AD
Domain Controller: In an Active Directory forest, the domain controller is a server that contains a writable copy of the Active Directory Database participates in Active directory replication and controls access to the network resource.
Active Directory: Windows\NTDS\Ntds.dit New Technologies Directory Services.Directory Information Tree
What is forest? A group of tree is called forest and does not sharing a contiguous name space but sharing a common configuration (Schema).
What is tree? A group of domain is called tree and sharing a contiguous Name Space.
What is Group? Group is a collection of user account. It provides the simplified administration in the network.
What is OU? Organizational Unit is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units.
What is
Uses: 1)To control replication traffic
2)To make authentication faster and more efficient.
3)To locate the nearest server providing directory enabled services.
A site is a geographical area where all of the domains are available.
Difference between Mixed Mode and Native Mode?
1. Mixed Mode: In this mode NT, win 2000 and win 2003 D.C. are available.
2. Native Mode: there are two types of native mode.
i. Win 2000 Native Mode: In this mode win 2000 and win 2003 DC are available.
ii. Win 2003 Native mode: in this mode only win 2003 DC are available.
What is SID? SID stands for Security Identifier. Every object has a unique ID, it is called SID.
How to Enable or Disable a Global Catalog (GC):Open to Administrative Tools>Active Directory Sites and Services>Sites, and then double-click the domain controller you want to work with in the Server folder for your desired site: Right-click NTDS Settings>Properties. Make a change accordingly.
WARNING: Do not turn on this option unless you are certain it will provide value in your deployment. For this option to be useful, your deployment must have multiple domains, and even then, only one global catalog is (typically) useful in each site.
What is the difference between site links and connection objects?
Site links represent potential connections, and connection objects represent actual connections
What tool is used to report on the overall directory replication health? dcdiag.exe
What tool will provide replication information for a specific server,
analyze and report on replication?
Replication Diagnostics Tool (repadmin.exe) and Directory Server Diagnosis (dcdiag.exe)
What is the minimum inter-site polling interval? 15 Fifteen minutes.
15 seconds (intra-site)
What is the default inter-site replication interval? Three hours
What is the default site link cost? 100, work based on low value.
What should you do if you disable transitivity on a site link? Build site link bridges.
Are site links transitive or intransitive by default? Transitive
What happens if preferred bridgehead servers are selected and none are available? Inter-site replication does not occur
How are bridgehead servers selected? They are selected automatically
What is the term for a domain controller responsible for inter-site replication for a particular site?
Bridgehead server
What protocol should be used for inter-site replication when connections are not always available?
Inter-Site Messaging-Simple Mail Transport Protocol (ISM-SMTP)
What protocol is preferred for inter-site replication? Directory Service Remote Procedure Call (DS-RPC)
What protocol is used for intrasite replication? Directory Service Remote Procedure Call (DS-RPC)
What are the two protocols used for replication?
Directory Service Remote Procedure Call (DS-RPC) and Inter-Site Messaging-Simple Mail Transport Protocol (ISM-SMTP)
What generates connections between sites? Intersite Topology Generator (ISTG), part of the KCC
What is the default intrasite replication polling interval? One hour
What is polling?
The process by which a downstream partner queries the upstream partner as to whether any directory changes are queued
What component of Active Directory generates the replication topology? Three hops
Are connection objects one-way or two-way? One-way
What tool is used to configure Universal Group Membership Caching? Active Directory Sites and Services
What tool is used to make an existing domain controller a Global Catalog server?
Active Directory Sites and Services
Where is it recommended that Universal Group Membership Caching (UGMC) be enabled?
On domain controllers in sites with slow or unreliable links to Global Catalogs
How often does a domain controller update universal group membership if UGMC is enabled? Every eight hours
What is another name for the Global Catalog? Partial Attribute Set (PAS)
What two services does a domain controller advertise?
Kerberos (for authentication) and LDAP (for directory access)
Active Directory Schema Versions
| OS | Schema Version |
| Windows 2000 Server | 13 |
| Windows Server 2003 | 30 |
| Windows Server 2003 R2 | 31 |
| Windows Server 2008 | 44 |
| Windows Server 2008 R2 | 47 |
| Windows Server 2012 | 56 |
| Windows Server 2012 R2 | 69 |
| Windows Server 2016 | 87 |
| Windows Server 2019 | 88 |
| Windows Server 2022 | 88 |
The AD DS database is self-maintaining. Every 12 hours, by default, each domain controller runs garbage collection. This accomplishes two tasks. First, it removes deleted objects that have outlived their tombstone lifetime. Second, the garbage collection process performs online defragmentation.
You can extend the list of attributes that remain when you delete an object, but you can never retain linked attribute values, such as group membership.
The value of the msDS–deletedObjectLifetime attribute determines the deleted object lifetime.