Windows Server 2008

1. WINDOWS SERVER 2008 2. WINDOWS 2008 Editions 3. WINDOWS 2008 Server Core 4. APPROX. COST OF WINDOWS SERVER 2008 5. Upgrade / Migrate 6. Upgrade from previous OS 7. WINDOWS SERVER 2008 INSTALLATION 8. Windows Server 2008 Activation 9. Activation Method 10. RAID 11. BACKUP and RECOVERY 12. Wbadmin 13. BACKUP Utility 14. Windows Recovery Environment 15. Server Roles for WINDOWS SERVER 2008 16. IP-ADDRESSING and IPV4 17. IPV6 18. Remote Desktop Connection 19. Steps for Remote Desktop Pc from Client PC 20. Remote Desktops 21. MANAGING SERVER CORE 22. TERMINAL SERVICES (TS) 23. TERMINAL SERVICES MANAGER 24. MANGAING FILE AND PRINT SERVERS 25. Share Folder 26. Attrib (Attribute) 27. Windows Registry 28. Disk Quotas 29. Disaster Recovery Tools 30. MMC 31. Remote Assistance 32. Signed & Unsigned Driver 33. Hardware Profile 34. CHKDSK.EXE(Check Disk) 35. Disk Defragmenter (DFRG.MSC) 36. ACTIVE DIRECTORY REVIEW 37. Introduction to AD 38. TRUST 39. FSMO 40. GC (GLOBAL CATALOG) Server 41. Site 42. AD replication 43. Backup of Active Directory (DC) 44. Understanding USER, GROUP & COMPUTER 45. Create Local User & Multiple Users 46. GROUP SCOPE 47. Public and Private key encryption 48. Trust concept of CA working 49. ETHERNET CARDS 50. Availability and Security 51. General Server Security Issues 52. OSI MODEL 53. Data Encapsulation 54. TCP/IP or DoD Model 55. Protocol Working at Host to Host (Transport) layer 56. NETWORK MONITOR 57. Internet Information Services 58. Monitoring Tools 59. DNS [Domain Name System] 60. DNS ZONE 61. Remote Access Authentication Process 62. Remote Access Interview Question & Answer part 1 Tutorials Interview Question & Answer part 2 Tutorials Interview Question & Answer part 3 Tutorials Interview Question & Answer part 4 Tutorials Interview Question & Answer part 5 Tutorials Interview Question & Answer part 6 Tutorials Interview Question & Answer part 7 Tutorials

Windows Server 2008 Interview Questions and Answers Part 7


61. Explain Forest, Tree, Domain and OU in short.


A forest can either consist of a single tree or number of trees that do not share a contiguous namespace. In this arrangement, every tree root domain has a transitive trust relationship with the root domain.

Groups of domain tree are grouped together to share resources.

Forest container can contain TREES, DOMAINS & OUs.



A tree is a hierarchical arrangement of domains that share a contiguous namespace. In such an arrangement the root domain name is attached as a suffix to the new domain names.

We can say Tree is a group of domains based on same namespace.

Tree container can contain Domains and OUs.

The Tree root domain is the highest Active Directory domain in the tree. The root domain contains the configuration and schema data for the tree.



In Windows  Domain is a logical grouping of network elements, including computers, users, printers & other components that make up the network.

Domain container object can contain Child Domain, OUs container and other leaf objects such as Users, Group, Computers, Printer etc.

Between Parent Domain and Child Domain there exist two way transitive trust.


OU (Organization Unit)

It is a logical subgroup within a domain. It can be created based on location, department or business purpose. OU is used for administrative control

OU is the smallest container on which one can assign GPOs Group Policies Object.

You can not assign Share Permission or Security rights to OU.

OUs container can contain child OUs and other leaf objects such as Users, Groups, Computers, Printers etc.


62. What are Operation Masters?

In an AD domains all DC are equivalent. They are all capable of writing to the database and replicating changes to other domain controller. However in any certain operations must be performed by one and only one system. In AD domains, operations master are domain controllers that play a specific role.


These operations are referred by many names such as

Operations Masters                              or

Operations Master  Roles                      or

Single Master Roles                              or

Operations Tokens                                or        

Flexible Single Master Operations [FSMO]


63. Explain FSMO.

FSMO stands for Flexible Single Master Operations.

We have 5 FSMO or Operations Master roles. They are grouped in two partition

A) Forest Wide Masters  [role performed for the entire forest]

  1. Schema Master

  2. Domain Naming Master

B) Domain Specific Masters  [roles performed in each domain]

  1. PDC [Primary Domain Controller] emulator

  2. RID [Relative Identifier] master

  3. Infrastructure master


64. What is PDC Emulator?

It stands for Primary Domain Controller. It emulate PDC in interim mode.

When we install AD onto the PDC of NT 4.0 domain, it will automatically become the PDC emulator. SAM on PDC will become AD on DC.

When we migrate from PDC to DC, within overnight we cannot migrate rest of all BDC to DC. There for PDC emulator is used to communicate with BDC that are still in an NT 4.0 domain environment.

It will check with Password in combination with BDC.

Once NT 4.0 domains are fully upgraded to Windows Server 2008 Domains, then there is no role for PDC Emulator except time service. 


65. What is RID Master?

It stands for Relative Identifier.

When we create any leaf object it is associated with SID (Security Identifier)

SID consist of = Domain SID + GUID (Globally Unique ID)

Domain SID will remain same for every object in domain.

GUID (Globally Unique ID) is 128 but unique no that keeps on changing over a network. When you rename the object GUID never changes

RID master is responsible to generate unique GUID to avoid duplicate SID.

If any account is deleted and then recreated again it will be assigned new SID



MICROSOFT introduced the concept of Transitive Trust in Windows 2000. Prior to Windows 2000, i.e. in Windows NT 4.0 if you configure Domain A to Trust Domain B and Domain B to Trust Domain C, Domain A would not trust Domain C unless you manually configured a separate trust relationship. While today since Windows 2000, whenever you add a new child domain or new domain new trust relationship is automatically created. i.e. if Domain A trust Domain B and Domain B trust Domain C – Domain A automatically trust Domain C i.e. Transitive Trust. These trusts do not require any administrative intervention, it is created automatically.


67. What is difference between TCP and UDP?

TCP [Transmission Control Protocol]

UDP [User Datagram Protocol]

TCP takes large blocks of information from an application and breaks them into segment. It numbers and sequences each segment so that the destination TCP can put those segments back into the order. After these segments are sent, it waits for an acknowledgement. It resends anything that is not received.


It is connection oriented


It is reliable & accurate


As it checks for error, it is complicated and costly in terms of network overhead.


UDP does not sequence the segment and does not care in which order the segments arrive at the destination. After it sends the segment it forgets about it and do not acknowledge it.


Because does not contact the destination before delivering information to it, it is considered as connectionless protocol.


It is fast but unreliable.


It is simple and does not increase network overhead.



68. Explain Protool and Port with example.

Both TCP and UDP can send data from multiple upper-layer applications at the same time. Port or Socket numbers keep track of different conversations crossing the network at any given time. Well-known port numbers are controlled by the IANA, the Internet Assigned Numbers Authority (IANA) is responsible for assigning the values used for TCP/IP protocols and ports. Application that do not use well-known port numbers have them randomly assigned for specific range. This random port is referred to as an ephemeral port.


PORT Numbers are as follows

Total there are 65536 ports, numbered from 0 to 65535

Numbers 0 to 1023 are considered Well-known ports

Numbers 1024 to 49151 are registered Ports

Number 49152 to 65535 are private vendor assigned and are dynamic.




Protocol and Port No

FTP - File Transfer Protocol

TCP 20 for Data

FTP - File Transfer Protocol

TCP 21 for Control


TCP 23

SMTP -Simple Mail Transfer Protocol to send mail

TCP 25

DNS - Domain Name System

TCP 53


DHCP -Dynamic Host Configuration Protocol for Server

UDP 67

DHCP -Dynamic Host Configuration Protocol for Client

UDP 68

HTTP -Hyper Text Transfer Protocol

TCP 80

Windows Product Activation

TCP 80 and 443

POP3 - Post Office Protocol 3 used to retrieve email

TCP 110

NNTP Network News Transfer Protocol

TCP 119

RPC - Remote Procedure Call

TCP 135

IMAP - Internet Message Access Protocol

TCP 143

SNMP - Simple Network Management Protocol

UDP 161

HTTPS - Hyper Text Transfer Protocol Secure

TCP 443

SSL - Secure Server Layer

TCP 686

L2TP - Layer Two Tunneling Protocol

UDP 1701

PPTP - Point to Point Tunneling protocol

TCP 1723

RDP - Remote Desktop Protocol

TCP 3389


69. What are different IIS logon Authentication?

Most public websites allow users to anonymously access content of pages. When a user anonymously accesses an IIS server in browser, the internet guest account (IUSR_ComputerName) determines the level and type of access. By default, internet guest account grants the user the right to logon locally.

Access to IIS can be controlled using following 5 authentication method.

  1. Anonymous Authentication:– allows user to access resources without being prompted for username and password information. IIS logs users using internet guest or web application guest account

  2. Integrated Windows Authentication:- uses standard windows security to validate a user’s identity. User are not prompted for logon information. Instead the windows logon credential are related to the server in an encrypted format that does not require the use of SSL. Only IE browser support this authentication method.

  3. Digest Authentication:– uses HTTP 1.1 digest authentication to securely transmit user credential. The user must have valid domain account and IIS server must be member of an Active Directory domain

  4. Basic Authentication:– Provides the most basic authentication control, users are prompted for username and password, which is passed to the IIS server as clear text unless SSL (Secure Socket Layer) is configured and used.

  5. .NET Passport Authentication:- uses .NET passport authentication to validate user access and credential. When validating user the server checks for passport authentication and if exist allow. If not valid, the user is redirected to the passport logon service.


70. What is difference between Primary and Secondary DNS Zone?

Primary Zone:-  a Primary zone file is master copy of zone. This zone is stores records that are writable copy. That is it can Read/Write data and it gets updated when data gets modified.


Secondary Zone: is a copy of Primary Zone. It is Read-Only copy and it gets updated when Primary Zone server send copy of Zone file to Secondary Server. Select a secondary zone to copy read-only data from another server. For e.g. you windows server can be secondary server to a non-windows server or vice versa. Secondary zone server helps to Fault tolerance, Load Balancing and Reduce name resolution traffic over WAN link


Pr.Pg border