Windows 2008 Server Interview Questions Part II

1. What are the Important Windows port numbers:

RDP – 3389 – (windows rdp port number and remote desktop port number)
FTP – 21 – (file transfer protocol)
TFTP – 69 – ( tftp port number )
Telnet – 23 – ( telnet port number)
SMTP – 25 – ( SMTP port number)
DNS – 53 – ( dns port number and Domain Name System port number)
DHCP – 68 – (DHCP port number and Dynamic Host Configuration Protocol port number )
POP3 – 110 – ( post office Protocol 3 port )
HTTP – 80 – (http port number)
HTTPS – 443 – (https port number)
NNTP – 119 – ( Network News Transfer Protocol Port number )
NTP – 123 – (ntp port number and network Time Protocol and SNTP port number )
IMAP – 143 – (Internet Message Access Protocol port number)
SSMTP – 465 – ( SMTP Over SSl )
SIMAP – 993 – ( IMAP Over SSL )
SPOP3 – 995 – ( POP# Over SS L)
Time – 123 – ( ntp port number and network Time Protocol and SNTP port number )
NetBios – 137 – ( Name Service )
NetBios – 139 – ( Datagram Service )
DHCP Client – 546 – (DHCP Client port number)
DHCP Server – 547 – (DHCP Server port number)
Global Catalog – 3268 – (Global Catalog port number)
LDAP – 389 – ( LDAP port number and Lightweight Directory Access Protocol port number )
RPC – 135 – (remote procedure call Port number)
Kerberos – 88 – ( Kerberos Port Number)
SSH – 22 – ( ssh port number and Secure Shell port number)

2. How to check tombstone lifetime value in your Forest

Tombstone lifetime value different from OS to OS, for windows server 2000/2003 it’s 60 days, In Windows Server 2003 SP1, default tombstone lifetime (TSL) value has increased from 60 days to 180 days, again in Windows Server 2003 R2 TSL value has been decreased to 60 days, Windows Server 2003 R2 SP2 and windows server 2008 it’s 180 days

If you migrating windows 2003 environment to windows 2008 then its 60 day’s

you can use the below command to check/view the current tombstone lifetime value for your Domain/Forest

dsquery * “cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=” –scope base –attr tombstonelifetime

Replace forestDN with your domain partition DN, for domainname.com the DN would be dc=domainname, dc=com

Source:  http://technet.microsoft.com/en-us/library/cc784932(WS.10).aspx

3. How to find the domain controller that contains the lingering object

If we enable Strict Replication Consistency

Lingering objects are not present on domain controllers that log Event ID 1988. The source domain controller contains the lingering object

If we doesn’t enable Strict Replication Consistency

Lingering objects are not present on domain controllers that log Event ID 1388. Domain controller that doesn’t log Event ID 1388 and that domain controller contain the lingering object

You have a 100 Domain controllers which doesn’t enable Strict Replication Consistency, then you will get the Event ID 1388 on all the 99 Domain controllers except the one that contain the lingering object

Need to Remove Lingering Objects from the affected domain controller or decommission the domain controller

You can use Event Comb tool (Eventcombmt.exe) is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time.

You can download these tools from the following location:

http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en

4. What are Active Directory ports:

List of Active Directory Ports for Active Directory replication and Active Directory authentication, this ports can be used to configure the Firewall

Active Directory replication- There is no defined port for Active Directory replication, Active Directory replication remote procedure calls (RPC) occur dynamically over an available port through RPCSS (RPC Endpoint Mapper) by using port 135

File Replication Services (FRS)- There is no defined port for FRS, FRS replication over remote procedure calls (RPCs) occurs dynamically over an available port by using RPCSS (RPC Endpoint Mapper ) on port 135

Other required ports for Active Directory

TCP 53 – DSN (DNS Download)
UDP 53 – DSN (DNS Queries)
TCP 42- WINS
UDP 42- WINS
TCP 3389- RDP (Remote Desktop)
TCP 135 – MS-RPC
TCP 1025 & 1026 – AD Login & replication
TCP 389 – LDAP
TCP 639 – LDAP over SSL/TLS
TCP 3268 -Global Catalog
TCP 3268 – Global Catalog over SSL/TSL
UDP 137 & 138 – NetBIOS related
UDP 88 – Kerberos v5
TCP 445 – SMB , Microsoft-ds
TCP 139 – SMB

5. How to do active directory health checks?

As an administrator you have to check your active directory health daily to reduce the active directory related issues, if you are not monitoring the health of your active directory what will happen

Let’s say one of the Domain Controller failed to replicate, first day you will not have any issue. If this will continue then you will have login issue and you will not find the object change and new object, that’s created and changed in other Domain Controller this will lead to other issues

If the Domain Controller is not replicated more then 60 day’s then it will lead to Lingering issue

Command to check the replication to all the DC’s(through this we can check Active Directory Health)

Repadmin /replsum /bysrc /bydest /sort:delta

You can also save the command output to text file, by using the below command

Repadmin /replsum /bysrc /bydest /sort:delta >>c:\replication_report.txt

this will list the domain controllers that are failing to replicate with the delta value
You can daily run this to check your active directory health

6. GPRESULT falied with access denied error:

Unable to get the result from gpresult on windows 2003 server, gpresult return with the access denied errors, you can able to update the group policy without issue

Run the following commands to register the userenv.dll and recompile the rsop mof file
To resolve the access denied error while doing the gpresult.
1. Open a cmd
1. re-register the userenv.dll
Regsvr32 /n /I c:\winnt\system32\userenv.dll
2. CD c:\windows\system32\wbem
3. Mofcomp scersop.mof
4. Gpupdate /force
5. Gpresult

Now you able to run the gpresult without error and even server reboot not required for this procedure

7. What is the command to find out site name for given DC

dsquery server NYDC01 -site

domain controller name = NYDC01

8. Command to find all DCs in the given site

Command to find all the Domain Controllers in the “Default-First-Site-Name” site

dsquery server -o rdn -site Default-First-Site-Name

Site name = Default-First-Site-Name

9. How many types of  queries DNS does?

Iterative Query
Recursive Query

Iterative Query

In this query the client ask the name server for the best possible answer, the name server check the cache and zone for which it’s authoritative and returns the best possible answer to the client, which would be the full answer like IP address or try the other name server

Recursive Query

Client demands either a full answer or an error message (like record or domain name does not exist)
Client machine always send recursive query to the DNS server, if the DNS server does not have the requested information, DNS server send the iterative query to the other name server (through forwarders or secondary DNS server) until it gets the information, or until the name query fails.

About these ads

About Nitish Kumar
This is Nitish, currently I am based in Dallas, US and working as Wintel Lead for Datacenter operations. I have been handling various roles which includes Server/WINTEL Administration, VMware & Citrix XenApp Administration. I have good exposure with leading teams and project management. I have done certain professional certifications such as: 1. MCSE in Windows 2000 Server 2. MCSE in Windows Server 2003 3. MCTS in Windows 2008 Server 4. ITIL 3 5. Citrix Certified Administrator (CCA) 6. VMware Certified Professional (VCP 4.0) The concept of this blog is to share real time experience knowledge. Let’s connect.

4 Responses to Windows 2008 Server Interview Questions Part II

  1. Pingback: Windows Sever 2008/R2 Interview questions Part 1 « WinAdmins

  2. Pingback: Windows Server 2008 Active Directory Interview Questions Part 1 « WinAdmins

  3. subir says:

    How many Types of DNS?

  4. Sohail says:

    Good one!

Leave your Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 146 other followers

%d bloggers like this: