System Admin Interview Questions & Answers

Active Directory

What is LMHOSTS file?

It’s a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.

What’s the difference between forward lookup and reverse lookup in DNS?

Forward lookup is name-to-address, the reverse lookup is address-to-name

What is global catalog server?

Global Catalog Server maintains full information about its own domain and partial information about other domains. It is a forest wide role.

A global catalog server is a domain controller it is a master searchable database that contains information about every object in every domain in a forest. The global catalog contains a complete replica of all objects in Active Directory for its host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.

It have two important functions:

i)Provides group membership information during logon and authentication

ii)Helps users locate resources in Active Directory

Which is the command used to install active directory?

dcpromo

What is DNS & DHCP?

It’s mainly used to resolve from host name(FQDNFully Qualified Domain Name) to IP address and IP address to host name.DNS mainly used in Internet.

DHCP use for provide IP address dnamically to client machine. If that client not able to find DHCP server then client machine will go for APIPA(We have range for APIPA which is 169.254.0.1-169.254.255.254).

What is LDAP?

Lightweight Directory Access Protocol

Lightweight Directory - Directories are kind of like a database but not really. A directory is a specialized database that is optimized for lookups.

What is Host Mapping?

Mapping hostname to an AD user restricting user to a single system

What is the difference between Security Group and Distribution Group?

Groups are used to collect user accounts, computer accounts, and other group accounts into manageable units. Working with groups instead of with individual users helps simplify network maintenance and administration.

There are two types of groups in Active Directory: distribution groups and security groups.

You can use distribution groups to create e-mail distribution lists and security groups to assign permissions to shared resources.

Distributions groups

Distribution groups can be used only with e-mail applications (such as Exchange) to send e-mail to collections of users. Distribution groups are not security-enabled, which means that they cannot be listed in discretionary access control lists (DACLs). If you need a group for controlling access to shared resources, create a security group.

Security groups

Assign user rights to security groups in Active Directory

Assign permissions to security groups on resources

Where is the AD database held?

The AD data base is store in c:\windows\ntds\NTDS.DIT.

What is LSDOU ?

 It’s the group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units.

Can I deploy non-MSI software with GPO?

Using .zap packages

Mention 2 new Features from Server 2008 R2 

Windows Server 2008 R2 new features

Powershell Cmdlets:-

They replace the current Active Directory command line tools. There are about 85 Active Directory-related PowerShell cmdlets.

Active Directory Administrative Center:-

The Active Directory Administrative Center is a new task-oriented user interface for the Active Directory Services. You can perform similar tasks as with the Active Directory Users and Computers console (ADUC). It is based on the new PowerShell cmdlets and displays the PowerShell commands that correspond to the tasks performed with the GUI.

Recycle Bin:-

Accidently deleted Active Directory objects can be restored from the Recycle Bin. (Requires R2 functional level)

Offline Domain Join:-

Admins can automate the joining of a Windows 7 machine to a domain during deployment with an XML file. The target computer can be offline during the deployment process. The tool that is used to join the domain is djoin.exe.

Managed Service Accounts:-

Authentication Assurance provides an authentication mechanism that allows administrators to map specific certificates to security groups using certificate policies. Users logged on with a smart card, USB token, or some other type of certificate logon method can be distinguished in this way. This feature can be used to grant external users access to corporate resources using Active Directory Federated Services. (Requires R2 functional level).

With Windows Server 2008, Microsoft introduced the most important changes regarding administration. The role model and the new Server Manager were the main changes. Also in Windows Server 2008, R2 componentization is a bit more fine-grained and Server Manager supports remote administration. Other highlights are the new power management features, the PowerShell support for Server Core, and DHCP Failover.

What is FSMO? Mention the 5 FSMO Roles

Flexible Single Master Operations (FSMO in AD)

Schema Master

Domain naming master

Infrastructure Master

Relative ID (RID) Master

PDC Emulator

Windows NTFS Permissions

What are the 4 Standard Permissions?

Modify

Read & Execute

Read

Write

Inherited vs. Explicit Permissions

Inherited: Permissions that roll down from the Parent folder

Explicit: Permissions that are manually changed by a user

What is File Permissions Precedence Hierarchy?

Explicit Deny

Explicit Allow

Inherited Deny

Inherited Allow

Exchange Server

What are the different versions of Exchange Server you know about?

Exchange server 5.5

Exchange Server 2000

Exchange Server 2003

Exchange Server 2007

Exchange Server 2010

What are the Basic Incoming and Outgoing port for a Mail client

Incoming 110

Outgoing 25

What is ForestPrep?

Forest prep updates the schema and configuration partition in Active directory. Extend the schema to includeExchange server 2003 specific classes and attributesTo run the Forest Prep, Administrator should have Schema and Enterprise Admin permission over theDomain

What is DomainPrep?

Domain Prep prepares the Domain partion in Active Directory. Forest prep should be run only once in forestwhere Domain Prep should be run in following Servers.

1.The Forest root Domain

2.All domain that will contain Exchange Server 2003

3.All Domain that will contain Exchange Mailbox enable objects

What is Active Directory Connector (ADC)?

ADC it¶s a Microsoft Exchange Server 2003 Service that allows for the replication of information from Active directory and a Microsoft Exchange 2003. But is not available in Exchange 2010

WHat is Exchange Native Mode?

Native mode means when all the exchange servers in an infrastructure are running the same version of exchange. Mixed Mode means an infrastructure which contains different verions of exchange running .

What is a Mail Contact?

Mail enabled contacts have the following characteristics:

E-mail address created

Displayed in address lists

Can receive e-mail at an external e-mail account

What is MAPI?

Messaging Application Programming Interface, a system built into Microsoft Windows that enables different e-mail applications to work together to distribute mail. As long as both applications are MAPI-enabled, they can share mail messages with each other.

What is POP?

POP is a very simple protocol that only allows downloading of messages from your Inbox to your local computer.

Difference between MAPI/POP/IMAP?

MAPI connections give you full functionality to all of the services MS Exchange offers:

Direct live connection to the Mail Server

Shared Inbox, Calendar, Contacts, Tasks, Notes and Free/Busy information for scheduling

Public Folders

Out Of Office Assistant

Server Side Rules and Alerts

Access to Outlook Web Access via any Web Browser

Optional Server Side SPAM Management

IMAP Connections allow a more limited functionality:

Direct Live Connection to the Mail Server

POP Connections offer the least functionality:

Send and Receive Email

All connection types allow you to keep messages on the server and to view your mailbox using Outlook Web Access.

What is Global Address List (GAL)?

Global Address List is the Primary Address list that contains all Exchange objects in the entire organizationand mail-enabled objects in the Microsoft Exchange server organization

What is Recipient Update Service?

 Recipient update service updates the email address and distribution list membership and replicates this information on a schedule to other Microsoft Exchange Servers in the Domain

What all ports are required by front-end server to communicate with back-end servers?

443 for HTTPS

993 for SSL-enabled IMAP

995 for SSL-enabled POP

25 for SMTP

New Features in Exchange 2010

Legal Hold

Multi-Mailbox Search

Exchange Control Panel

Exchange Management COnsole & Exchange Management Shell

Database Availability Groups

Voice Mail ,Transcription

Retention Policies