System Administrator Interview Questions

-

1. What do you know about the active directory in the system administration?

It is the centralized control of everything that the active directory can assure. The information and settings related to the development are stored in the central database.

For example, The database might list 100 user accounts with details like each person’s job title, phone number, and password. 


2. What is Group Policy

It provides a central place for administrators to manage and configure operating systems, applications, and user settings. Using it properly enables you to increase the security of users’ computers and help defend against insider and external threats. 


3. Why would you not restore a DC that was last backed up eight months ago?

Look for candidates who understand that a DC is a domain controller, and that backup files should generally not be older than 180 days. Backing up a DC that is several months old could lead to inconsistent data, caused by lingering objects.


4. What's the most frustrating support issue you've been called to resolve?

A good candidate will demonstrate that they overcame their frustration and handled the situation with a professional attitude. It is important that System Administrators do not express annoyance when supporting employees who rely on them to solve a variety of technical difficulties.


3. What experience do you have with hardware components?

Only candidates with proficient experience installing and replacing hardware components should be considered, as this is an operation which will frequently be performed by the system administrator.


4. How would you take the backup of Active directory database.

Here we need to use the command line to backup the active directory. 

  • Step 1 – Open the command prompt by clicking on start, typing “cmd,” and then hitting the enter button. 
  • Step 2 –  In the command prompt, type “wbadmin start systemstatebackup – backuptarget;e:” and then press the enter button.

4. What is the difference between LDAP and Active Directory?

Candidates should be able to tell you that LDAP, or Lightweight Directory Access Protocol, is a standard protocol for querying and modifying entries in a directory service. Active Directory is a directory service implemented by Microsoft, and it supports the LDAP protocol, among others.


12. What is a domain controller?

A domain controller (DC ) is a windows-based computer system that is used for storing user account data in a central database. 


13. According to you, what is the difference between FAT and NTFS?

FAT:

  • There is no security when the user logs in locally.
  • It usually supports file names with only 8 characters and does not support file compression.
  • The partition and file size can be up to 4 GB, and there is no such security permission for file and folder levels.
  • It doesn’t support bad cluster mapping, so it is not very reliable.

NTFS:

  • There is security for both the local and the remote users. 
  • It usually supports file names that have 255 characters. 
  • It supports file compression, and the partition size can be up to 16 exabytes. 
  • There is security for file and folder levels. 

What is Loopback address

The loopback address is an IP address that specifies the local computer. For example, 127.0.0.1 or ::1 The l
  • It supports bad cluster mapping and transaction logging and is highly reliable.

What is Kerberos and how it works,

Kerberos is now the default authorization technology used by Microsoft Windows. Kerberos implementations also exist for other operating systems such as Apple OS, FreeBSD, UNIX, and Linux. It is designed to provide strong authentication for client/server applications by using secret-key


What is NLA, How we can use it in RDP.

Enable Network Level Authentication
Windows 10, Windows Server 2012 R2/2016/2019 also provide Network Level Authentication (NLA) by default. It is best to leave this in place, as NLA provides an extra level of authentication before a connection is established. You should only configure Remote Desktop servers to allow connections without NLA if you use Remote Desktop clients on other platforms that don't support it.

NLA should be enabled by default onWindows 10, Windows Server 2012 R2/2016/2019.

To check you may look at Group Policy setting Require user authentication for remote connections by using Network Level Authentication found at Computer\Policies\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security. This Group Policy setting must be enabled on the server running the Remote Desktop Session Host role.



What is an AD Schema:

An AD Schema defines every object class and the attributes of those objects.

What is lingering objects in AD?

When a domain controller is disconnected for a period that is longer than the TSL, one or more objects that are deleted from Active Directory on all other domain controllers may remain on the disconnected domain controller. Such objects are called lingering objects.


What are mixed mode and native mode ?
The default domain mode setting on Windows 2000 domain Controllers is mixed mode. this mode does not support the universal and nested group. enhancements of windows 2000, In mixed mode, both windows NT and 2000 backup domain Controllers can coexist in a domain.

What are the new features of active directory in Windows Server 2012 ?

Improved fine-grained password policy. compared to the earlier versions, the new FGPP in Windows server 2012 allows administrators to have several password policies in the same domain
Active Directory Recycle bin gets a GUI: In windows Server 2012, the active directory recycle Bin optional feature can be enabled to restore deleted objects from the Graphical user interface. You can perform these actions by using the active directory administrative center ADAC
Enhanced File Classification Infrastructure in DAC: Windows 2012's version of dynamic access control DAC adds better functionality to the second layer of CCI resource authorization.
Windows PowerShell history viewer: you can now see the PowerShell commands that correspond to the actions GUI perform in the Active Directory Administrative Center UI
dcpromo (Domain Controller Promoter) with improved wizard: It allows you to view all the steps and review the detailed results during the installation process
Enhanced Administrative Center: Compared to the earlier version of active directory, the administrative center is well designed in Windows 2012. The exchange management console is well designed

There are two main components of Active Directory. 
The Physical contains
    1. The domain controller
    2. Sites,
Logical
    Tree, Forest, Domain & OU


What is Intrasite replication?
Replication ocures between domain controllers within the site called intrasite replication


what is Intersite replication ?
Replication happens between site. site links created manually to connect to two sites.

What is Bridge head Server ?
the Bridge head server is responsible to replicate the changes to other bridge head server in the other site. active directory will automatically choose a domain controller in each site to act as bridge head server. If automatically bridge server is shutdown , the new bridge head server will be chosen automatically.


What is SMB, on which port number it runs?
Server Message Blocks (SMB) SMB is the standard file sharing protocol used by all
versions of Windows. Port number is 139 and 445.

What is NFS ?
Network File System (NFS) NFS is the standard file sharing protocol used by most
UNIX and Linux distributions.

What is default period of lease time of DHCP server ?
By default, the DHCP server on Windows Server uses a lease time—8 days.

What is main files of AD Strutures.?
The AD database is saved in %systemroot%ntds. In this folder, you can also find the main files controlling the AD structures.
They include:
  • edb.log  - Records the transaction before writing the AD database.
  • res2.log - It is second temporary log file and it is used when res1 is filled.
  • res1.log - It is a log file for reserve space.
  • edb.chk - It is a check point file and perform transaction records checking By seeing this file it can be known when last transaction committed to AD Db.
  • ntds.dit -  Actual Ad database where the information is written


Explain the terms Authoritative restore and Non-Authoritative restore and how they can be used.
A non-authoritative restore method will restore Active Directory to the server in which the restore is being done. Then it will receive all the recent updates from replication partners in the domain. It is the default method for restoring active directory.

an authoritative restore prompts the restored domain controller to replicate its active directory information to all other domain controllers.

What is the default size of ntds.dit
Aprox 400MB per 1000 users.


Mention which is the default protocol used in directory services?
The default protocol used in directory services is LDAP ( Lightweight Directory Access Protocol).

Explain what is SYSVOL?
The SysVOL folder keeps the server’s copy of the domain’s public files.  The contents such as users, group policy, etc. of the sysvol folders are replicated to all domain controllers in the domain.


Architecture Review Board (ARB)

The purpose of the Architecture Review Board (ARB) is to help ensure that digital initiative objectives, solution approaches, and solution architectures are aligned with the overall University strategy and action Plan, IT strategy, enterprise architecture principles, and university policies, standards, and best ...


Versions of MS SQL
Explore by various versions of MS SQL
SQL Server 2019 Enterprise | Standard | Express | Express+
SQL Server 2017 Enterprise | Standard | Express | Express+
SQL Server 2016 Enterprise | Standard | Express | Express+
SQL Server 2014 Enterprise | Standard | Express | Express+
SQL Server 2012Degraded Enterprise | Standard | Express | Express+


"The trust relationship between this workstation and the primary domain failed."

This error occurs when the secure channel between the affected machine and Active Directory is broken. The secure channel is the mechanism by which domain-joined machines communicate securely with domain controllers, and it relies upon the password associated with a computer account.

solution:- login in cached account which have admin rights.

Professional in ensuring problem-free daily operations of a company’s information system with protection from hacking, worms and viruses.

Comments

Post a Comment

Thanks to write us

Popular

icegate registration with dsc | Unable to execute PKI Component

-
Image
We have fixed the problem "Unable to execute PKI Component functions [object error]". Settings for icegate registration using dsc. We will accrue following settings. Remove Temp file and cleanup the system. Internet Explorer 11 or adobe Latest version of java Reset Internet explorer settings and cache and history Set Compatibility mode More: how to update digital signature in icegate, Pki applet for digital signature, icegate digital signature, icegate registration process for iec holder
Read more

MFS100 mantra driver installation and RD service

-
Image
Mantra MFS100,MFS100 Driver installation in Windows 7 and 10 This product has been tested on the following platforms and below MFS100 Driver Setup. Platform  Supports  1) Windows 7 (64 bit & 32 bit)  2) Windows 8 (64 bit & 32 bit) 3) Windows 10 (64 bit & 32 bit)  Prerequisites  1) MFS100 Driver Setup 9.1.0.0 ( Download ) (Note: MFS100 Driver setup will install below setups as prerequisites. ) A) VC++ 2008 Redist (64 bit & 32 bit) B) Dot Net Framework 4.5.2 or higher (Note: Its will be required for Windows 7 only. for Windows 8 or higher, Dot Net Framework 4.5.2 or higher version will be included with OS. You may only require enabling features if not available) MFS100 mantra driver and RD Service install Enabling support of TLS1.2 with Management Server Communication. Disabling TLS1.1 and lower SSL protocols.  Enabling support of TLS1.2 with RD Service Communication. Disabling TLS1.1 and lower SSL protocols. Pinning of new preproduction encryption certificate due to expi
Read more

Repair Hikvision IP Camera | Cable color codding

-
Image
Repair Hikvision IP Camera | How to joint Cable , Hikvision IP Camera cable color codding: - How to fix: hikvision ip camera wiring diagram hikvision ip camera rj45 pinout (wiring) hikvision camera cable connection hikvision ip camera pinout cp plus ip camera cable color code hikvision rj45 connector hikvision poe wiring diagram 8 wire security camera wiring diagram
Read more