windows server 2008 r2 interview questions and answers Part1

00:28
How do you load the DNS zone changes on other site before the scheduled replication happens?
Refresh the Zone on the DNS server in the site you want to see the changes.

How do you restore a deleted OU in AD?

Do an authoritative restore of the selective OU that is deleted.

How to apply DesktopLockDown/Restrictions policy to selective AD OUs?
Apply the DesktopLockDown/Restrictions policy to selective OUs. In case you need to apply for all but not to a
particular OU, apply the policy at the domain level and block the policy inheritance at the OU that you need to
exclude.

How to apply DesktopLockDown/Restrictions policy to selective AD Security Groups?
Apply the DesktopLockDown/Restrictions policy to OU and Deny the Policy to the selected AD Security Group.

What permissions required for installing an application that updates AD Schema?
One has to be a Schema Administrator for installing such an application as well as he should be have administrator
rights on the system where he is installing it.

How do you provide the DNS zone details?
Use dnscmd /ZoneExport command to have all the zone data exported to file formats.
Dnscmd.exe: DNS Server Troubleshooting Tool
This command-line tool assists administrators in Domain Name System (DNS) management.
DNSCmd displays and changes the properties of DNS servers, zones, and resource records. It manually modifies
these properties, creates and deletes zones and resource records, and forces replication events between DNS server
physical memory and DNS databases and data files. Some operations of this tool work at the DNS server level while
others work at the zone level.

References:
Dnscmd
Dnscmd Examples: Domain Name System(DNS)
How do you allow users a domain be able to modify entries in one AD integrated DNS zone but not in the
other?

You need to modify the permissions on DNS server via DNS Manager to let users modify that DNS zone.

How do you remove/uninstall AD DS role?

Run Dcpromo.exe and Choose Remove AD DS role

What are various Options available to Remove/Uninstall AD DS Role?
Run Dcpromo and choose Remove options. For automation, you can use an answer file.
Goto Server Manager, Roles and uninstall AD DS Role

How do you configure AD FS such that AD FS tokens contain information from AD? Or How do you integrate
AD FS with AD for populating the information from AD into AD FS tokens?

You need to Add and Configure a new Account Store in AD FS Trust Policy

How do you ensure that only Authenticated users are allowed to update Host (A) records in DNS zones?

One has to convert or setup such a DNS zone as Active Directory Integrated Zone. AD Integrated Zones allow only
Authenticated users to update the Host records.

How do you configure your Online Responder server to issue Certificate Revocation List (CRLs) for
enterprise root CA?
1. Import the Enterprise root CA certificate.
2. Import the OCSP Response Signing Certificate.
3.
4.
How do you configure the Change Auditing for a Standalone Certificate Authority (CA)?

Since the CA is a standalone server, that is its not part of your domain, so you cant apply auditing from a domain
GPO rather you need to achieve the same via Local Group Policies. Here are the steps for configuring the same:
1. Enable the Audit Object Access setting in Local Security Policy on the CA server
2. Configure the Auditing in Certification Authority snap-in
3.
What are the possible ways to decommission a 2008 domain controller server and remove a child domain
of a Forest?
In order to decommission a child domain and its DC, first you have to move/migrate all the required AD objects
out from that domain to the parent domain or wherever needed. Then use need to uninstall the AD DS role on the
DC. This can be done via

1. Server Manager, Uninstall the AD DS server role
2. Run Dcpromo.exe , Choose Remove Option. You can run the same tool using an answer file for automated
uninstall of AD DS role.
3.
4.
How do you configure your Windows 2008 R2 environment to allow Zone transfers to a UNIX-based DNS
server?
In DNS Manager Console, choose the zone to be allowed for transfers to Unix server and enable the BIND
Secondaries

What are the steps involved in creating a New AD Site and Establishing Replication between two AD Sites?
1. Create new AD Site
2. Install and Add a new Domain Controller to the new Site
3. There will be a Default IP Site Link created for the replication with other AD sites in the domain
4. On the new DC, In AD Sites and Services Console, Create a new IP Subnet to the new Site
5. Move the DC Object to the new Site
6.

How do you Launch AD Schema Snap-in?
AD Schema snap-in isnt registered default for the user to find it readily, in view of its security. However, one can
have it launched by manually registering the Schmmgmt.dll file.


What is your recommendation for ensuring that the DNS server in a branch Office can update and resolve
DNS queries for a primary DNS zone even in the event of a WAN link failure?
In order to with stand the WAN unreliability issues, one has to have the ability to update the DNS entries even when
disconnected from Primary DNS Zone servers. This can be achieved through configuring DNS zones as AD-
Integrated DNS. Thus my recommendation is to convert the existing primary/secondary DNS zones into AD
integrated DNS zones.

How do you configure IIS Security Settings in GPO?

1. Export the settings on IIS server to create a security template.
2. Import the Security template into the GPO
3. Link the GPO to required IIS servers OU

How do you login to an external domain for which a AD Trust has been setup?
One has to login using the User Principal Name (UPN) like username@domain.suffix to an external domain that
trusts your domain.

How do you fix This user account has Expired?
Modify the properties of the user account to set account never expires

What Forest level is required to support Active Directory Recycle Bin feature?
One has to run Windows Server 2008 R2 Forest Functional Level for the support of Active Directory Recycle Bin.
That means all your Domain Controllers should be running Windows Server 2008 R2.

Where do you manage the Password Replication Policy for a Read Only Domain Controller (RODC) ?
In Active Directory Users and Computers, Go to Domain Controllers OU, Select the RODC server object, Under the
properties control the list of user/group objects that are configured for password replication to that RODC server.

IIS


What is Web Farm?
When we hosted our web Application on multiple web server under a load balancer call the Web Farm.
This is generally used for heavy load web application where there are many user requests at a time. So
When Web Application is hosted on Different IIS Server over a load balancer, Load balancer is
responsible for distribute the load on different server.

What is Web Garden?
A Web garden is configured on a single server by specifying multiple worker processes for an application
pool. Web farms use multiple physical servers for supporting a single Web site.

What is the default Identity of an Application Pool ?
Network Services

What is the available Identity of an Application Pool?
In IIS 6.0 - NetworkServices | LocalService | LocalSystem
In IIS 7.0 - NetworkServices | LocalService | LocalSystem | ApplicationPoolIdentity

What are the worker process for IIS 5.1 and IIS 6.0 and IIS 7.0?
For IIS 5.1 > aspnet_wp.exe
For IIS 6.0 > w3wp.exe
For IIS 7.0 > w3wp.exe

Types of Authentication available in IIS 6.0 and 7.0

What are the different type of application pool available in IIS 7.0 ?
1. DefaultAppPool (Integrated)
2. ClassicAppPool

Where is the default location for IIS Log files ?
C:\WINDOWS\system32\LogFiles\W3SVC1

What is the use of aspnet_regiis -i command ?
This is used automatically register the .NET Framework with your IIS.


How to check Installed .Net Version on IIS
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322>aspnet_regiis.exe lv



If there are multiple worker process running on IIS, then how can you attach a particular worker process
for application ?
run cscript iisapi.vbs script to find out the process ID and Application Pool name . Based on the process
Id for particular application I have to attache the process from Visual studio IDE.

Which Tool is used for Remote IIS Debugging ?
Tools is : msvsmon.exe
This is located at : \Microsoft Visual Studio 8\Common7\IDERemote Debuggerx86\

IIS Port numbers?
HTTP : 80 (default port for iis), SSL : 443,FTP : 21,SMTP : 25,POP2 : 109,POP3 : 110,IMAP : 143,NNTP :
119,LDAP : 89, DNS : 53,DHCP : 67

IIS Services?
1. www services
2. FTP services
3. SMTP services
4. NNTP services

IIS Application pool ?
Group of web applications are called application pool.
An application pool is a group of one or more URLs that are served by a worker process or set of worker
processes. Any Web directory or virtual directory can be assigned to an application pool. so that one
webiste cannot be effected by other , if u used seperated application pool.

What is App Pool and App Domain? What is the difference between these two?
Application Pool is created the each and every website.
Application Domain is created to one domain Purpose.

What is the properties of App Pool in IIS?
1.Recycling
2.Perfomance
3.Health
4.Identity

How do I stop and restart Internet services?
By using the IISRESET command

How can I confirm that a server certificate is attached to a Web site?
1.In IIS Manager, right-click the Web site, and click Properties.
2.Click the Directory Security tab.
3.Under Secure communications, if the View Certificate button is activated, there is a certificate
attached to the Web site. If the button is not activated, you must attach a server certificate to the site to
use the Secure Sockets Layer (SSL) features.