Monday, August 3, 2015

Reference

When you place a New Domain Controller what is the Important step you do to ensure the clients authentication happen quickly? 
Need to Associate all the Subnets of clients in the Site

What are all the FSMO Roles?

    Two Forest Wide Roles 
       Schema master
       Domain naming master

   Three Domain Wide Roles
      RID master
      PDC emulator
      Infrastructure master

Explain WINS?
WINS Stands for Windows internet Naming System

What is Journal Wrap Error?

Explain DNS? 
Domain Name System

What is Host Record?
Host Records Consist of netbios or service  name pointed to an Internet protocol Address

What is the Record we Create for IP addresses?
PTR Record

What is the Record you create for Mail Servers?
MX Record

What Setting you enable a User to access the other Forest?
In Group Policy Cross Forest User Policy and Roaming  User Profiles

How do Monitor Replication?
repadmin /showreps
repadmin /queue
repadmin /replsummary
repadmin /showrepl * /csv  Replication.csv

How do force Replication?
repadmin /syncall /APed
In Sites and services - connection object - NTDS Settings - Replicate now

What is loop back processing?
Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.

Explain Merge and Replace Settings?

Merge Mode
In this mode, when the user logs on, the user's list of GPOs is typically gathered by using the GetGPOList function. The GetGPOList function is then called again by using the computer's location in Active Directory. The list of GPOs for the computer is then added to the end of the GPOs for the user. This causes the computer's GPOs to have higher precedence than the user's GPOs. In this example, the list of GPOs for the computer is added to the user's list.

Replace Mode
In this mode, the user's list of GPOs is not gathered. Only the list of GPOs based on the computer object is used.

In What order Group Policies are applied
Local Policy
Site
Domain 
Organisational Unit

Explain DNS Zones
Primary
Secondary
Stub Zone
Active Directory Integrated

Group Policy refresh interval 
90 Mins

How you force a group policy to a user? 
gpupdate /force

How do you define SPN ?
By Set SPN Command

When you seize a FSMO Role?
When a Domain Controller holding any one or more of FSMO Role holder is went offline or failed to connect with the domain due to hardware issues, We need to seize the FSMO Role to a Domain Controller which running.

What is C Name Record?
Canonical Name Record 

What are all the diffrences in Records?

The A record maps a name to one or more IP addresses, when the IP are known and stable.
The CNAME record maps a name to another name. It should only be used when there are no other records on that name.
The ALIAS record maps a name to another name, but in turns it can coexist with other records on that name.
The URL record redirects the name to the target name using the HTTP 301 status code.

What is SPN?
Service Principal Name

How to Change the DSRM Password of all the Domain Controller in the Domain with the same password???

Beginning with hotfix KB961320 on Windows Server 2008, you now have the option to synchronize the DSRM password on a DC with a specific domain account. You must do every time the password is changed; it does not create an automatic sync partnership.
1. Create a standard domain user account and set it with a complex password. It does not need to be a member of any special groups or the Domain Admins group.

image
2. Install the hotfix on your DC and restart.
3. Logon to the DC normally.
4. In an elevated CMD prompt where you have logged on as a Domain Admin, run:
NTDSUTIL SET DSRM PASSWORD SYNC FROM DOMAIN ACCOUNT <your user here> Q Q

Please check the below link for more information

http://blogs.technet.com/b/askds/archive/2009/03/11/ds-restore-mode-password-maintenance.aspx

What tool you use to view AD Partitions?
ADSI Edit

Explain the Client Login Process?

What is Server Core Edition
The Server Core option is a new minimal installation option that is available when you are deploying the Standard, Enterprise, or Datacenter edition of Windows Server 20081. Server Core provides you with a minimal installation of Windows Server 2008 that supports installing only certain server role

Table 1-2 GUI Applications Available in a Server Core Installation
That's a pretty short list! Now here's a list of user interface elements that are not included in Server Core:
  • The Windows Explorer desktop shell (Explorer.exe) and any supporting features such as Themes
  • All MMC consoles
  • All Control Panel utilities, with the exception of Regional And Language Options (Intl.cpl) and Date And Time (Timedate.cpl)
  • All Hypertext Markup Language (HTML) rendering engines, including Internet Explorer and HTML Help
  • Windows Mail
  • Windows Media Player



  • Most accessories such as Paint, Calculator and Wordpad



Where will you place RODC
Read-only domain controllers (RODCs) are a new feature of Active Directory Domain Services (AD DS) in Windows Server 2008. RODCs are additional domain controllers for a domain that host complete, read-only copies of the partitions of the Active Directory database and a read-only copy of the SYSVOL folder contents. By selectively caching credentials, RODCs address some of the challenges that enterprises can encounter in branch offices and perimeter networks (also known as DMZs) that may lack the physical security that is commonly found in datacenters and hub sites.

How you apply spn to a user or computer account?
Set Spn Command

How a Client reporting to WSUS server?
???

Which Day Microsoft release it patches?
Every Second Tuesday of the Month, Sometime in Fourth Tuesday also.
Microsoft has an apparent pattern of releasing a larger number of updates in even-numbered months, and fewer in odd-numbered months.

Give us Some of the Important Security update released by Microsoft related to Active directory
Microsoft Security Bulletin MS14-077   November 11, 2014
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381)

Microsoft Security Bulletin MS08-003
Vulnerability in Active Directory Could Allow Denial of Service (946538)
http://www.microsoft.com/technet/security/Bulletin/MS08-003.mspx

Microsoft Security Bulletin MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)
http://www.microsoft.com/technet/security/Bulletin/MS08-035.mspx

Microsoft Security Bulletin MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)
http://www.microsoft.com/technet/security/Bulletin/MS08-035.mspx

Microsoft Security Bulletin MS09-018     June 09, 2009 | Updated: June 17, 2009
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx

Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)
http://www.microsoft.com/technet/security/bulletin/ms09-066.mspx

Microsoft Security Bulletin MS10-068
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
http://www.microsoft.com/technet/security/bulletin/ms10-068.mspx

Microsoft Security Bulletin MS11-005       February 08, 2011
Vulnerability in Active Directory Could Allow Denial of Service (2478953)
http://www.microsoft.com/technet/security/bulletin/ms11-005.mspx

Microsoft Security Bulletin MS11-086
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
http://www.microsoft.com/technet/security/bulletin/ms11-086.mspx

Microsoft Security Bulletin MS11-095
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
http://technet.microsoft.com/en-us/security/bulletin/MS11-095

Microsoft Security Bulletin MS13-032
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
http://technet.microsoft.com/en-us/security/bulletin/ms13-032

Microsoft Security Bulletin MS13-066   August, 13, 2013
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)

Microsoft Security Bulletin MS13-079 - Important September 10, 2013
Vulnerability in Active Directory Could Allow Denial of Service (2853587)

Microsoft Security Bulletin MS14-016
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
http://technet.microsoft.com/en-us/security/bulletin/ms14-016

Microsoft Security Bulletin MS14-016
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
http://technet.microsoft.com/en-us/security/bulletin/ms14-016

Microsoft Security Bulletin MS14-025 - Important May 13, 2014
Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)

How to Connect a Storage NAS Device to a Domain Controller?
????????

Where to Enable Global Catalog server?
In Sites and Services Select the Particular DC's NTDS Settings, and then click Properties.

What are the files will be there in a ifm media?
What are all the contents available in System State Backup?
·         Active Directory
·         The SYSVOL tree
·         The Boot.ini file
·         The COM+ class registration database
·         The registry


Give Some Important features of 2008 or Diffrence between 2003 and 2008?
RODC
Fine Grained Password Policies
Restarable Directory Services
Hyper V
DFS - R Replication
Database Mounting Tool
Server Core Installation
Powershell Support
IPV6 Support
Roles
AD Recycle Bin
Offline Domain Join
Group policy (ADMX and ADML Files, Improved Slow Link Detection Policy)

What is AMDX and ADML Files?
In Group Policy for versions of Windows earlier than Windows Vista, if you modify Administrative template policy settings on local computers, the Sysvol share on a domain controller within the domain is automatically updated with the new ADM files. In Group Policy for Windows Server 2008 and Windows Vista, if you modify Administrative template policy settings on local computers, Sysvol will not be automatically updated with the new ADMX or ADML files (ADML files are XML-based ADM files that contain language-specific settings). This change in behavior is implemented to reduce network load and disk storage requirements, and to prevent conflicts from occurring between ADMX files and ADML files when edits to Administrative template policy settings are made across different locales. To ensure that any local updates are reflected in Sysvol as well, you must manually copy the updated ADMX or ADML files from the PolicyDefinitions folder on the local computer to the Sysvol\PolicyDefinitions folder on the appropriate domain controller.

What is the event id for lingering Object issue?
Event or Error status
Event or error text
Implication
AD Replication status 8606
"Insufficient attributes were given to create an object. This object may not exist because   it may have been deleted."
Lingering objects are present on the source DC (destination DC is operating in Strict Replication Consistency mode)
AD Replication status 8614
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
Lingering objects likely exist in the environment
AD Replication status 8240
There is no such object on the server
Lingering object may exist on the source DC
Directory Service event ID 1988
Active Directory Domain Services Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory Domain Services database.
Lingering objects exist on the source DC specified in the event
(Destination DC is running with Strict Replication Consistency)
Directory Service event ID 1388
This destination system received an update for an object that should have been present locally but was not.
Lingering objects were reanimated on the DC logging the event
Destination DC is running with Loose Replication Consistency
Directory Service event ID 2042
It has been too long since this server last replicated with the named source server.
Lingering object may exist on the source DC

How to Create AD Snapshot?
open CMD.exe, Ntdsutil, activate instance ntds, snapshot, create, list all.

What are the DNS Query Types available?
Recursive
Iterative

What are all the SRV Records exist?
      domain.forest.com A 157.55.81.157
      _ldap._tcp.forest.com SRV 0 0 389 domain.forest.com
      _kerberos._tcp.forest.com SRV 0 0 88 domain.forest.com
      _ldap._tcp.dc._msdcs.forest.com SRV 0 0 389 domain.forest.com
      _kerberos._tcp.dc._msdcs.forest.com SRV 0 0 88 domain.forest.com.

What is DNS Zone Corruption?

What is the Diffrence of Seizing and Transfering?
Seize will be done when role holder is offline, Transfer will be done only when the holder is online and able to connect from the New FSMO role holder.

Where will be the DSRM passowrd Stored? 
In SAM File under C:\WINDOWS\system32\config

How to Check Domain and Forest Functional level?
Forest Functional Level (FFL) and Domain Functional Level (DFL) of Active Directory from command line or using PowerShell:

Get Domain Functional Level using PowerShell:
Get-ADDomain | fl Name,DomainMode

Get Forest Functional Level using PowerShell:
Get-ADForest | fl Name,ForestMode

Get Forest Functional Level using dsquery:
dsquery * "CN=Partitions,CN=Configuration,DC=lab,DC=local" -scope base -attr msDS-Behavior-Version

Conversion table:
0 = Windows 2000
1 = Windows 2003 interim
2 = Windows 2003
3 = Windows 2008
4 = Windows 2008 R2
5 = Windows 2012

Get Domain Functional Level using dsquery:
dsquery * "DC=lab,DC=local" -scope base -attr msDS-Behavior-Version ntMixedDomain

Conversion table:
0, 0 = Windows 2000 Native
0, 1 = Windows 2000 Mixed
2, 0 = Windows 2003
3, 0 = Windows 2008
4, 0 = Windows 2008 R2
5, 0 = Windows 2012

Get the Active Directory Schema version using dsquery:
dsquery * "CN=Schema,CN=Configuration,DC=lab,DC=local" -scope base -attr objectVersion

13 = Windows 2000 Server
30 = Windows Server 2003 RTM, Windows Server 2003 with Service Pack 1,
         Windows Server 2003 with Service Pack 2
31 = Windows Server 2003 R2
44 = Windows Server 2008 RTM
47 = Windows Server 2008 R2

56 = Windows Server 2012 RTM



Important Port numbers related to AD and Windows?

Server Port
Protocol
Service
AD and AD DS Usage
Type of traffic
20
TCP
FTP Data
21
TCP
FTP Control
23
TCP
Telnet
123
UDP
W32Time
Windows Time, Trusts
Windows Time
135
TCP
RPC Endpoint Mapper
Replication
RPC, EPM
464
TCP
Kerberos password change
Replication, User and Computer Authentication, Trusts
Kerberos change/set password
464
UDP
Kerberos password change
Replication, User and Computer Authentication, Trusts
Kerberos change/set password
389
TCP
LDAP
Directory, Replication,
User and Computer Authentication, Group Policy, Trusts
LDAP
389
UDP
Directory, Replication,
User and Computer Authentication, Group Policy, Trusts
LDAP
636
TCP
LDAP SSL
Directory, Replication,
User and Computer Authentication, Group Policy, Trusts
LDAP SSL
3268
TCP
LDAP GC
Directory, Replication,
User and Computer Authentication, Group Policy, Trusts
LDAP GC
3269
TCP
LDAP GC SSL
Directory, Replication,
User and Computer Authentication, Group Policy, Trusts
LDAP GC SSL
53
TCP
DNS
User and Computer Authentication,
Name Resolution, Trusts
DNS
53
UDP
DNS
User and Computer Authentication,
Name Resolution, Trusts
DNS
88
TCP
Kerberos
User and Computer Authentication, Forest Level Trusts
Kerberos
88
UDP
Kerberos
445
TCP
SMB/SMB over IP (Microsoft-DS)
Replication, User and Computer Authentication, Group Policy, Trusts
SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
445
UDP
SMB
Replication, User and Computer Authentication, Group Policy, Trusts
SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
138
UDP
DFSN, NetLogon, NetBIOS Datagram Service, Group Policy
DFS, Group Policy, NetBIOS Netlogon, Browsing
DFSN, NetLogon, NetBIOS Datagram Service
67
UDP
DHCP, WDS
DHCP, MADCAP, PXE
DHCP, MADCAP, PXE
2535
UDP
MADCAP
DHCP, MADCAP, PXE
DHCP, MADCAP, PXE
137
TCP
NetBIOS Name Resolution
NetBIOS Name Resolution
NetBIOS Name Resolution
137
UDP
NetLogon, NetBIOS Name Resolution
NetLogon, NetBIOS Name Resolution
NetLogon, NetBIOS Name Resolution
138
UDP
NetBIOS datagram service
139
TCP
DFSN, NetBIOS Session Service, NetLogon
User and Computer Authentication, Replication
DFSN, NetBIOS Session Service, NetLogon
119
TCP
NNTP
443
TCP
HTTPS
593
TCP
25
TCP
Replication
SMTP
110
TCP
POP3
42
NetBios
WINS Replication
1512
WINS resolution 
9389
TCP
AD DS Web Services
SOAP
5722
TCP
File Replication
RPC, DFSR (SYSVOL)
143
TCP
IMAP4
1024 – 65535
TCP
NT4 BDC to Windows 2000 or newer Domain controller PDC-E communications
RPC, LSA RPC, LDAP, LDAP SSL, LDAP GC, LDAP GC SSL, DNS, Kerberos, SMB
1025 – 65535
UDP
NT4 BDC to Windows 2000 or newer Domain controller PDC-E communications
RPC, LSA RPC, LDAP, LDAP SSL, LDAP GC, LDAP GC SSL, DNS, Kerberos, SMB


What is Default DHCP Lease Duration and Renewal Duration?
DHCP Lease Duration
8
1st Attempt for DHCP Lease Renewal
4
2nd Attempt for DHCP Lease Renewal
6
3rd Attempt for DHCP Lease Renewal
6.6


What is KMS?

Whether ADRestore Tool Restore entire Object Attributes???
ADRESTORE will restore only SID, ObjectGUID, LastKnownParent and SAMAccountName

Reason
When the object was deleted, all the attribute values except SID, ObjectGUID, LastKnownParent and SAMAccountName were stripped.

Give the Types of memory dumps you know?
Complete memory dump
Location: %SystemRoot%\Memory.dmp
Size: ≈size of installed RAM plus 1MB

Kernel memory dump
Location: %SystemRoot%\Memory.dmp
Size: ≈size of physical memory "owned" by kernel-mode components

Small Memory Dump                 -
Location: %SystemRoot%\Minidump
Size: At least 64K on x86 and 128k on x64

Automatic memory dump
Location: %SystemRoot%\Memory.dmp
Size: ≈size of OS kernel

How to create a Full Memory Dump for a Server?


Scenarios
Network Card of a Domain Controller is down, how you will fix it?
How do you Troubleshoot slowness Issue in a Site?
How do you Troubleshoot Replication problem in a Site?
How to ensure a Healthy is DC?

Kerberos-NTLM Feature Comparison
NTLM
Kerberos
Underlying Cryptographic Technology
Symmetric Cryptography
- Basic Kerberos: Symmetric Cryptography
- Kerberos PKINIT (this is the Kerberos subprotocol that supports smart card logon): Symmetric and Asymmetric Cryptography
Trusted Third Party
DC
- Basic Kerberos: DC with Kerberos Key Distribution Center (KDC) service
- Kerberos PKINIT: DC with KDC service and Windows Enterprise Certification Authority (CA).
Microsoft Supported Platforms
Windows 95, Windows 98, Windows ME, NT 4.0, Win2K, XP, Windows 2003/R2, Vista
Win2K, XP, Windows 2003/R2, Vista
Features
Slower authentication because of pass-through authentication
Faster authentication because of unique ticketing system
No mutual authentication
Optional mutual authentication
No support for delegation of authentication
Support for delegation of authentication
No native protocol support for smart card logon
Native protocol support for smart card logon
Proprietary Microsoft authentication protocol
Open standard


Tips to Troubleshoot AD Replication error 5: Access is denied

1. Check "Access this computer from network" rights. 

2.  check CrashOnAuditFail=2 settings

      AD Replication fails when HKLM\System\CurrentControlSet\Control\LSA\CrashOnAuditFail = has       a value of "2", 

       A CrashOnAduitFail value of 2 is triggered when the "Audit: Shut down system immediately if     
      unable to log security audits" setting in Group Policy has been enabled AND the local security event 
       log becomes full. 


3.    Excessive Time Skew

4.    SMB signing mismatch 

5.    UDP formatted Kerberos packet fragmentation

       User Action   
·      From the console of the destination DC, ping the source DC by its fully qualified computer name to 
       identify the largest packet supported by the network route.
       
       c:\>Ping <source DC hostname.>.<fully qualified computer name> -f -l 1472

6.    Invalid Secure channel / Password Mismatch

       Validate the secure channel with "nltest /sc:query" or "netdom verify". 
       On condition, reset the destination DCs password with NETDOM /RESETPWD as described in             multiple articles including MSKB 325850 

             User Action

                 ·         Disable the KDC service on the DC being rebooted
                 ·         From the console of the destination DC, run NETDOM RESETPWD to reset the                                  password for the destination DC

                    c:\>netdom resetpwd /server: server_name /userd: domain_name \administrator      
                    /passwordd: administrator_password 

                 ·         Ensure that likely KDCs AND the source DC (if in the same domain) inbound 
                           replicate knowledge of the destination DCs new password.
                 ·         Reboot the destination DC to flush Kerberos tickets and retry the replication 
                           operation.


7.       Network Adapters with "IPv4 Large Send Offload" enabled:

            User Action

·            Open Network Adapter card properties
·            Select Configure button
·            Select Advanced tab
·            Disable "IPv4 Large Send Offload"
·            Reboot

8.        DCDIAG /TEST:CheckSecurityErrors was written to perform specific tests (including an SPN 
           registration check) to troubleshoot Active Directory operations replication failing with error 
            access is denied and error 8453: replication access was denied" but is NOT run as part of the 

default execution of DCDIAG.
Run DCDIAG on the destination DC
Run DCDAIG /TEST:CheckSecurityError
Run NETDIAG
Resolve any faults identified by DCDIAG and NETDIAG. Retry the previously failing replication operation. If still failing, proceed to "the long way around".


DHCP Scope option vs Server Options
Scope options will always precedence


It is possible to run Windows Server 2012 systems in a cluster with earlier versions of Windows Server.
False

The new clustering features in Windows Server 2012 are not backward-compatible; 

each node in a cluster must be removed, upgraded and then added to a new cluster. 

This is one of several things to consider when adding Server 2012 to an environment with earlier versions of Windows Server.

Which of the following is not an option that administrators can choose when changing Setting Sync policies in Windows Server 2012 Group Policy?
Do not synchronize user application settings
Do not synchronize user passwords
Do not synchronize user settings
Do not synchronize user desktop themes

YOUR ANSWER - Do not synchronize user passwords


SMB 3.0 ...
enables memory-to-memory data transfers between servers using standard network adapters.
supports application-consistent shadow copies of data stored on SMB file shares.
offers fast access to documents over high-latency networks.
is just a fancy name for SMB 2.2.
All of the above


In Windows Server 2012, Hyper-V live migration and failover clustering is possible without shared storage.
True
With Hyper-V 3.0, it will be possible to use direct-attached storage for live migration and failover clustering -- a change from Windows Server 2008 R2. Find out about other storage improvements in Server 2012.


Microsoft estimates that the deduplication feature in Windows Server 2012 should be able to deliver an optimization ratio of ____ for general data storage and ____ for virtual server environments.
2:1, 20:1
Windows Server 2012 includes the first-ever native deduplication feature offered in Windows.


How does the "salvage" feature in Windows Server 2012's new Resilient File System (ReFS) prevent data corruption from spreading?
Takes the volume offline and runs CHKDSK
Removes the corrupt data from the volume namespace while keeping the volume running
Automates deletion of corrupt files via PowerShell


Salvage is one of several new features that separates ReFS from NTFS, the previous file system.


Windows Server 2012 includes out-of-the-box support for RemoteFX.
True
Learn how the combination of Remote Desktop Session Host and RemoteFX improves the VDI experience in Windows Server 2012.


Windows Server 2012 includes out-of-the-box support for RemoteFX.
True

Learn how the combination of Remote Desktop Session Host and RemoteFX improves the VDI experience in Windows Server 2012.


What is/are the drawback(s) of the new IP Address Management tool in Windows Server 2012?
It can only manage servers that belong to designated Windows domains.
It cannot manage DHCP appliances.
Overall, IPAM promises to improve the unwieldy address management process, but it does have some limitations in its initial version.



In June 2012, Microsoft revealed that one of its key products was running on Windows Server 2012. This was:
Bing

With the release candidate version of Windows Server 2012, the company migrated Bing's servers to Windows Server 2012 to demonstrate its stability.



In Windows Server 2012, administrators can access the Active Directory Recycle Bin only via PowerShell.   - False

The Active Directory Recycle Bin, first introduced in Windows Server 2008 R2, is now accessible via a graphical user interface (GUI) (once it is turned on; it is disabled by default). Note that the AD Recycle Bin does not work the same as the typical desktop version.

Resilent file System

When accessing file shares hosted on NAS devices after deploying Windows Server 2012 domain controllers, you may observe the following symptoms:
  • Connections to mapped network drives using the format\\servername\sharename\subfolderfail with "Access Denied".
  • This problem occurs under the following conditions:
    • Kerberos is used to authenticate the user's session to the NAS device.
    • The Kerberos ticket used in the session setup was issued by a KDC running Windows Server 2012.
    • The NAS device does not understand Resource SID Compression, which is a new feature for Kerberos in Windows Server 2012.

Note - 
Please send Interesting Windows and AD Interview Questions to waran.siva@gmail.com to append here for the use of our Friends.