AD and DNS

8/12/2019 AD and DNS

1/22

What is Active Directory ?Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user information, computer information and also other network object info. It has capabilities tomanage and administor the complite Network which connect with AD.

>What is domain ?indows N! and indows "###, a domain is a set of network resources $applications, printers,and so forth% for a group of users. !he user need only to log in to the domain to gain access to theresources, which may be located on a number of different servers in the network. !he &domain& issimply your computer address not to confused with an '(). A domain address might looksomething like "**.*+#. - .

>What is domain controller ?A Domain controller $D/% is a server that responds to security authentication re0uests $loggingin, checking permissions, etc.% within the indows 1erver domain. A domain is a conceptintroduced in indows N! whereby a user may be granted access to a number of computer

resources with the use of a single username and password combination.

>What is LDAP ?)ightweight Directory Access 2rotocol )DA2 is the industry standard directory access protocol,making Active Directory widely accessible to management and 0uery applications. ActiveDirectory supports )DA2v3 and )DA2v".

>What is KCC ?4// $ knowledge consistency checker % is used to generate replication topology for inter sitereplication and for intrasite replication.with in a site replication traffic is done via remote

procedure calls over ip, while between site it is done through either (2/ or 1M!2.

>Where is the AD database held? What other folders are related to AD?!he AD data base is store in c56windows6ntds6N!D1.DI!.

>What is the SYSVOL folder?!he sys78) folder stores the server&s copy of the domain&s public files. !he contents such asgroup policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.

>What are the Windo s Server !""# $eyboard shortc%ts ? inkey opens or closes the 1tart menu. inkey 9 :(;A4 displays the 1ystem 2roperties dialog

bo opens the1earch panel with 1earch for /omputers module selected. inkey 9 >* opens =elp. inkey 9 Mminimi?es all. inkey 9 1=I>!9 M undoes minimi?ation. inkey 9 ( opens (un dialog.

inkey 9 ' opens the 'tility Manager. inkey 9 ) locks the computer.

>Where are the Windo s &' Primary Domain Controller (PDC) and its *ac$%+ Domain


2/22

Controller (*DC) in Server !""# ? !he Active Directory replaces them. Now all domain controllers share a multimaster peer@to@peer read and write relationship that hosts copies of the Active Directory.

>, am tryin- to create a ne %niversal %ser -ro%+. Why can/t , ?

'niversal groups are allowed only in native@mode indows 1erver "##3 environments. Nativemode re0uires that all domain controllers be promoted to indows 1erver "##3 ActiveDirectory.

>What is LSDO0 ? It s group policy inheritance model, where the policies are applied to L ocalmachines, Sites, Domains and O rgani?ational 0 nits.

>Why doesn/t LSDO0 or$ %nder Windo s &' ? If the NTConfig.pol file eWhat/s the n%mber of +ermitted %ns%ccessf%l lo-ons on Administratoracco%nt? 'nlimited. (emember, though, that it s the Administrator account, not any accountthat s part of the Administrators group.

> What/s the difference bet een -%est acco%nts in Server !""# and other editions? More restrictive in indows 1erver "##3.

> 1o many +ass ords by defa%lt are remembered hen yo% chec$ 23nforce Pass ord1istory 4emembered2? 'ser s last - passwords.

> Can 5C Server and ,nfrastr%ct%re +lace in sin-le server ,f not e6+lain hy B No, As Infrastructure master does the same job as the C/. It does not work together.

> Which is service in yo%r indo s is res+onsible for re+lication of Domain controller toanother domain controller.4// generates the replication topology.'se 1M!2 (2/ to replicate changes.

> What ,ntrasite and ,ntersite 4e+lication BIntrasite is the replication with in the same site E intersite the replication between sites.

> What is lost 7 fo%nd folder in ADS BIt s the folder where you can find the objects missed due to conflict.;ound >older.

> What is 5arba-e collection BCarbage collection is the process of the online defragmentation of active directory. It happensevery *" =ours.


3/22

> What System State data contains B/ontains 1tartup files,(egistry/om 9 (egistration DatabaseMemory 2age file

1ystem filesAD information/luster 1ervice information1F178) >older

, ant to set%+ a D&S server and Active Directory domain. What do , do first? ,f , installthe D&S service first and name the 8one 9name.or-9 can , name the AD domain 9name.or-9too?

Not only can you have a DN1 ?one and an Active Directory domain with the same name, it&sactually the preferred way to go if at all possible. Fou can install and configure DN1 beforeinstalling Active Directory, or you can allow the Active Directory Installation i?ard $dcpromo%

itself install DN1 on your server in the background.

>1o do , determine if %ser acco%nts have local administrative access?Fou can use the net localgroup administrators command on each workstation $probably in a loginscript so that it records its information to a central file for later review%. !his command willenumerate the members of the Administrators group on each machine you run it on. Alternately,you can use the (estricted Croups feature of Croup 2olicy to restrict the membership ofAdministrators to only those users you want to belong.

>What is the ,S'5? Who has that role by defa%lt?indows "### Domain controllers each create Active Directory (eplication connection objects

representing inbound replication from intra@site replication partners. >or inter@site replication,one domain controller per site has the responsibility of evaluating the inter@site replicationtopology and creating Active Directory (eplication /onnection objects for appropriate

bridgehead servers within its site. !he domain controller in each site that owns this role isreferred to as the Inter@1ite !opology Cenerator $I1!C%.

>What is difference bet een Server !""# vs !"":?*. 7irtuali?ation. $ indows 1erver "##G introduces =yper@7 $7 for 7irtuali?ation% but only on- bit versions. More and more companies are seeing this as a way of reducing hardware costs byrunning several &virtual& servers on one physical machine.%". 1erver /ore $provides the minimum installation re0uired to carry out a specific server role,such as for a D=/2, DN1 or print server%3. :etter security.

. (ole@based installation.H. (ead 8nly Domain /ontrollers $(8D/%.-. ;nhanced terminal services.+. Network Access 2rotection @ Microsoft&s system for ensuring that clients connecting to 1erver"##G are patched, running a firewall and in compliance with corporate security policies.G. 2ower1hell @ Microsoft&s command line shell and scripting language has proved popular with


4/22

some server administrators.. II1 + .

*#. :itlocker @ 1ystem drive encryption can be a sensible security measure for servers located inremote branch offices. br !he main difference between "##3 and "##G is 7irtuali?ation,management. "##G has more in@build components and updated third party drivers.

**. indows Aero.

>What are the re;%irements for installin- AD on a ne server?* !he Domain structure." !he Domain Name .3 storage location of the database and log file.

)ocation of the shared system volume folder.H DN1 config Methode.- DN1 configuration.

>What is LDP?

)D2 5 )abel Distribution 2rotocol $)D2% is often used to establish M2)1 )12s when trafficengineering is not re0uired. It establishes )12s that follow the eWhat are the 5ro%+s ty+es available in active directory ?1ecurity groups5 'se 1ecurity groups for granting permissions to gain access to resources.1ending an e@mail message to a group sends the message to all members of the group. !hereforesecurity groups share the capabilities of distribution groups.

Distribution groups5 Distribution groups are used for sending e@main messages to groups of

users. Fou cannot grant permissions to security groups. ;ven though security groups have all thecapabilities of distribution groups, distribution groups still re0uires, because some applicationscan only read distribution groups.

>36+lain abo%t the -ro%+s sco+e in AD ?Domain )ocal Croup5 'se this scope to grant permissions to domain resources that are located inthe same domain in which you created the domain local group. Domain local groups can e


5/22

groups as you can add a global group into another global group from any domain. >inally to provide permission to domain specific resources $like printers and published folder%, they can bemembers of a Domain )ocal group. Clobal groups eWhat is ADS,3D,' ?AD1I;DI! 5AD1I;dit is a Microsoft Management /onsole $MM/% snap@in that acts as a low@level editor for Active Directory. It is a Craphical 'ser Interface $C'I% tool. Networkadministrators can use it for common administrative tasks such as adding, deleting, and movingobjects with a directory service. !he attributes for each object can be edited or deleted by usingthis tool. AD1I;dit uses the AD1I application programming interfaces $A2Is% to access ActiveDirectory. !he following are the re0uired files for using this tool5 AD1I;DI!.D)) AD1I;DI!.

>What is &3'DO< ?

N;!D8M is a command@line tool that allows management of indows domains and trustrelationships. It is used for batch management of trusts, joining computers to domains, verifyingtrusts, and secure channels.

>What is 43PADrom and (eps!o% as seen from the perspective of each domaincontroller. In addition, (epadmin can be used to manually create the replication topology$although in normal practice this should not be necessary%, to force replication events betweendomain controllers, and to view both the replication metadata and up@to@dateness vectors.

>1o to ta$e bac$%+ of AD ?>or taking backup of active directory you have to do this 5 first go 1!A(! @ 2(8C(AM@ A//;18(I;1 @ 1F1!;M !88)1 @ :A/4'2 8( 8pen run window and ntbackup andtake systemstate backup when the backup screen is flash then take the backup of 1F1!;M1!A!; it will take the backup of all the necessary information about the syatem including AD

backup , DN1 ;!/.


6/22

>What are the DS= commands ?!he following D1 commands5 the D1 family built in utility .D1mod @ modify Active Directory attributes.D1rm @ to delete Active Directory objects.D1move @ to relocate objects

D1add @ create new accountsD10uery @ to find objects that match your 0uery attributes.D1get @ list the properties of an object

>What are the re;%irements for installin- AD on a ne server?An N!>1 partition with enough free space.An Administrator&s username and password.!he correct operating system version.A NI/ 2roperly configured !/2 I2 $I2 address, subnet mask and @ optional @ default gateway%.A network connection $to a hub or to another computer via a crossover cable% .An operational DN1 server $which can be installed on the D/ itself% .

A Domain name that you want to use .!he indows "### or indows 1erver "##3 /D media $or at least the i3G- folder% .

>36+lain abo%t 'r%st in AD ?!o allow users in one domain to access resources in another, Active Directory uses trusts. !rustsinside a forest are automatically created when domains are created.

!he forest sets the default boundaries of trust, not the domain, and implicit, transitive trust isautomatic for all domains within a forest. As well as two@way transitive trust, AD trusts can be ashortcut $joins two domains in different trees, transitive, one@ or two@way%, forest $transitive,one@ or two@way%, realm $transitive or nontransitive, one@ or two@way%, or e


7/22

indows 1erver "##3 offers a new trust type L the forest root trust. !his type of trust can be usedto connect indows 1erver "##3 forests if they are operating at the "##3 forest functional level.Authentication across this type of trust is 4erberos based $as opposed to N!)M%. >orest trustsare also transitive for all the domains in the forests that are trusted. >orest trusts, however, arenot transitive.

>Difference bet een LD,@D3 and CSVD3?/17D; is a command that can be used to import and e $)DA2 Data Interchange >ormat% file is a file easily readable inany teD; can be used to edit anddelete eWhat are a++lication +artitions? When do , %se them ?AN application diretcory partition is a directory partition that is replicated only to specificdomain controller.8nly domain controller running windows 1erver "##3 can host a replica of

application directory partition.'sing an application directory partition provides redundany,availability or fault tolerance byreplicating data to specific domain controller pr any set of domain controllers anywhere in theforest.

>1o do yo% create a ne a++lication +artition ?'se the Dns/md command to create an application directory partition.!o do this, use the following synta DN of partition

>1o do yo% vie all the 5Cs in the forest?/56 repadmin showreps domain controller where domain controller is the D/ you want to0uery to determine whether itBs a C/.!he output will include the teCan yo% connect Active Directory to other #rd +arty Directory Services? &ame a feo+tions.Fes, you can use dirOM) or )DA2 to connect to other directories.In Novell you can use ;@directory.


8/22

>What is ,PSec PolicyI21ec provides secure gateway@to@gateway connections across outsourced private wide areanetwork $ AN% or Internet@based connections using )"!2 I21ec tunnels or pure I21ec tunnelmode. I21ec 2olicy can be deployed via Croup policy to the indows Domain controllers +1ervers.

>What are the different ty+es of 'erminal Services B'ser Mode E Application Mode.

>What is 4sOP(s82 is the resultant set of policy applied on the object $Croup 2olicy%.

>1o do yo% vie re+lication +ro+erties for AD +artitions and DCs?:y using replication monitorgo to start run type repadmingo to start run type replmon

>Why can9t yo% restore a DC that as bac$ed %+ months a-o?:ecause of the tombstone life which is set to only -# days.

>Different modes of AD restore ?A nonauthoritative restore is the default method for restoring Active Directory. !o perform anonauthoritative restore, you must be able to start the domain controller in Directory 1ervices(estore Mode. After you restore the domain controller from backup, replication partners use thestandard replication protocols to update Active Directory and associated information on therestored domain controller.

An authoritative restore brings a domain or a container back to the state it was in at the time of backup and overwrites all changes made since the backup. If you do not want to replicate thechanges that have been made subse0uent to the last backup operation, you must perform anauthoritative restore. In this one needs to stop the inbound replication first before performing theAn authoritative restore.

>1o do yo% confi-%re a stand by o+eration master for any of the roles?P 8pen Active Directory 1ites and 1ervices.P ;


9/22

>What9s the difference bet een transferrin- a @S1M8 can be a destructive process and should only be attempted if the e1M8 is no longer available.

If you perform a sei?ure of the >1M8 roles from a D/, you need to ensure two things5

the current holder is actually dead and offline, and that the old D/ will N;7;( return to thenetwork. If you do an >1M8 role 1ei?e and then bring the previous holder back online, you&llhave a problem.

An >1M8 role !(AN1>;( is the graceful movement of the roles from a live, working D/ toanother live D/ During the process, the current D/ holding the role$s% is updated, so it becomesaware it is no longer the role holder

>, ant to loo$ at the 4,D allocation table for a DC. What do , do?dcdiag test5ridmanager s5servername v $servername is the name of our D/%

>What is *rid-e1ead Server in AD ?A bridgehead server is a domain controller in each site, which is used as a contact point toreceive and replicate data between sites. >or intersite replication, 4// designates one of thedomain controllers as a bridgehead server. In case the server is down, 4// designates anotherone from the domain controller. hen a bridgehead server receives replication updates fromanother site, it replicates the data to the other domain controllers within its site.

>What is the defa%lt si8e of ntds.dit ?*# M: in 1erver "### and *" M: in 1erver "##3 .

>Where is the AD database held and What are other folders related to AD ?

AD Database is saved in QsystemrootQ ntds. Fou can see other files also in this folder. !heseare the main files controlling the AD structure.

ntds.ditedb.logres*.logres".logedb.chk

hen a change is made to the in"4 database, triggering a write operation, in"4 records thetransaction in the log file $edb.log%. 8nce written to the log file, the change is then written to the

AD database. 1ystem performance determines how fast the system writes the data to the ADdatabase from the log file. Any time the system is shut down, all transactions are saved to thedatabase.

During the installation of AD, indows creates two files5 res*.log and res".log. !he initial si?eof each is *#M:. !hese files are used to ensure that changes can be written to disk should thesystem run out of free disk space. !he checkpoint file $edb.chk% records transactions committed


10/22

to the AD database $ntds.dit%. During shutdown, a RshutdownR statement is written to the edb.chk file.

!hen, during a reboot, AD determines that all transactions in the edb.log file have beencommitted to the AD database. If, for some reason, the edb.chk file doesn&t eWhat @S1M8 $>le


11/22

>What is the +ort no of Kerbrose ?GG

>What is the +ort no of 5lobal catalo- ?3"-G

>What is the +ort no of LDAP ?3G

>36+lain Active Directory Schema ?indows "### and indows 1erver "##3 Active Directory uses a database set of rules called

R1chemaR. !he 1chema is defines as the formal definition of all object classes, and the attributesthat make up those object classes, that can be stored in the directory. As mentioned earlier, theActive Directory database includes a default 1chema, which defines many object classes, such asusers, groups, computers, domains, organi?ational units, and so on.

!hese objects are also known as R/lassesR. !he Active Directory 1chema can be dynamicallyeWhat are the @Sle1M8% role. /urrently there are five >1M8 roles51chema masterDomain naming master

(ID master2D/ emulator Infrastructure master

>What is domain tree ?Domain !rees5 A domain tree comprises several domains that share a common schema andconfiguration, forming a contiguous namespace. Domains in a tree are also linked together bytrust relationships. Active Directory is a set of one or more trees.


12/22

!rees can be viewed two ways. 8ne view is the trust relationships between domains. !he otherview is the namespace of the domain tree.

>What is forests ?A collection of one or more domain trees with a common schema and implicit trust relationships

between them. !his arrangement would be used if you have multiple root DN1 addresses.

>1o to Select the A++ro+riate 4estore rom anActive Directory perspective, are Active Directory data corruption and hardware failure.

Active Directory data corruption occurs when the directory contains corrupt data that has beenreplicated to all domain controllers or when a large portion of the Active Directory hierarchy has

been changed accidentally $such as deletion of an 8'% and this change has replicated to otherdomain controllers.

>What is 5lobal Catalo-?!he Clobal /atalog authenticates network user logons and fields in0uiries about objects across aforest or tree. ;very domain has at least one C/ that is hosted on a domain controller. In

indows "###, there was typically one C/ on every site in order to prevent user logon failuresacross the network.

>1o lon- does it ta$e for sec%rity chan-es to be re+licated amon- the domain controllers?1ecurity@related modifications are replicated within a site immediately. !hese changes include

account and individual user lockout policies, changes to password policies, changes to computeraccount passwords, and modifications to the )ocal 1ecurity Authority $)1A%.

>1o do yo% vie all the 5Cs in the forest?

/56 repadmin showrepsdomain controller

8( Fou can use (eplmon.e


13/22


14/22

Active Directory (ecycle bin is a feature of indows 1erver "##G AD. It helps to restoreaccidentally deleted Active Directory objects without using a backed up AD database, rebootingdomain controller or restarting any services.

hat is (8D/ B hy do we configure (8D/ B

(ead only domain controller $(8D/% is a feature of indows 1erver "##G 8perating 1ystem.(8D/ is a read only copy of Active Directory database and it can be deployed in a remote

branch office where physical security cannot be guaranteed. (8D/ provides more improvedsecurity and faster log on time for the branch office.

=ow do you check currently forest and domain functional levelsB 1ay both C'I and /ommandline.

!o find out forest and domain functional levels in C'I mode, open AD'/, right click on thedomain name and take properties. :oth domain and forest functional levels will be listed there.

!8 find out forest and domain functional levels, you can use D1 ';(F command.

hich version of 4erberos is used for indows "### "##3 and "##G Active Directory B

All versions of indows 1erver Active Directory use 4erberos H.

Name few port numbers related to Active Directory B

4erberos GG, )DA2 3G , DN1 H3, 1M: H

hat is an > DN B

> DN can be eully ualified Domain Name.It is a hierarchy of a domain namesystem which points to a device in the domain at its left most end. >or e


15/22


16/22

>*y defa%ltB if the name is not fo%nd in the cache or local hosts fileB hat is the first ste+ theclient ta$es to resolve the @ D& name into an ,P address ?2erforms a recursive search through the primary DN1 server based on the network interfaceconfiguration .

> What is +rimaryB SecondaryB st%b 7 AD ,nte-rated Fone?2rimary Sone5 @ ?one which is saved as normal te 1o do yo% man%ally create S4V records in D&S?

!his is on windows server go to run @@@ dnsmgmt.msc rightclick on the ?one you want to addsrv record to and choose Rother new recordR and choose service location$srv%.

> What is the main +%r+ose of S4V records ?1(7 records are used in locating hosts that provide certain network services.

> *efore installin- yo%r first domain controller in the net or$B yo% installed a D&S serverand created a 8oneB namin- it as yo% o%ld name yo%r AD domain. 1o everB after theinstallation of the domain controllerB yo% are %nable to locate infrastr%ct%re S4V recordsany here in the 8one. What is the most li$ely ca%se of this fail%re ?!he ?one you created was not configured to allow dynamic updates. !he local interface on the

DN1 server was not configured to allow dynamic updates.

> Which of the follo in- conditions m%st be satisfied to confi-%re dynamic D&S %+datesfor le-acy clients ?!he ?one to be used for dynamic updates must be configured to allow dynamic updates. !heD=/2 server must support, and be configured to allow, dynamic updates for legacy clients.

> At some +oint d%rin- the name resol%tion +rocessB the re;%estin- +arty receiveda%thoritative re+ly. Which f%rther actions are li$ely to be ta$en after this re+ly ?After receiving the authoritative reply, the resolution process is effectively over.

> &ame # benefits of %sin- AD inte-rated 8ones.Active Directory integrated DN1 enables Active Directory storage and replication of DN1 ?onedatabases. indows "### DN1 server, the DN1 server that is included with indows "###1erver, accommodates storing ?one data in Active Directory.

hen you configure a computer as a DN1 server, ?ones are usually stored as te


17/22

!hese teWhat are the benefits and scenarios of %sin- St%b 8ones?

'nderstanding stub ?onesA stub ?one is a copy of a ?one that contains only those resource records necessary to identify theauthoritative Domain Name 1ystem $DN1% servers for that ?one.A stub ?one is used to resolve names between separate DN1 namespaces. !his type of resolutionmay be necessary when a corporate merger re0uires that the DN1 servers for two separate DN1namespaces resolve names for clients in both namespaces.

A stub ?one consists of5B !he start of authority $18A% resource record, name server $N1% resource records, and the glue

A resource records for the delegated ?one. !he I2 address of one or more master servers that can be used to update the stub ?one. !he master servers for a stub ?one are one or more DN1 serversauthoritative for the child ?one, usually the DN1 server hosting the primary ?one for thedelegated domain name.

'se stub ?ones to5B 4eep delegated ?one information current.:y updating a stub ?one for one of its child ?ones regularly, the DN1 server hosting both the

parent ?one and the stub ?one will maintain a current list of authoritative DN1 servers for thechild ?one.

B Improve name resolution.1tub ?ones enable a DN1 server to perform recursion using the stub ?one&s list of name serverswithout needing to 0uery the Internet or internal root server for the DN1 namespace.

B 1implify DN1 administration.:y using stub ?ones throughout your DN1 infrastructure, you can distribute a list of theauthoritative DN1 servers for a ?one without using secondary ?ones. =owever, stub ?ones do notserve the same purpose as secondary ?ones and are not an alternative when consideringredundancy and load sharing.

!here are two lists of DN1 servers involved in the loading and maintenance of a stub ?one5

B !he list of master servers from which the DN1 server loads and updates a stub ?one. A masterserver may be a primary or secondary DN1 server for the ?one. In both cases, it will have acomplete list of the DN1 servers for the ?one.

B !he list of the authoritative DN1 servers for a ?one. !his list is contained in the stub ?one usingname server $N1% resource records. hen a DN1 server loads a stub ?one, such aswidgets.e


18/22

necessary resource records of the authoritative servers for the ?one widgets.eWhat are the benefits and scenarios of %sin- Conditional @or ardin-?

(ather than having a DN1 server forward all 0ueries it cannot resolve to forwarders, the DN1server can forward 0ueries for different domain names to different DN1 servers according to thespecific domain names that are contained in the 0ueries. >orwarding according to these domain@name conditions improves conventional forwarding by adding a second condition to theforwarding process.

A conditional forwarder setting consists of a domain name and the I2 address of one or moreDN1 servers. !o configure a DN1 server for conditional forwarding, a list of domain names isset up on the indows 1erver "##3@based DN1 server along with the DN1 server I2 address.

hen a DN1 client or server performs a 0uery operation against a indows 1erver "##3@ basedDN1 server that is configured for forwarding, the DN1 server looks to see if the 0uery can be

resolved by using its own ?one data or the ?one data that is stored in its cache, and then, if theDN1 server is configured to forward for the domain name that is designated in the 0uery $amatch%, the 0uery is forwarded to the I2 address of a DN1 1erver that is associated with thedomain name. If the DN1 server has no domain name listed for the name that is designated in the0uery, it attempts to resolve the 0uery by using standard recursion.

> What are the re;%irements from D&S to s%++ort AD?hen you install Active Directory on a member server, the member server is promoted to a

domain controller. Active Directory uses DN1 as the location mechanism for domain controllers,enabling computers on the network to obtain I2 addresses of domain controllers. During theinstallation of Active Directory, the service $1(7% and address $A% resource records are

dynamically registered in DN1, which are necessary for the successful functionality of thedomain controller locator $)ocator% mechanism.!o find domain controllers in a domain or forest, a client 0ueries DN1 for the 1(7 and A DN1resource records of the domain controller, which provide the client with the names and I2addresses of the domain controllers. In this conteor thisreason, the DN1 ?one must allow dynamic updates $(>/ "*3-% and the DN1 server hosting that?one must support the 1(7 resource records $(>/ "+G"% to advertise the Active Directorydirectory service. >or more information about (>/s, see DN1 (>/s.

If the DN1 server hosting the authoritative DN1 ?one is not a server running indows "### orindows 1erver "##3, contact your DN1 administrator to determine if the DN1 server supports

the re0uired standards. If the server does not support the re0uired standards, or the authoritativeDN1 ?one cannot be configured to allow dynamic updates, then modification is re0uired to youre


19/22

>or more information, see /hecklist5 7erifying DN1 before installing Active Directory and'sing the Active Directory Installation i?ard.

,m+ortant !he DN1 server used to support Active Directory must support 1(7 resource records for the

)ocator mechanism to function. >or more information, see Managing resource records. It isrecommended that the DN1 infrastructure allows dynamic updates of )ocator DN1 resourcerecords $1(7 and A% before installing Active Directory, but your DN1 administrator may addthese resource records manually after installation. After installing Active Directory, these recordscan be found on the domain controller in the following location5systemroot61ystem3"6/onfig6Netlogon.dns .

> What does a 8one consist of 7 hy do e re;%ire a 8one?Sone consists of resource records and we re0uire ?one for representing sites.

> What is Cachin- Only Server?

hen we install "### E "##3 server it is configured as caching only server where it maintainsthe fre0uently accessed sites information and again when we access the same site for ne What is for arder?hen one DN1 server canBt receive the 0uery it can be forwarded to another DN1 once

configured as forwarder.

> What is secondary D&S Server?It is backup for primary DN1 where it maintains a read only copy of DN1 database.

> 1o to enable Dynamic %+dates in D&S?1tart 2rogram Admin tools DN1 Sone properties.

> What are the +ro+erties of D&S server?IN!;(>A/;1, >8( A(D;(1, AD7AN/;D, (8'!INC1, 1;/'(I!F, M8NI!8(INC,)8CCINC, D;:'C )8CCINC.

> Pro+erties of a Fone ?Ceneral, 18A, NAM;1;(7;(, IN1, 1ecurity, and S8N; !ransfer.

> What is scaven-in-?

>inding and deleting unwanted records.

> What are S4V records?1(7 are the service records, there are - service records. !hey are useful for locating the services.

> What are the ty+es of S4V records?M1D/15/ontains D/s information.!/25/ontains Clobal /atalog, 4erberos E )DA2 information.


20/22

'D25/ontains 1ites information.1ites5/ontains 1ites information.Domain DN1 Sone5/onations domainBs DN1 specific information.>orest DN1 ?one5/ontains >orestBs 1pecific Information.

> Where does a 1ost @ile 4eside?c56windows6system3"6drivers6etc.

> What is SOA?1tart of Authority5 useful when a ?one starts. 2rovides the ?one startup information.

> What is a ;%ery?A re0uest made by the DN1 client to provide the name server information.

> What are the diff. ty+es of %eries?(ecursion, iteration.

> 'ools for tro%bleshootin- D&S?DN1 /onsole, N1)884'2, DN1/MD, I2/8N>IC, )ogs.

> What is W,&S server? here e %se W,&S server? difference bet een D&S and W,&S?IN1 is windows internet name service used to resolve the Net:I81$computer name%name to I2

address.!his is proprietary for indows.Fou can use in )AN.DN1 is a Domain Naming 1ystem,which resolves =ost names to I2 addresses. It uses fully 0ualified domain names. DN1 is anInternet standard used to resolve host names.

> What is ne in Windo s Server !""# re-ardin- the D&S mana-ement?

hen D/ promotion occurs with an e DN name into an I2 addressB 2erforms a recursive search through the

primary DN1 server based on the network interface configuration.


21/22


22/22

Documents

AD and DNS