Hard-Network

. How can Active Directory be installed?

Ans. Active Directory can be installed in one of two ways:

a) using the dcpromo.exe command.
b) By using the Configure the Server administrative tool.

2. How can Active Directory Installation be verified?

Ans. Active Directory installation can be Verify by checking for SRV and A records on the DNS server for the
new domain controller.

3. In Which mode the Active Directory is installed initially?

Ans. Active Directory is initially installed in mixed mode; if you want to change it to native mode,
you will have to do it manually.

4. Does the native mode support NT4 Domain Controller?

Ans. Once converted to native mode, a domain cannot revert to mixed mode to support NT 4 domain controllers.

5. How can Authoritative Restore be performed?

Ans. Authoritative restore can be Perform by booting the computer in Directory Services Repair Mode
and running ntdsutil.exe.

6. How can new sites be configured in Active Directory?

Ans. New sites are configured through Active Directory Sites and Services.
After creating a new site, the following tasks must be completed:

a. Add appropriate IP subnets to the site.
b. Install or move a domain controller or controllers into the site. Although a
domain controller is not required for a site, it is strongly recommended.
c. Connect the site to other sites with the appropriate site link.
d. Select a server to control and monitor licensing within the site.
e. All site links are bridged by default.
f. Site link bridges can be explicitly defined if a network is not fully routed.

7. How can Inbound Replication be configured?

Ans. Inbound replication can be configured through connection objects.


8. What is KCC and what is its function?

Ans. The KCC (Knowledge Consistency Checker) maintains schedules and settings for default site links
and bridges. Administrator-configured connection objects require manual configuration and maintenance.

9. When Cost is used?

Ans. Cost is used to determine which path to take between sites when multiple links exist.

10. What Information is kept in GC Servers?

Ans. Global Catalog (GC) servers maintain a read- only subset of information in the complete Active Directory database.

11. What is the Procedure of Configuring GC Server?

Ans. To configure a server as a GC server, use Active Directory Sites and Services. Select the desired domain controller, then right-click on NTDS settings and choose properties. Check the box for Global Catalog.

12. How can Backup of AD System state data be taken?

Ans. The AD system state data backup can be taken by using windows 2000 backup utility.

13. When Authoritative restore is used?

Ans. Authoritative restore is used when you want your restored settings to overwrite existing AD settings
on other domain controllers, such as if an object (OU, user account, and so on) are accidentally deleted from the database.

14. When Non-Authoritative restore is used?

Ans. Non-Authoritative restore is use when you are restoring out-of-date information and
want the restored data to be overwritten by newer data stored in Active Directory on other domain controllers.
For example, you would do this if you were recovering a DC from a failed hard drive and restored the server.

15. What is Kerberos Trust?

Ans. All domains in a tree automatically establish two way trust relationships called Kerberos trusts. Trust relationships between Windows 2000 domains and NT 4 domains must be configured manually, just as you would configure a trust relationship between two NT 4 domains.


16. Does the Caching Server store editable copy of database?

Ans. Caching servers do not store an editable copy of the zone database. Active directory integrated zones can reside only on domain controllers, not member servers or non-Windows 2000 servers of any kind (NT 4, Unix, and so on).

17. What should be checked if a user gets an error message Domain controller cannot be found while logging in?

Ans. If a user who is trying to log on gets an error that a Domain controller cannot be found, check for the presence of SRV records in the DNS database for domain controllers.

18. What is the function of secure dynamic updates?

Ans. Secure dynamic updates allow only computers and users who have been given permission to update their records into the DNS database. Secure dynamic update is supported only for Active Directory integrated zones.

19. How DNS Replication is accomplished?

Ans. DNS replication is accomplished through Active Directory replication for AD integrated zones and zone transfer for standard zones.

20. Why should a reverse lookup zone be configured?

Ans. A reverse lookup zone must be configured in order to perform reverse lookup queries. Installing AD through Configure Your Server does not create a reverse lookup zone in DNS.