Top 10 Active Directory Interview Questions And Answers - Part 2 | Tech Aarya Blog - AD L3 Interview
Question 11 - How do you force replication
between two domain controllers in a site?
Answer –
Step 1 Log in to one of your DCs and open Active Directory Sites and Services.
Step 2 Navigate to the site for which you’d like to replicate the domain controllers. Expand it by clicking the arrowhead next to the site name. Expand the Servers. Expand the DC which you’d like to replicate. Click on NTDS Settings.
Step 3 In the right pane, right-click on the server and select Replicate Now.
Step 4 Depending on how many DCs there are, this could take less than a second to a few minutes. When it is complete, you’ll see the notification, “Active Directory Domain Services has replicated the connections.”. Click OK to finish.
Question 12 - How do you change the
schedule for replication between two domain controllers in a site?
Answer –
Step 1 Start the Microsoft Management Console (MMC) Active Directory Sites and Services snap-in. (Select Programs, Step 2 Administrative Tools, Active Directory Sites and Services from the Start menu.)
Step 3 Expand the Sites branch to show the various sites.
Step 4 Expand the site that contains the domain controllers. (The default site Default-First-Site-Name might be your only site.)
Step 5 Expand the servers.
Step 6 Select the server you want to configure replication to, and expand it.
Step 7 Double-click NTDS Settings for the server.
Step 8 Right-click the server you want to set replication from.
Step 9 Select Properties from the context menu.
Step 10 Select the Active Directory Service connection tab.
Step 11 Click Change Schedule.
Step 12 Modify the replication as necessary (see the Screen), and Click OK.
Question 13 - How do you rename a site?
Answer - When you install your first domain controller, the domain controller creates the default site Default-First-Site-Name. This name isn’t helpful, so you might want to rename it.
Step 1 Start the Microsoft Management Console (MMC) Active Directory Sites and Services snap-in. (Select Programs, Step 2 Administrative Tools, Active Directory Sites and Services from the Start menu.)
Expand the Sites branch.
Step 3 Right-click the site you want to rename (i.e., Default-First-Site-Name), and select Rename, as the Screen shows. (Alternatively, select the site and press F2.)
Step 4 Enter the new name, and press Enter.
Question 14 - What DNS Records are added in
DNS When you create a Domain?
Answer –
1 - SOA (start of authority) record: In an AD-integrated zone, each DC/DNS server will have an SOA record with the server’s own IP address in its data field. This indicates that the server hosts a writeable copy of the zone. In a non-AD-integrated zone, only the primary server will host a writeable copy of the zone, so it will be the only server with an SOA record.
2 - NS (name server) records: There should be one of these for each DNS server in the domain.
3 - A (host) records: Each DC should have two host records in this location: one for the DC’s unique hostname and one for the domain. The latter records will have the name (same as parent folder). The data field of each of these records should contain the DC’s IP address.
Question 15 – How to perform AD Online
defragmentation manually 2K3?
Answer –
Using a graphical user interface
Open LDP.
From the menu, select Connection → Connect.
For Server, enter the name of the target domain controller.
For Port, enter 389.
Click OK.
From the menu, select Connection → Bind.
Enter credentials of a user from one of the administrator groups.
Click OK.
From the menu, select Browse → Modify.
Leave the Dn blank.
For Attribute, enter DoOnlineDefrag.
For Values, enter 180.
For Operation, select Add.
Click Enter.
Click Run.
Question 16 - How do you audit Specifc Active
Directory Objects?
Answer –
In order to Audit Active Directory you first you need to enable the Auditing for objects in Active Directory.
Step 1 To configure auditing for specific Active Directory objects:
Step 2 Select Start > Programs > Administrative Tools, and then select Active Directory Users and Computers.
Step 3 Make sure that you select Advanced Features on the View menu.
Step 4 Right-click the Active Directory object that you want to audit, and then select Properties.
Step 5 Select the Security tab, and then select Advanced.
Step 6 Select the Auditing tab, and then select Add.
Step 7 Take one of the following actions:
Type the name of either the user or the group whose access you want to audit in the Enter the object name to select box, and then select OK.
In the list of names, double-click either the user or the group whose access you want to audit.
Select either the Successful or the Failed check box for the actions that you want to audit, and then select OK.
Step 8 Select OK, and then select OK.
Question 17 - How do I check my AD
replication status?
Answer - Running the repadmin /showrepl can help you view the replication status.
If you would like an overall replication health summary, the command repadmin /replsummary should help.
Question 18 - How do I fix Active Directory
replication issues?
Answer - To diagnose replication errors, users can run the AD status replication tool that is available on DCs or read the replication status by running repadmin /showrepl.
To view only the replication errors, use the command: repadmin /showrepl /errorsonly
Question 19 - How do you force AD
replication?
Answer - To force replication between two domain controllers, run the following command on the DC you wish to update:
repadmin /syncall <DC-name> /AeD
In case you want to make changes on a DC and push replication to other DCs, the following command should do the trick:
repadmin /syncall <DC-name> /APeD
Question 20 - How often does AD replication
occur?
Answer - Intra-site replication: With the exception of critical directory updates that are replicated immediately, the source DC updates changes to its closest replication partner every 15 seconds.
Inter-site replication: By default, the replication interval is 180 minutes and can be adjusted to be as low as 15 minutes.
Question 21 - What is the default
replication time for Active Directory?
Answer - Intra-site replication: With the exception of critical directory updates that are replicated immediately, the source DC updates changes to its closest replication partner every 15 seconds.
Inter-site replication: By default, the replication interval is 180 minutes and can be adjusted to be as low as 15 minutes.
To change the default replication time, users can go into the Active Directory Sites and Services snap-in → Inter-site transport container → IP container → Site link you want to modify the interval on → Enter your desired value besides "Replicate every" → Save changes
No comments:
Post a Comment