Top 50+ Windows Server Interview Questions and Answers -4

1. Explain what is Windows Server?

Windows Server is a server operating system that enables a computer to handle network roles such as print server, domain controller, web server, and file server. As a server operating system, it is also the platform for separately acquired server applications such as Exchange Server or SQL Server.

2. What’s The Essence Of Application Partitions?

The application partitions are a part of the Active Directory system and having said so, they are directory partitions which are replicated to domain controllers. Usually, domain controllers that are included in the process of directory partitions hold a replica of that directory partition. The attributes and values of application partitions is that you can replicate them to any specific domain controller in a forest, meaning that it could lessen replication traffic. While the domain directory partitions transfer all their data to all of the domains, the application partitions can focus on only one in the domain area. This makes application partitions redundant and more available.

3. What Is Licensing Grace Period?

To give some time for the deployment and realization of one Terminal Server license server, the server will provide a licensing grace period. This license grace period is acquired so that you don’t have to have a license server. This grace period will allow you and the server to accept unlicensed clients without requiring further permission from the licensed server. The period will automatically start when you receive your first client and the licensing period will extend until you get a licensing server. That is when a licensing period will end and the licensing server can accept new clients and store their information in the server and this is called the CAL or the client’s access license.

4. What Is An Rd Gateway?

The RD gateway is a remote-desktop gateway. If gateway was the access point to the internet, the remote-desktop gateway allows users from a private network to join it through the RD-gateway, using the remote-desktop connection.

5. What Is Windows Server Backup?

Windows Server Backup is a feature released for the Windows 2008 that provides a number of solutions on backing up the data on your computer in case of a system failure or any other issue. Windows Server Backup can backup a few files to a whole server. The server backup is accessible through command lines and a management console.

6. What Are Synthetic Drivers?

Synthetic drives are different and better than the emulation ones in their functions. They don’t imitate another program but, create another hardware complex device on a virtual platform.

7. What Is Direct Access?

Direct Access enables users to access the websites, applications and internal network file shares securely without the need to connect to a virtual private network (VPN). An internal network is also called a private network or intranet. Every time a Direct Access-enabled computer connects to the Internet, even if this happens before the user logs on, Direct Access sets up bi-directional connectivity with an internal network. Users do not have to think about connecting to the intranet. The remote computers can be managed outside the office by the IT administrators, even when the computers are not connected to the VPN.

8. What Is Dac?

Microsoft Dynamic Access Control or DAC is a data governance tool in Windows Server 2012 that allows administrators control access settings. It uses centralized policies to permit administrators to review who has access to individual files. Files can be classified manually or automatically.

9. What are Pass Through Discs?

A pass through disc is a physical disc used for storing virtual discs and it has a disc format and file system.

10. What is Desktop Virtualization?

Desktop virtualization is a logical procedure to isolate and extract the OS or system from the client that is ready to access it. There are many types of desktop virtualizations some of which include virtual machines while some do not. If the operating system is locally controlled, users have to access their desktop through a network relating to a remote display protocol. The processing of the desktop virtualization is done in a data center. So, applications like tablets can join Host virtual machine. This virtual machine can be accessed by an individual and can be personalized the way he wants it. This is the most common and simplest way of accessing and using a desktop virtualization.

11. What is Branch Cache?

Branch Cache is designed to improve application responsiveness and reduce WAN link utilization so that the servers can be accessed from remote locations easily. The remote computer uses cache of data that is maintained locally to reduce traffic over a LAN link. The cache can be stored on a server in the branch (Hosted Cache mode) or can be distributed across client computers (Distributed Cache mode).

12. Can we have more than one RID master in the domain?

We cannot have more than one RID master per domain. lt primary is RID mastre where as if primary fails you can transfer FSMO roles to another DC in the domain.

13. What is group type and group scope? Explain types group types?

When we create group we are supposed to define type and scope for group. Type will define wheathere group can be used to assign permissions on resources or not. We can create a group of type security and distributed wherein security group can be used to assign permission and distributed group used for listing purposes.

14. In which situations do we use authoritative and non authoritative restore?

We do take backups to provision fault tolerance . There are two ways to restore active directory backup- authoritative and non authoritative. When there is a hardware or software failure we can restore the backup and let other DCs to replicate the restored one. This is non authoritative backup. Which is a default one.

If some object gets deleted by mistake and the changes not yet propagated to all DCs then we pick one DC where e can still find this object. Making this DC as authoritative we can allow other DCs to be replicated from this DC.

But here not whole directory is not restored instead the specific object can be made authoritative.

15. What are lingering objects?

Suppose if I delete some objects and the domain controller is offline, then it wont receive any replication because of which the object still persist in offline DC . If server is down for the period of tombstone lifetime then it will be termed as lingering object.

16. What is active directory defragmentation?

Active directory database is stored in ntds.dit. In order to optimize data storage , active directory automatically performs defragmentation every 12 hrs. Which will allow reclaiming space to store new objects.

17. What are related commands related to active directory replication ?

Repadmin tool by microsoft used to check replication between domain controllers.

Repadmin /replsummary- To check current replication health and summary state for DCs.

Repadmin /showrepl- will display the last replication for specific DC.

Repadmin /syncall- Forcefully initiating replication to sync with other DCs.(This can cause a lot of traffic so run it carefully )

Repadmin /replicate – This command will immediately replicate directory partition from source to destination.

18. What is ADSIEDIT ?

It is a tool which provides access to active directory objects and its attributes. We can manage using this tool.

19. What are superseded updates?

Microsoft sometimes provides a complete replacement for multiple updates called superseded updates. You may need this update when you are installing new PC and want to patch it with latest updates. WSUS does not by default decline superseded updates. We need to make sure that superseded updates are no longer needed by your machines and then you can decline them .

20. What are express updates?

When you enable express updates it will only download the changes between current month CU and previous updates. Using express update feature reduces bandwidth while downloading updates.

21. What are Cumulative updates?

Cumulative updates includes previously released ( bundle of updates). If cumulative updates is installed you won’t need to install previous updates (as they are now the part of CU) .

22. What is USN ?

USN is called as Update sequence Number. When we make changes to the object USN increments and during AD replication higher version only will retain.

23. When do the non authoritative restore is done?

It is default restore method. When there is a server crash, we can simply restore the latest backup of server. When server comes up it gets replicated by other DCs and gets sync.

24. What is blue screen error?

Blue screen error will cause system to restart or shutdown unexpectedly. It will display the blue screen with indication of some kernel module fault. I can be caused by wrong device drivers, or malfunctioning of hardware components.

25. What is active directory federation service?

It is single sign on service which provides authentication for the users who want to access applications outside the forest. We use federation service when we want to provide access to users from other organizations without the need to create their account in our directory.

26. What is RAID?

RAID is Redundant Array of Independent Disk. It is fault tolerance technique used to provide redundancy which ultimately provide protection from data loss. We have several RAID levels in through which we can achieve fault tolerance. There are two types of RAID configuration – Hardware RAID , in which we need RAID card and it can be configured with BIOS. where other is software RAID which RAID configuration can be done which the help of operating system.

27. What is break mirror vs Remove Mirror option in RAID?

If we want to stop mirroring on selected volume then we should say Break Mirror. It will not erase data on volume. If you want to get extra space then simply use remove mirror option as it will flush data on selected disk.

28. What is sysprep Tool?

Sysprep Tool is used while capturing image of machine which will be deployed on multiple machines without creating duplicate SIDs.

29. What is difference between fsmo role transfer and seize role?

When PDC fails, we perform seize role on ADC (forcefully transferring FSMO roles). But if PDC is alive and we want to isolate server for some reason we can transfer FSMO roles from PDC to ADC . This operation is performed on PDC .

30. What is certificate revocation means?

Certificate Authority can Revoke (cancel) certificate before expiration so that they can not be trusted any longer. The certification Revocation list can be published by Certificate Authority.

31. I am having 8 GB pen drive and trying to copy win server 2012 R2 iso, but it is showing error. What is the reason?

The iso file is around 4GB and the space in pen drive is more but if the pen drive is formatted with FAT then it won’t allow the file size more than 4 GB. So format it with NTFS or else if there is some data which you don;t want to lose then just convert it to NTFS using convert <drive name> /fs:ntfs command.

32. What is nano server?

Nano server is smallest version of windows specially developed by Microsoft for cloud applications and for containers.

33. What is HyperV shielding feature?

HyperV shielding is feature which protects VMs from getting tampered by unauthorized access. It used secure boot and Bitlocker features.

34. I have standard primary DNS zone for my domain configured on server DC1 in Mumbai. For Ans: the same domain I am having another server DC2 at Pune location on which DNS is installed. If both locations are connected by a WAN link and I want to make sure that DNS should resolve and update even if the WAN link is down. What can be done in this situation?

When we use standard primary DNS , we need to manually configure secondary DNS server which only can resolve DNS queries but wont update DNS database. But if we use active directory integrated DNS it replicates on DC’s hence maintain redundancy and also support write operations on any server. Hence in the given example We should convert standalone DNS to AD integrated Zone.

35. What is role of OCSP in certificate Authority?

Online certificate status protocol determines status of digital certificate without the need of downloading certificate revocation list.

36. What is the location of the Active Directory database?

The AD database is stored on domain controllers and can be accessed by network applications. All domains can be domain controllers and have a copy of the AD database.

37. What are the modifications made in Active Directory in Windows 2008?

One of the first modifications made to Active Directory in Windows 2008 is renaming the Active Directory to a different name, Active Directory Domain Service. Other then the name, no other changes have been made in it’s specifications, settings and tools. Then what is the purpose of Active Directory Domain Services? The “domain service” part identifies the directory as a service which can provide authorization and policy management control. It is called a service because the Active Directory could be brought to a full stop and then re-activated. Using the active directory as a service allows easier maintenance of the domain controllers.

38. What is Active Directory’s recycle bin and what is it’s purpose?

The Active Directory’s recycle bin is a modified tool that came in the Windows 2008 pack and is very user-friendly and a very helpful tool for restoring or even storing items in the recycle bin. How does the directory’s recycle bin work you may ask? For example, you may find yourself in a situation where you’ve accidentally deleted an item that you now wish to restore. Even as a network administrator, grabbing the objects from the Active Directory is a wonderful action that Windows 2008 released, because mistakes are often made. This tool enhances the efficiency of the Active Directory service by the several actions this tool provides, like the restoration of objects, putting unneeded items in the recycle bin and using data space more resourcefully and efficiently.

39. What is licensing’s grace period?

To give some time for the deployment and realization of one Terminal Server license server, the server will provide a licensing grace period. This license grace period is acquired so that you don’t have to have a license server. This grace period will allow you and the server to accept unlicensed clients without requiring further permission from the licensed server. The period will automatically start when you receive your first client and the licensing period will extend until you get a licensing server. That is when a licensing period will end and the licensing server can accept new clients and store their information in the server and this is called the CAL or the clients access license.

40. What are the areas of virtualization?

The five branches or major areas of virtualization are application, desktop , storage, network and server. Giving a brief definition for all of these terms will not only be better for an answer of this question, but also will give out that you are actually involved in the technology. The application virtualization in simple terms means controlling or running an application from a remote desktop. The application is delivered and manipulated through application streaming. Desktop virtualization is the involvement of the individual accessing a desktop on a local network through a remote display protocol. This differs much from the server virtualization (which are the big savings in the IT world). The server virtualization is all about covering and hiding a physical part or a hardware part, so that a server instance would function or appear as everything is stable when it really isn’t. This saves up allot of hardware repair and costs as well as maintenance. The network virtualization configures network resources and splits bandwith into individual channels, while the storage virtualization concerns hardware parts by “pulling them together” physically, only to fool the host-operating system that all the hardware parts are well connected, complying with each other and responding well, to one another.

41. What is the function of a virtual disc?

The virtual disc is some sort of a disk image. This disk image is created to work with a guest-operating system which is running on top of your basic, standard system. Using the virtual disc, means creating it so it can replace a physical disc or partition that is there but cannot be recognized by the guest-operating system or is not there at all. Wherever there’s a physical gap in between discs or in hardware parts, the virtual disc can help and replace that part, so the guest-operating system can continue to function without noticing the difference.

42. Explain emulation drivers.

The emulation drivers are mainly devices that imitate another program. In simple terms, emulation drivers are a trick to fool the device that it is some other sort of a device.

43. What is OU?

Organizational Units (OU) are containers on a computer with the level of sophistication as in an administrative setting. It supports administrators to organize set of users together so that any alterations occur, security settings and any other administrative works could be fulfilled more effectively.

43. What is a Tree in MCSA?

A Windows tree is a usually a set of one or more trusted Windows domains with adjoining DNS domains. In this case, “Trusted” connotes the idea that a validated account from one domain is not eliminated by another domain. “Contiguous DNS domains” is simply that they all have the similar root DNS name.

44. Explain Site and Schema.


Sites are manually described associations of subnets. Objects in a site divide between them the exact global catalogue servers and can have a customary set of group planning applied to them.


The schema describes the attributes, objects, classes, and rules that are available in the Active Directory.

45. Why SID (Security Identifier)?

The SID is a peculiar name (alphanumeric character string) that is used to figure out an object, namely a user or a set of users.

46. What are GPO, GPC, and GPT?

Group Policy objects (GPO):

A GPO is a collective Group Policy settings that are stored at the domain level as a virtual object comprised of a Group Policy container (GPC) and a Group Policy template (GPT).

Password history will store as follows:

Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy.

Group Policy Container (GPC)

The Group Policy container (GPC) is an Active Directory container that has included GPO attributes, like version information, GPO status, and moreover a list of other element settings.

Group Policy Template (GPT)

The Group Policy template (GPT) is a file system folder that contains policy data mentioned by .adm files, script files, security settings, and information about applications that are accessible for installation. The GPT is situated in the system volume folder (SysVol) in the domain \Policies sub-folder.

47. How to filter the Scope of a GPO?

By default settings, GPO conditions all users and computers that are included in the connected domain, site, and organizational unit. The administrator can additionally point out the computers and users that are influenced by a GPO by using membership in security groups.

Ever since the arrival of Windows 2000, the administrator can append both computers and users to security groups. Then the administrator can mention which security pool is affected by the GPO with the help of the Access Control List editor.

48. Explain Knowledge Consistency Checker (KCC).

The Knowledge Consistency Checker (KCC) is a Windows element that instinctively creates and manages the intra-site and inter-site copying topology.

49. How GUID works?

When a new domain user or group account is generated, Active Directory stores the account’s SID in the Object-SID (objectSID) property of a User or Group object. It also allocates the new object a universally unique identifier (GUID), which is a 128-bit value that is distinctive not only in the endeavour but also across the globe. GUIDs are specifically aligned to every object made by Active Directory, not just User and Group objects. Each object’s GUID is stored in its Object-GUID (objectGUID) property. Active Directory uses GUIDs internally to figure out objects.

50. What is the full form of MCSA?

MCSA is abbreviated as Microsoft Certified Solution Associate.

51. What are the exams offered by the MCSA certification program?


The following are the exams that are offered by the MCSA certification program, and they are:

MCSA Windows Server 2012:

Configuring Advanced Windows Server 2012 services

Administration on Windows Server 2012

Installation of Windows Server 2012

MCSA Windows Server 2008:

Server Administrator

Network Infrastructure

Configuring MCSA Windows Server 2008, Active Directory

MCSA Windows 10:

Configuration of Window Devices

MCSA Windows 8:

Configuration of Windows 8.1

Supporting Windows 8.1

MCSA SQL Server:

Querying SQL Server 2012

Administrating Databases

Implementation of Datawarehouse with SQL Server 2012

MCSA Azure or Linux:

Implementation of Azure Infrastructure Solutions

System Administrator for Linux Foundation Certification