How do you load the DNS zone changes on other site before the scheduled replication happens?
Refresh the Zone on the DNS server in the site you want to see the changes.
How do you restore a deleted OU in AD?
Do an authoritative restore of the selective OU that is deleted.
How to apply DesktopLockDown/Restrictions policy to selective AD OUs?
Apply the DesktopLockDown/Restrictions policy to selective OUs. In case you need to apply for all but not to a particular OU, apply the policy at the domain level and block the policy inheritance at the OU that you need to exclude.
How to apply DesktopLockDown/Restrictions policy to selective AD Security Groups?
Apply the DesktopLockDown/Restrictions policy to OU and Deny the Policy to the selected AD Security Group.
What permissions required for installing an application that updates AD Schema?
One has to be a Schema Administrator for installing such an application as well as he should be have administrator rights on the system where he is installing it.
How do you provide the DNS zone details?
Use dnscmd /ZoneExport command to have all the zone data exported to file formats.
DNSCmd displays and changes the properties of DNS servers, zones, and resource records. It manually modifies these properties, creates and deletes zones and resource records, and forces replication events between DNS server physical memory and DNS databases and data files. Some operations of this tool work at the DNS server level while others work at the zone level.
References:
How do you allow users a domain be able to modify entries in one AD integrated DNS zone but not in the other?
You need to modify the permissions on DNS server via DNS Manager to let users modify that DNS zone.
How do you remove/uninstall AD DS role?
Run Dcpromo.exe and Choose Remove AD DS role
What are various Options available to Remove/Uninstall AD DS Role?
How do you configure AD FS such that AD FS tokens contain information from AD? Or How do you integrate AD FS with AD for populating the information from AD into AD FS tokens?
You need to Add and Configure a new Account Store in AD FS Trust Policy
How do you ensure that only Authenticated users are allowed to update Host (A) records in DNS zones?
One has to convert or setup such a DNS zone as Active Directory Integrated Zone. AD Integrated Zones allow only Authenticated users to update the Host records.
How do you configure your Online Responder server to issue Certificate Revocation List (CRLs) for enterprise root CA?
Since the CA is a standalone server, that is it’s not part of your domain, so you can’t apply auditing from a domain GPO rather you need to achieve the same via Local Group Policies. Here are the steps for configuring the same:
In DNS Manager Console, choose the zone to be allowed for transfers to Unix server and enable the BIND Secondaries
What are the steps involved in creating a New AD Site and Establishing Replication between two AD Sites?
How do you Launch AD Schema Snap-in?
AD Schema snap-in isn’t registered default for the user to find it readily, in view of it’s security. However, one can have it launched by manually registering the Schmmgmt.dll file.
Refresh the Zone on the DNS server in the site you want to see the changes.
How do you restore a deleted OU in AD?
Do an authoritative restore of the selective OU that is deleted.
How to apply DesktopLockDown/Restrictions policy to selective AD OUs?
Apply the DesktopLockDown/Restrictions policy to selective OUs. In case you need to apply for all but not to a particular OU, apply the policy at the domain level and block the policy inheritance at the OU that you need to exclude.
How to apply DesktopLockDown/Restrictions policy to selective AD Security Groups?
Apply the DesktopLockDown/Restrictions policy to OU and Deny the Policy to the selected AD Security Group.
What permissions required for installing an application that updates AD Schema?
One has to be a Schema Administrator for installing such an application as well as he should be have administrator rights on the system where he is installing it.
How do you provide the DNS zone details?
Use dnscmd /ZoneExport command to have all the zone data exported to file formats.
Dnscmd.exe: DNS Server Troubleshooting Tool
This command-line tool assists administrators in Domain Name System (DNS) management.DNSCmd displays and changes the properties of DNS servers, zones, and resource records. It manually modifies these properties, creates and deletes zones and resource records, and forces replication events between DNS server physical memory and DNS databases and data files. Some operations of this tool work at the DNS server level while others work at the zone level.
References:
How do you allow users a domain be able to modify entries in one AD integrated DNS zone but not in the other?
You need to modify the permissions on DNS server via DNS Manager to let users modify that DNS zone.
How do you remove/uninstall AD DS role?
Run Dcpromo.exe and Choose Remove AD DS role
What are various Options available to Remove/Uninstall AD DS Role?
- Run Dcpromo and choose Remove options. For automation, you can use an answer file.
- Goto Server Manager, Roles and uninstall AD DS Role
How do you configure AD FS such that AD FS tokens contain information from AD? Or How do you integrate AD FS with AD for populating the information from AD into AD FS tokens?
You need to Add and Configure a new Account Store in AD FS Trust Policy
How do you ensure that only Authenticated users are allowed to update Host (A) records in DNS zones?
One has to convert or setup such a DNS zone as Active Directory Integrated Zone. AD Integrated Zones allow only Authenticated users to update the Host records.
How do you configure your Online Responder server to issue Certificate Revocation List (CRLs) for enterprise root CA?
- Import the Enterprise root CA certificate.
- Import the OCSP Response Signing Certificate.
Since the CA is a standalone server, that is it’s not part of your domain, so you can’t apply auditing from a domain GPO rather you need to achieve the same via Local Group Policies. Here are the steps for configuring the same:
- Enable the Audit Object Access setting in Local Security Policy on the CA server
- Configure the Auditing in Certification Authority snap-in
- What are the possible ways to decommission a 2008 domain controller server and remove a child domain of a Forest?
- In order to decommission a child domain and it’s DC, first you have
to move/migrate all the required AD objects out from that domain to the
parent domain or wherever needed. Then use need to uninstall the AD DS
role on the DC. This can be done via
- Server Manager, Uninstall the AD DS server role
- Run Dcpromo.exe , Choose Remove Option. You can run the same tool using an answer file for automated uninstall of AD DS role.
In DNS Manager Console, choose the zone to be allowed for transfers to Unix server and enable the BIND Secondaries
What are the steps involved in creating a New AD Site and Establishing Replication between two AD Sites?
- Create new AD Site
- Install and Add a new Domain Controller to the new Site
- There will be a Default IP Site Link created for the replication with other AD sites in the domain
- On the new DC, In AD Sites and Services Console, Create a new IP Subnet to the new Site
- Move the DC Object to the new Site
How do you Launch AD Schema Snap-in?
AD Schema snap-in isn’t registered default for the user to find it readily, in view of it’s security. However, one can have it launched by manually registering the Schmmgmt.dll file.
