boot device is found, the Master Boot Record (MBR) is loaded into memory, and its program is run. 3. The active partition is located, and the boot sector is loaded. 4. The Windows 2000 loader (NTLDR) is then loaded. The boot sequence executes the following steps: 1. The Windows 2000 loader switches the processor to the 32-bit flat memory model. 2. The Windows 2000 loader starts a mini-file system. 3. The Windows 2000 loader reads the BOOT.INI file and displays the operating system selections (boot loader menu). 4. The Windows 2000 loader loads the operating system selected by the user. If Windows 2000 is selected, NTLDR runs NTDETECT.COM. For other operating systems, NTLDR loads BOOTSECT.DOS and gives it control. 5. NTDETECT.COM scans the hardware installed in the computer, and reports the list to NTLDR for inclusion in the Registry under the HKEY_LOCAL_MACHINE_HARDWARE hive. 6. NTLDR then loads the NTOSKRNL.EXE, and gives it the hardware information collected by NTDETECT.COM. Windows NT enters the Windows load phases.

Answer - 46 : - In Windows 2000 Server, you used to have to boot the computer whose password you wanted to change in Directory Restore mode, then use either the Microsoft Management Console (MMC) Local User and Groups snap-in or the command net user administrator * to change the Administrator password. Win2K Server Service Pack 2 (SP2) introduced the Setpwd utility, which lets you reset the Directory Service Restore Mode password without having to reboot the computer. (Microsoft refreshed Setpwd in SP4 to improve the utility?s scripting options.) In Windows Server 2003, you use the Ntdsutil utility to modify the Directory Service Restore Mode Administrator password. To do so, follow these steps: 1. Start Ntdsutil (click Start, Run; enter cmd.exe; then enter ntdsutil.exe). 2. Start the Directory Service Restore Mode Administrator password-reset utility by entering the argument ?set dsrm password? at the ntdsutil prompt: ntdsutil: set dsrm password. 3. Run the Reset Password command, passing the name of the server on which to change the password, or use the null argument to specify the local machine. For example, to reset the password on server testing, enter the following argument at the Reset DSRM Administrator Password prompt: Reset DSRM Administrator Password: reset password on server testing To reset the password on the local machine, specify null as the server name: Reset DSRM Administrator Password: reset password on server null 4. You?ll be prompted twice to enter the new password. You?ll see the following messages: 5. Please type password for DS Restore Mode Administrator Account: 6. Please confirm new password: Password has been set successfully. 7. Exit the password-reset utility by typing ?quit? at the following prompts: 8. Reset DSRM Administrator Password: quit

Answer - 47 : - In Windows Server 2003, you can use the dsmod command-line utility with the -delmbr switch to remove a group member from the command line. You should also look into the freeware utilities available from www.joeware.net . ADFind and ADMod are indispensable tools in my arsenal when it comes to searching and modifying Active Directory.

Answer - 48 : - Since NT4 relies on NetBIOS for name resolution, verify that your WINS server (you do have a WINS server running, yes?) contains the records that you expect for the 2000 domain controller, and that your clients have the correct address configured for the WINS server.

Answer - 49 : - By using replication monitor go to start > run > type repadmin go to start > run > type replmon

Answer - 50 : - Because of the tombstone life which is set to only 60 days.