Professional Documents
Culture Documents
Yes, you can. Apart from MSI packages, GPO also supports deployment
of ZAP files
2. How frequently is the client policy refreshed ?
By default, group policy is updated in the background every 90
minutes.You can specify an update rate from 0 to 44,640 minutes (31
days). If you select 0 minutes, the computer tries to update Group
Policy every 7 seconds. However, because updates might interfere
with users' work and increase network traffic, very short update
intervals are not appropriate for most installations.
The refresh interval can be configured manually using group policy GPO --> Computer Configuration --> Administrative Templates -->
System --> Group Policy --> Set Group Policy refresh interval for
Computers
3. How does the Group Policy No Override and Block Inheritance
work ?
No Override - This prevents child containers from overriding policies
set at higher levels
Block Inheritance - Stops containers inheriting policies from parent
containers
4. Why cant you restore a DC that was backed up 4 months ago?
The reason is 'Tombstoning' . If a domain controller was restored from
a backup that was older than the tombstone lifetime, then the domain
controller might contain deleted objects, and because the tombstones
are deleted from the replica, the deletion event does not replicate into
the restored domain controller. This is why Backup does not allow you
to restore data from a backup that is older than the tombstone
lifetime.
More details about tombstoning
- http://www.systemadminguide.in/2013/11/active-directory-tombstone.html
5. I want to look at the RID allocation table for a DC. What do I do?
Dcdiag.exe /TEST:RidManager /v | find /i "Available RID Pool for the
Domain"
6. Can you connect Active Directory to other 3rd-party Directory
Services? Name a few options.
Microsoft Identity Integration Server (MIIS)
Forefront Identity Manager (FIM)
7. Can you explain Netlogon services ?
The Netlogon services help the client servers to connect to the
Domain
8. What is urgent replication in AD ?
Object 2
1
RAID 5 - This RAID is the most popular RAID configuration. This works
on the parity principle. Minimum 3 disks required. Even if one disk fail,
the data of the failed disk can be calculated from the parity stored in
the other 2 disks.
20.In RAID 5, which activity is faster - Read or Write ?
Good Read performance but slower Write operations due to parity
calculation.
RAID 0 and RAID 1 has got excellent Read and Write performance.
21.Can we setup an AD site without a DC ?
Yes..
22.What is DAS ? How is it connected to the server ?
DAS is Direct Attached Storage. DAS is available with many vendors.
When a server has exhausted all its storage resource, we can connect
a DAS solution to it. DAS can be connected to a server using SAS
cable.
23.How is an iscsi device connected to a server ?
An iscsi device can be connected using the iqn number.
24.How can I add new HDD space to an existing drive ?
Convert the drive from Basic to Dynamic
25.What happens when a standalone host is taken into maintenance
mode ?
The activity will wait until all VMs are shutdown.
26.What if all GC in the environment are down ?
GC is required for multi domain forests - In a single domain
infrastructure, the DCs will not contact the GC for authenticating. But
in multi domain infrastructure, GC is required for authentication.
Universal Group Membership evaluation - Universal Group Membership
which exists in a multi domain forests works only with GC.
UPN resolution - The users cannot login to the domain using the
username abc@example.com
27.How to update Dell server BIOS ?
Dell provides the update in different file formats. One for Windows ,
one for linux...If it is a VMware server, then download the NonPackaged exe format from Dell website and copy it to a DOS bootable
USB drive. Shutdown the server and boot from USB drive and execute
the file.
28.DSET
Dell Server E-Support Tool (DSET) provides the ability to collect
4
5. IPv6
6. Loadbalancer vs Clustering
Clustering
1. Cluster is a group of resources that are trying to achieve a common
objective, and are aware of one another.
2. Clustering usually involves setting up the resources (servers usually)
to exchange details on a particular channel (port) and keep
exchanging their states, so a resources state is replicated at other
places as well.
3. It usually also includes load balancing, wherein, the request is routed
to one of the resources in the cluster as per the load balancing policy
Load Balancing
1. Used to forward requests to either one server or other, but one
server does not use the other servers resources. Also, one resource
does not share its state with other resources.
8. Group policy security filtering for users. Which all users are in there by
default. Members of Authenticated Users group
Security filtering is a way of refining which users and computers will
receive and apply the settings in a Group Policy object (GPO)
In order for the GPO to apply to a given user or computer, that user or
computer must have both Read and Apply Group Policy (AGP) permissions
on the GPO, either explicitly, or effectively through group membership
By default, all GPOs have Read and AGP both Allowed for the Authenticated
Users group.
The Authenticated Users group includes both users and computers. This is
how all authenticated users receive the settings of a new GPO when it is
applied to an organizational unit, domain or site
11.VLAN vs Subnet
VLAN works at layer 2 while subnet is at layer 3
Subnets are more concerned about IP addresses.
VLANs bring more network efficiency
Subnets have weaker security than VLANs as all the subnet uses the same
physical network
14.Robocopy
Microsoft tool used for copying files effectively
It has plenty of options to manage the copy process
OU GPO
GPC - Group Policy Container :This is the AD portion of the group policy.
This can be viewed using ADSI edit. It stores version information, status
information, and other policy information. When you create a new GPO, an
AD object of class groupPolicyContainer gets created under the
System\Policies container within your AD domain
GPT - Group Policy Template : The GPT is where the GPO stores the actual
settings. It stores software policy script, and deployment information.
GPT is stored in SYSVOL share (\\DomainNameHere\SYSVOL\Policies)
whereas GPC is stored in the AD
http://frankdenneman.nl/2011/01/11/beating-a-dead-horse-using-cpu-affinity/
18.VMversion 4 vs VMversion 7
Version 4
1. Runs on ESX 3.x
2. Max supported RAM 64 GB
3. Max vCPUs 4
4. MS cluster is not supported
5. 4 NICs/VM
6. No USB Support
Version 7
1. Runs on vSphere 4.x
2. Max supported RAM 256 GB
3. Max vCPUs 8
4. MS cluster is supported
5. 10 NICs/VM
6. USB support
10
21.How does the backup software recognize that a file has changed since
last backup?
The files use a bit called archive bit for tracking any change in the file.
The backup softwares normally checks the archive bit of the file to
determine whether the file has to be backed up or not
22.How can you edit a vm template?
The VM templates cannot be modified as such
First , the VM template have to be converted to a virtual machine
After making necessary machines in the virtual machine, convert the
virtual machine back to template
23.VMware configuration maximums
ESXi 5.5
ESXi 5.1
ESXi 5.0
ESXi 4.x
VMs
vCPU
64
64
32
RAM
1 TB
1 TB
1 TB
255 GB
vNIC
10
10
10
10
VMDK size
62 TB
1 TB
1 TB
Hosts
Logical CPU
320
160
160
160
Memory
4 TB
2 TB
2 TB
1 TB
LUNs
256
256
256
256
LUN size
64 TB
64 TB
64 TB
64 TB
Virtual Machines
512
512
512
320
11
What is vSAN?
It is a hypervisor-converged storage solution built by aggregating the local storage
attached to the ESXi hosts managed by a vCenter.
2. Recommended iSCSI configuration?
A separate vSwitch, and a separate network other than VMtraffic network for iSCSI
traffic. Dedicated physical NICs should be connected to vSwitch configured for iSCSI
traffic.
3. What is iSCSI port binding ?
Port binding is used in iSCSI when multiple VMkernel ports for iSCSI reside in the
same broadcast domain and IP subnet, to allow multiple paths to an iSCSI array that
broadcasts a single IP address.
4. iSCSI port binding considerations ?
Array Target iSCSI ports must reside in the same broadcast domain and IP subnet as the
VMkernel port.
All VMkernel ports used for iSCSI connectivity must reside in the same broadcast
domain and IP subnet.
All VMkernel ports used for iSCSI connectivity must reside in the same vSwitch.
Currently, port binding does not support network routing.
5. Recommended iSCSI configuration of a 6 NIC infrastructure ? (Answer changes as per
the infrastructure requirements)
2 NICs for VM traffic
2 NICs for iSCSI traffic
1 NIC for vMotion
1 NIC for management network
6. Post conversion steps in P2V
Adjust the virtual hardware settings as required
Remove non present device drivers
12
Remove all unnecessary devices such as serial ports, USB controllers, floppy drives etc..
Install VMware tools
7. Which esxtop metric will you use to confirm latency issue of storage ?
esxtop --> d --> DAVG
8. What are standby NICs
These adapters will only become Active if the defined Active adapters have failed.
9. Path selection policies in ESXi
Most Recently Used (MRU)
Fixed
Round Robin
10.Which networking features are recommended while using iSCSI traffic
iSCSI port binding
Jumbo Frames
11.Ports used by vCenter
80,443,902
12.What is 'No Access' role
Users assigned with the 'No Access' role for an object, cannot view or change the object
in any way
13.When is a swap file created
When the guest OS is first installed in the VM
14.The active directory group, where the members will be ESXi administrators by default.
ESX Admins
15.Which is the command used in ESXi to manage and retrieve information from virtual
machines ?
vmware-cmd
16.Which is the command used in ESXi to view live performance data?
esxtop
17.Command line tool used in ESXi to manage virtual disk files?
vmkfstools
18.Port used for vMotion
8000
19.Log file location of VMware host
\var\log\vmware
20.Can you map a single physical NIC to multiple virtual switches ?
No
21.Can you map a single virtual switch to multiple physical NICs?
Yes. This method is called NIC teaming.
13
RODC
WDS instead of RIS
Services have been changed as roles - server manager
Introduction of hyper V- only on 64 bit versions
Enhanced event viewer
Bitlocker feature
Server core installation without GUI
MMC 3.0, with three pane view
Key management services(KMS) to activate Windows OS without
connecting to Microsoft site
Performance enhancement using technologies like Windows
SuperFetch,ReadyBoost and Readydrive
Windows Aero user interface
Instant search
Support for IPv6 in DNS
2. ESX vs ESXi
ESXi has no service console which is a modified version of RHEL
ESXi is extremely thin hence results in fast installation + fast boot
14
5. FSMO roles
6. GPO
15
Schema Master
Domain naming master
Infrastructure master
PDC Emulator
RID master
GPO
Templates (ADMX)
Block inheritance
Enforced
Loopback policy
Application Layer
Presentation Layer
Sessions Layer
Transport Layer
Network Layer
DataLink layer
Physical Layer
10.HA 5.0
Uses an agent called FDM - Fault domain manager
HA now talks directly to hostd instead of using vcenter agent vpxa
Master/slave concept
Master
monitors availability of hosts/VMs
manages VM restarts after host failure
maintains list of all VMs in each host
restarting failed VMs
exchanging state with vcenter
monitor state of slaves
Slave
monitor running VMs and send status to master and performs restart
on request from master
monitors master node health
if master fails, participates in election
Two different heartbeat mechanisms - Network heartbeat and datastore
16
heartbeat
Network heartbeat
Sends between slave and master per second
When slave is not receiving heartbeat from master, checks whether
it is isolated or master is isolated or has failed
Datastore heartbeat
To distinct between isolation and failure
Uses Power On file in datastore to determine isolation
This mechanism is used only when master loses network
connectivity with hosts
2 datastores are chosen for this purpose
Isolation response
PowerOff
Leave Powered On
Shutdown
11.vMotion
vMotion enables live migration of running virtual machines from one host
to another with zero downtime
Prerequisites
1. Host must be licensed for vMotion
2. Configure host with at least one vMotion n/w interface (vmkernel
port group)
3. Shared storage (this has been compromised in 5.1)
4. Same VLAN and VLAN label
5. GigaBit ethernet network required between hosts
6. Processor compatibility between hosts
7. vMotion does not support migration of applications clustered using
Microsoft clustering service
8. No CD ROM attached
9. No affinity is enabled
10.vmware tools should be installed
12.RAID
Redundant Array of Independent disks
A category of disk drives that uses 2 or more drives in a combination for
redundancy and performance
Most common RAIDs: RAID 0(Striped), RAID 1(Mirroring), RAID 5
13.Backup types
Backup types
1. Full backup - Will take the backup of all selected files and reset the
17
archive bit
2. Copy backup - Will take the backup of all selected files but does not
reset the archive bit
3. Incremental backup - Will take the backup of files whose archive bits
are set and resets it after backup
4. Differential backup - Will take the backup of files whose archive bits
are set but does not reset it after backup
14.2003 2008 migration
Can be done only by logging in to Windows 2003 server
Min of Windows 2003 SP1 required
Can be migrated only to same version, except for Windows server 2003
standard which can be migrated to either standard or enterprise
Extra space of 30 GB required prior migration
Cannot upgrade to server core
Perform forestprep and domainprep to 2008 using 2008 cd before
migrating. (Copy sources/adprep folder for this)
15.ESXi update manager
16.Global Catalog
Global catalog (GC) is a role handled by domain controllers in an Active
directory model.
The global catalog stores a full copy of all objects in the directory for its
host domain and a partial copy of all objects for all other domains in the
forest.
Partial copy refers to the set of attributes that are most used for
searching every object in every domain.
All domain controllers can be promoted as a GC.
GC helps in faster search of AD objects.
The replicas that are replicated to the global catalog also include the
access permissions for each object and attribute.
If you are searching for an object that you do not have permission to
access, you do not see the object in the list of search results. Users can
find only objects to which they are allowed access.
Global catalog server clients depend on DNS to provide the IP address of
global catalog servers. DNS is required to advertise global catalog servers
for domain controller location.
By default, first DC of in a forest will be a global catalog server
18
21.DRS prerequisites
19
Shared storage
Processor compatibility of hosts in the DRS cluster
vMotion prerequisites
The netlogon service in DC is responsible for registering SRV records in the DNS server
under _tcp.dc._msdcs.domain.com. It then registers the SRV records of Domain
Controller under _sites.dc._msdcs.domain.com. based on their site location.
When a client first tries to login to an AD network, the client sends a DNS request for
finding the DC's under, _ldap._tcp.dc._msdcs.domain.com. From the list, it chooses a DC
server randomly for authenticating. Then the client sends an LDAP ping to the DC
20
asking for the site it is based on with respect to the IP address of the client. The DC
then returns the site which the client's IP address is most related to, along with the
current site and a flag DSClosestFlag which would be either 0 or 1 based on whether
the current authenticated DC is the closest to the client. If this flag indicates that the
client is not authenticated to the closest DC, the client sends a site specific DNS query
for finding the DC from _ldap._tcp._sitename._sites.dc._msdcs.domain.com.
Resolution
1.
2.
3.
4.
What is Sysvol ?
Sysvol is a special folder which is available in C:\Windows\SYSVOL directory in all
domain controllers within the domain. This special folder contains the domain's
Group Policy settings, default profiles and logon/logoff/startup/shutdown scripts.
When a user login to a client machine, it pulls all the group policy settings and
logon scripts available at its local DC's SYSVOL folder. For this reason, this folders
keeps on replicating between each other either using DFS-R (Distributed File
System Replication Service) or the primitive FRS (File Replication Service). Sysvol
directory can be accessed using :
\\domain-name\SYSVOL or
\\DC-name\SYSVOL
Contents of SYSVOL
If you access the location C:\Windows\SYSVOL, you will see 4 folders - domain,
staging, staging areas & sysvol.
First we will discuss about, sysvol and domain folders. The folder 'sysvol' is a
Junction Point (a kind of soft link) to the folder 'domain'. That means the actual
contents will be in 'domain' folder whereas 'sysvol' acts as a fake folder where you
could browse as a normal folder.
Sysvol is the folder where you end up when you access \\domain name\SYSVOL
or \\DC name\SYSVOL. This folder contains Policies, scripts & StarterGPOs folders.
22
Policies folder contains all the group policy objects in the domain. For every new
GPOs, a new folder with unique GUID will be created in this folder. These are
called Group Policy Templates (GPT). If you make any changes to a particular
group policy, the changes are made in this folder. Scripts folder contains all
scripts used.
reanimation. But the retrieved object will lose some of its properties like its group
membership details.
After TSL, the garbage collection process which runs every 12 hours deletes the object
permanently from Active Directory
Find TSL for your domain
1. Open adsiedit.msc
2. Select Configuration partition
3. Right click CN=Directory Service and select Properties
4. In the Attribute column look for tombstoneLifetime value
This value will be the TSL for your domain. If the value is <Not Set>, the TSL will be the
default value for that server class.
Default TSL
Windows
Windows
Windows
Windows
2000
- 60 days
2003 SP1
- 180 days
2003 R2
- 60 days
2008 and above - 180 days
AD REPLICATION
Intrasite replication replicates changes made in one DC to all other DCs in the same site.
AD replications are generally pull operations. For example (A site with two DCs : DC1 &
DC2) , If a change is made on DC1 then DC1 will inform DC2 about the change.
After this notification, the DC2 will pull the changes from the DC1 thereby making its AD
data up to date.
Replication interval
When a DC write a change to its local copy of the AD, a timer is started that determines
when the DC's replication partner should be notified of the change. By default, this interval
is 15 seconds in Windows 2003 and later.
Active Directory Partitions
Active Directory database is divided into partitions or naming contexts (NC):
Schema NC - This contains schema details and this will be replicated to each DC in the
forest.
Configuration NC - This contains forest wide configuration information and this will
be replicated to each DC in the forest
25
Domain NC - This contains most commonly accessed AD data and this will be replicated to
each DC in the domain
Each of these NCs are replicated separately to the DCs.
There are two kind of write operations that AD need to replicate:
Orginating write : Any change made on a DC is an orginating write for that DC
Replicated write : Any change which came as part of replication is a replicated write
AD changes are managed through several Replication metadata:
Update Sequence Number (USN)
Each DC maintains a USN which is specific to that DC. Any change made in the DC
(orginated write) or replicated to DC (replicated write) will be followed by a USN
increment. The USN numbers of DCs in the same domain need not be same therefore the
USN of one DC has no meaning to any other DCs in terms of comparing one change to
another.
For Eg: Current USN value of DC1 is 3000 and DC2 is 4000. Suppose a change is made on
DC1, its USN will be incremented to 3001. DC1 will notify DC2 about the change and will
pull the new change. When the change is pulled, DC2 will increment its value to 4001.
High watermark vector (HWMV)
USN is only a method to track the changes made on the DC. But each DC needs a way to
keep track the changes that have already been replicated, otherwise each DC would be
sending the entire Active Directory database across the wire at every replication.
To prevent this, each Active Directory DC maintains a value called the High WaterMark
Vector (HWMV) for other domain controllers that it is replicating with. Each DC will
associate this high watermark vector with the Globally Unique Identifier (GUID) of the
remote DC, to prevent any confusion if a remote domain controller is renamed or removed
from the directory.
Let us discuss some replication scenarios here:
Scenario 1:
2 Domain controllers
USN of DC1 = 3000
USN of DC2 = 4500
A new object is created in DC1, the USN gets incremented to 3001.
26
DC1 notifies DC2 about the new change. DC2 replies back with the HWMV value of
DC1 in DC2
DC1 compares the HWMV value and understands that DC2 is not updated with the
change 3001. DC1 sends this change to DC2 and DC2 will commit the change and
update its local USN
The above scenario looks fine in a 2 DC scenario but could create severe replication loops in
3 or more DC scenario.
Up-to-dateness Vector (UTDV)
If a change is made in DC1 then the change is replicated to DC2 and DC3. When this change
is received in DC2, it will inform DC1 and DC3 about the same change and will end up in a
loop.
In order to avoid this situation another metadata is stored by the DC called the Up To
Dateness Vector (UTDV).
UTDV stores the highest orginating update USN the local DC has received from other
DCs. Every DC keeps a HWMV table and UTDV for each AD partition to store the latest USN
27
of its replication partners. Whenever DC1 contacts DC2 for replication, DC2 will send the
HWMV of DC1 in DC2 along with highest orginating USN that DC2 have in its UTDV table.
Scenario 2
3 Domain controllers
USN of DC1 = 3001
USN of DC2 = 4501
USN of DC3 = 7000
Suppose a change is made in DC3 which increments the USN of DC3 to 7001. DC3
informs this change to DC1 and DC2
Now starts the role of UTDV. DC2 notifies DC1 about the new change it received from
DC3. DC1 then replies DC2 with the HWMV of DC2 in DC1 along with highest
orginating USN DC1 have in its UTDV table (Here 7002 DC1 received from DC3).
DC2 compares HWMV and understands that its HWMV in DC1 is outdated. Therefore it
takes all corresponding transactions for the missing USN.
28
But when it takes the missing transaction, after comparing the UTDV it received from
DC1 and the orginating USN of the change in DC2, DC2 understands that the change
need not be replicated to DC1.
KCC (Knowledge consistency checker) is responsible for generating site
replication toplolgies between domain controllers. KCC runs in each DC of a
domain and creates a
connection object for each DC in AD. It is responsible for all intra-site replication.
In case of an inter-site scenario, there will be a bridge-head server to manage sitesite replication. Here, the connection objects for the bridge-head servers are
created in a seperate way. ISTG (Inter-Site Topology Generator) is responsible
for creating connection objects in bridge-head servers. ISTG is nothing but a KCC
server(DC), which is responsible for reviewing the inter-site topology and creating
inbound replication connection objects as necessary for bridgehead servers in the
site in which it resides.The domain controller holding this role may not necessarily
also be a bridgehead server.
Scenario
I've an environment with Windows 2003 & Windows 2008 servers in Windows 2000 Native mode.
If I try to add any AD group in a folder security group of a Windows 2008 server, the AD group name
won't get resolved.
i.e, ultimately you will fail to set folder permissions to these AD groups. But when I try to do the same
from Windows 2003 server, it gets added.
Resolution
In Windows 2000 Native mode, Windows 2008 server cannot set folder permissions to AD group.
In order to resolve this issue, raise the domain functional level to Windows 2003 server or higher
considering the domain controllers in the domain
2. Navigate
to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Para
meters
3. In the details pane, create or edit the registry entry as follows:
If the registry entry exists in the details pane, modify the entry as follows:
a. In the details pane, right-click Allow Replication With Divergent and
Corrupt Partner, and then click Modify.
b. In the Value data box, type 1, and then click OK.
If the registry entry does not exist, create the entry as follows:
a. Right-click Parameters, click New, and then click DWORD Value.
b. Type the name Allow Replication With Divergent and Corrupt Partner,
and then press ENTER.
c. Double-click the entry. In the Value data box, type 1, and then click OK.
Single is used since each role works independently on a Single DC. Since these
operations master roles can be moved across the DCs, it is called Flexible and
thats why the name Flexible Single Master Operations. The terms Operations
Master, Single Master Operation are also used interchangeably for FSMO.
FSMO Roles
There are 5 FSMO roles. These roles can be classified as Forest wide role and
Domain wide role.
Forest wide roles: -
Schema Master
Domain Naming Master
There will be only one Schema Master and Domain Naming Master across the
forest.
Domain wide roles:
Infrastructure Master
PDC Emulator
RID Master
These roles are domain specific and has to be there for each domain.
Schema Master
This role manages the schema of the forest.
Any updates or modifications to the existing schema will be managed by
this role.
Not dependent on Global Catalog server
Since this role is not used often once domains are setup, it is fine to place
this role in a DC which does not have much of processing capability
Since schema master role is required as long as the forest exists, it is
recommended to place this role in the root domain.
If Schema Master is down ?
No impact on the domain. Domain will work as usual.
But if the admin tries to perform any schema related change, error will
32
occur.
Domain Naming Master
Manages the addition and removal of domains in a forest.
It is recommended to make a DC with Domain Naming Master a Global
Catalog server
Since this role is not used often once domains are setup, it is fine to place
this role in a DC which does not have much of processing capability
Since Domain Naming Master role is required as long as the forest exists, it
is recommended to place this role in the root domain.
If Domain Naming Master role is down?
No impact on the domain. The work of the domain will continue as always.
New domains cannot be added. Existing domains cannot be deleted.
Infrastructure Master
When an object in one domain is referenced in another domain, it
represents the reference by the GUID, SID and the DN of the object being
referenced (Phantom Object).
Responsible in updating this cross domain references
Plays an important role when there are multiple domains. But no relevance
when it is a single domain environment.
Do not hold Infrastructure Master role in a DC holding Global Catalog role
unless all the DCs in the environment holds the GC role.
If infrastructure master role is down?
No impact in a single domain environment.
If there are multiple domains, any change in an object which is referenced
by another object in another domain will not be reflected.
Why Infrastructure Master should not be a GC ?
PDC Emualtor
33
34
its own phantom objects. For all DCs in the domain, this task is done by the DC holding
the Infrastructure Master (IM) role. But except for DCs holding GC role as it doesnt
require the cross reference since it already holds a partial replica of all objects in the
forest. Phantom object will have the GUID, Distinguished Name(DN) and SID of the
object which is being referenced.
Process of updating Phantom objects
Suppose an object X in Domain A is referred in another Domain B. When a change is
made to X, the below activities take place.
35
Registry
COM+ Class Registration database
Boot files, including the system files
System files that are under Windows File Protection
Active Directory directory service (If it is domain controller)
SYSVOL directory (If it is domain controller)
Cluster service information (If it is a part of a cluster)
IIS Metadirectory (If it is an IIS server)
Certificate Services database (If it is a certificate server)
36