Some questions from a recent interview for Active Directory specialist position:
- What are some extended Active Directory attribute that are created when you install common enterprise Microsoft offerings?
- Depending on the MS product being deployed, there could be various changes on the schema. The good thing is that they are all well documented with sufficient description in Technet.
- For example, when installing Exchange 2016, attributes that are being created are: ms-Exch-UG-Event-Subscription-Link and ms-Exch-UG-Event-Subscription-BL.
- When deploying Skype for bussienss: msExchUserHoldPolicies, msRTCSIP-UserRoutingGroupId, msRTCSIP-MirrorBackEndServer
- Name 3 usage case of AD delegation that would be useful in a company
- Delegate Microsoft BitLocker Decryption rights to Help Desk
- Delegate new user creation and Identity and access management team [IAM]
- Delegate password reset to Global Service Desk users [GSD]
- Solve for this scenario.
o User A needs access to
o User B needs access to
§ Cannot have access to \\company.share\Confidential
o Solution needs to be scalable for the future
- Make 2 groups – User-a-category and User-b-category
- For the user-a-category, assign appropriate NTFS access to the specified folders in \\company.share\.
- For the user-b-category, assign NTFS access to the specified folders in \\company.share\.
- Set security permissions to the \\company.share\Confidential folder.
- If a user calls and tells you a newly created distribution group is unable to accept email from clients. What is the problem?:
- Analyze the error code, generated by sending emails [if available]
- Check if Group scope is appropriate [Universe/Global/Domain local]
- Check if “Sender authentication” is enabled
- Check with Get-TransportServer | Get-MessageTrackingLog -sender “address of sender” -recipient “address of DL”
- Check if there isn’t an anti-spam filter interfering [althou this could be depending if internal/external messages are being received]
- Remove the user from the group and add him again [some classical IT troubleshooting]
- What is a loop back group policy?
Allows user configuration settings to be applied, based on the computers GPO. Thus computers policies take precedence over user’s policies/ settings. Works in 2 modes:
replace: the user policies defined in the computer’s GPO replace the user policies, normally applied to the user
merge: the user policies defined in the computer’s GPO and the user policies normally applied on the user’s are merged. If a conflict occurs, the user policies in the computer’s default GPO overwrite the user’s normal policies.
Part 2 will be on soon.
Series: Compact corporate environment
- troubleshoot common problems found in complex environment
- gain additional experience
- test new products and features
- develop some PowerShell and Desired State configuration scripts
- go through the design and deployment phases
- enjoy while building, breaking and fixing
Continue reading “Series: Compact corporate environment”
A small collection of useful programs, applications and mmc’s that can be of use, when your Active Directory isn’t cooperating and working as designed, or trying to find that small problem in the environment, that has been bothering you for quite some time.
Post in progress, regularly updated.
Continue reading “Active Directory/ Windows environment troubleshooting toolbox”
To make the life of admins easier, Microsoft has put together a convenient step sequence, which can be found here. It shows what needs to be done and what tools are available for this troubleshooting. Even if those tools are windows centric, the event flow is quite general and can be used for pretty much all system troubleshooting activities.
In general, it goes like:
- Check the networking [dhcp, dns, ports, firewalls, etc. ]
- Check the domain controllers [event viewer, dcdiag, resources, etc]
- Check authentication [netdiag, netsetup.log]
- Check Access control [Netdom, net view, etc.]
- Diagnosing and Troubleshooting Active Directory Problems – https://technet.microsoft.com/en-us/library/cc961826.aspx