domain interview questions

Top 15 domain interview questions

5491 Jobs openings for domain

Cannot create new user account Windows Server 2012

I created a Windows Domain account that works on MYDOMAIN. All computers attached to MYDOMAIN can use the credentials I have created for log on except for one.

On PROBLEMSERVER01 when I try to log in with MYDOMAIN \ myuser I get the following error (other accounts previously created are working):

User Profile Service service failed the sign-in.

User Profile cannot be loaded.


When I log on to the server and check C:\Users I do not see a folder associated with the account I created. When I check each registry's S-1-5 folders under the the ProfileImagePath entry there is no entry for my user. http://support.microsoft.com/kb/947215

If I try to create the account locally on the machine it appears to work upon creation (no errors there), but if I try to log in I get the same message and no entries are added to the registry.

User Profile Service service failed the sign-in.

User Profile cannot be loaded.


Event log data after trying to sign in:

User Logoff Notification for Customer Experience Improvement Program

User Logon Notification for Customer Experience Improvement Program

The Windows Error Reporting Service service entered the stopped state

The Windows Error Reporting Service service entered the running state

A LDAP connection with domain controller DC01.MYDOMAIN.localhost for domain MYDOMAIN is established

I have also tried copying the C:\Users\Default folder from a known good server to this one with no change in results.

Source: (StackOverflow)

Would IT ever need a user's domain password?

Is there anything a Windows domain administrator might need to do while configuring a workstation for a new user that absolutely can't be done without the user's domain account password? To avoid asking users for their passwords the admin could, theoretically, change the password, log in as the user, and do whatever it is they wanted to do, but would that actually give them any additional permissions that they don't already have by virtue of being a domain administrator?


The answers so far have referred to "tuning" or changing the user's profile. However, there's this article from Microsoft on modifying the default profile which gets applied to users when they log on for the first time and these instructions for changing another user's Windows registry settings at any time. What would an admin change while logged in as a user that the admin couldn't change using these or other available techniques that don't involving logging in as the user? Just "logging in as the user" isn't a reason to ask for or change the user's password. I'm looking for a practical reason for doing so.

Source: (StackOverflow)

OpenLDAP, Samba and password aging

I'm configuring a system in which all IT resources are available through a single user-password pair, be it access to shell on the servers, logging to Samba domain, WiFi, OpenVPN, Mantis, etc. (with access to specific services governed by group membership or user object fields). Because we have personal data in our network, we need to implement password aging, as per the EU Data Protection Directive (or rather the Polish version of it).

The problem is that Samba and POSIX accounts in LDAP use different password hashing and aging information. While synchronizing the passwords themselves is easy (the ldap password sync = Yes in smb.conf), adding password aging to the mix breaks things: Samba doesn't update shadowLastChange. Together with obey pam restrictions = Yes creates a system in which a windows user can't change aged password, but if I don't use it, home directories won't be automatically created. The alternative is to use use LDAP extended operation for password changing, but the smbk5pwd module doesn't set it either. What's worse, the OpenLDAP maintainer won't update it/accept patches as this field is considered deprecated.

So, my question is, what is the best solution? What are the up- and downsides of them?

  1. Use LDAP ppolicy and internal LDAP password aging?

    1. How well does it work with NSS, PAM modules, samba, other systems?
    2. Do the NSS and PAM modules need to be configured in special way to use ppolicy, not shadow?
    3. Does GOsa² work with ppolicy?
    4. Are there other administrative tools that can work with ppolicy-enabled LDAP?
  2. Hack together a change password script that updates the field in LDAP. (leaving the possibility that the user himself will update the field without changing password)

Source: (StackOverflow)

How to remove ourselves from nudity blacklists? [duplicate]

This question already has an answer here:

We recently bought our domain. It turns out, two generations ago, it was a porn site.

Now we're still blocked in some filters, resulting in blocked pages at several corporate routers.

I'm now sending mails out to some of those filters, but is there a general way of whitelisting?

Source: (StackOverflow)

How to redirect domain A to domain B using A-Records and CNAME records only

I have 2 domains hosted with different hosts. I need to redirect Domain A to Domain B. Unfortunately I can't do a 301 redirect from Host A, but can only modify/add DNS entries (A-Records and CNAMEs) at Host A.

Surely it is possible to redirect www.DomainA.com to www.DomainB.com using only A-records and CNAMEs?

At present, the DNS entries are:

DomainA.com.    3600    IN    SOA       ns1.HostA.net.
www             3600    IN    CNAME     www.DomainB.com.    
DomainA.com.    3600    IN    NS        ns1.HostA.net.  
DomainA.com.    3600    IN    NS        ns2.HostA.net.  
DomainA.com.    3600    IN    NS        ns3.HostA.net.

I want to redirect

DomainA.com -> DomainB.com
*.DomainA.com -> *.DomainB.com

I've tried the suggestion from this other post but it didn't work.

How can I achieve this only with A-Records and CNAMEs please? Thank you for your advice.


Source: (StackOverflow)

Is the hostname part of HTTP(S) URLs truly case-insensitive?

Is it safe to use http(s)://CompanyName.com/xyz as URL (e.g. for branding purposes) without any changes to the service-side configs?

I know that DNS is case-insensitive, but could there still be side-effects? I am thinking of e.g. various parts of the chain failing to match CompanyName.com ~ companyname.com:

  • Some web backend might fail to match
  • Some load balancer/proxy/cache/application layer firewall might fail to match
  • Some client might apply same-origin policies wrongly
  • Some client might fail to match in certificate checks
  • While DNS is generally case-insensitive, could IDNs change the picture?

Anyone experienced those or other issues with capitals in the hostname part of URLs?

[edit] @Michael Hampton pointed out that, according the the HTTP standards, the hostname IS case-insensitive, but some software is non-compliant in this regard.

I try to get a sense of how prevalent non-compliant software is, in particular clients. I assume all recent major browsers are fine, but what e.g. about mobile apps? (Should I better split this off into a separate SF question?) [/edit]

Source: (StackOverflow)

How come com can't be resolved?

I realize how some might think this isn't exactly constructive, buuuut, I was wondering how come you can't resolve com, org, us, ru, or any other top level domain? I am taking this is as a learning exercise because there might be some holes in my understanding of how DNS works. For example, I tried;

nslookup com
Server:    dns.server.com

*** dns.server.com cant find com: Non-existent domain

I always thought that all other sites under the .com top level domain depended on the existence of an actual domain name called com. At the very least, I thought it kept track of existing domains under the .com domain. What am I missing?

Source: (StackOverflow)

How to test DNS glue record?

Hello I have just set up a DNS server for my domain example.org with 2 name servers ns1.example.org and ns2.example.org. I have attempted to set up a glue record for ns1 and ns2 at my registrar.

It seems to work for now when I do a dig example.org but when I do a whois example.org it lists ns1.example.org and ns2.example.org but not their IP address which should be set up as a glue record.

So I am wondering how do I check for the existence of a glue record? Do I do it with whois? I have seen .com and .net whois records that have both the domain name as well as the IP address for the name servers, is .org different? What's the proper way to test this?


Source: (StackOverflow)

Create Unix Named Socket from the Command Line

Is there a command similar to mkfifo but for domain sockets?

Source: (StackOverflow)

Check if user password input is valid in Powershell script

I am working with a Powershell script that adds scheduled tasks to systems in our domain. When I run this script, it will prompt me for my password. I sometimes fat finger the password and the process starts, which locks out my account. Is there a way to verify my credentials to make sure that what I typed in will validate with the Domain?

I'd like to find a way to query the Domain controller. I've done some Google searches and I should be able to do a WMI query and trap for an error. I would like to avoid that style of validation if possible.

Any ideas? Thanks in advance.

Source: (StackOverflow)

How to find all hostnames in DNS attached to one IP?

If I have multiple hosts configured on one machine (a la apache's VirtualHosts), how can I do a lookup on the IP and find all domains configured to reach it?

For example, I have several web and email domains hooked-to my server. How can I find all domains that point to it?

Is it even possible?

I have DNS A entries for all the domains I own, plus I know some friends' domains point to my server. What I'd like to see is if folks I don't know about are pointing there, too. (Or if someone has repointed their domain elsewhere, and I can delete their 'old' website from my server.)

Source: (StackOverflow)

How should I setup separate MX records for a subdomain?

Let's say I have a domain that I run a web application on, for example cranketywidgets.com, and I'm using Google Apps for handling email for people working on that domain, for example, support@ cranketywidgets.com, jane@cranketywidgets.com, joe@cranketywidgets.com and so on.

Google's own mail services aren't always the best for sending automated reminder emails, comment notifications and so on, so the current solution I plan to pursue is to create a separate subdomain called mailer.cranketywidgets.com, run a mail server off it, and create a few accounts specifically for sending these kinds of emails.

What should the MX records and A records look like here for this?

I'm somewhat confused by the fact that MX records can be names, but that they must eventually resolve to an A record. What should the records look like here?

cranketywidgets.com - A record to actual server like

cranketywidgets.com - MX records for Google's email applications

mailer.cranketywidgets.com - MX name pointing to server's IP address

I would greatly appeciate some help on this - the answer seems like it'll be obvious, but email spam is a difficult problem to solve.

Source: (StackOverflow)

Why doesn't Kosovo have its own ccTLD yet?

Why is it that Kosovo still hasn't got its own ccTLD?

Kosovo is (semi)-independent, from Serbia (former Yugoslavia), since 2008. Montenegro is independent since 2006. Montenegro has the .me domain since its year of independence.

Even Palestine (which isn't fully recognized) has its own ccTLD.

Source: (StackOverflow)

How do I convince my company to invest in IT - domains, security, etc.?

I work for a small-medium size retailer which has half a dozen high street stores and a website.

The IT situation is currently in a very basic state. As being "Head of IT" is only a small part of my job description and the last on the list I haven't been able to put as much time into it as I would like.

We have around 50 computers and 14 Windows tills on our network (30 inside the head office, 20 external stores, warehousing and laptops). This is all built on a Workgroup network and all sites are connected together over a very basic router level VPN setup with subnets for each store.

Therefore I can not manage anything, check computers are secure, do any auditing, ensure updates are installed, manage Wi-Fi for guest devices or check anything.

I would really like a domain and, but after telling my boss, he says it's not worth it as:

  • We have coped for years with a workgroup without an issue
  • Employees can be trusted
  • If I left or was not available when something broke, then no one would be able to understand how it works
  • Setup costs for new hardware and licensing for a domain are very high. (We currently just buy prebuilt OEM Windows PC's and then the odd retail Office licenses)
  • As domains are centrally managed, if a major issue occurred it could stop all computers from working. (Unlike a workgroup where if just one computer dies then everything else is fine and doesn't affect anyone else's work.)

I don't know how to stress how serious the security aspects are that we have no domain. Anyone can access content if they connect to our Wi-Fi, anyone can access content from any PC as users do not have passwords installed, shared folders can be seen by anyone and deleted with no logs to show or backup. I am not sure how PCI compliant we are or if we are compliant for auditors. I have been told to ignore this and not to worry.

As "Head of Internal IT Infrastructure" is on my job description, I also don't want to be found accountable if we get a data breach or a legal suit comes against us.

How can I show that things need to change and my time and extra money needs to be spent on this? For a company of our size, perhaps a full time network administrator would be needed. Or am I overthinking things and being very selfish for what I would really want and a workgroup will be just fine?

Update: It sounds like I perhaps keep the idea of a domain on back burners and just try some smaller things. For example, ensure updates, virus scans and firewalls are on, ensure passwords are enabled on individuals PCs, enable backups on every machine, physical locks on rooms with servers in. I am not sure what to do about network-wide file sharing and Wi-Fi, but that's another question!

Source: (StackOverflow)

If I own a domain do I own all of its sub domains?

If I own a domain do I own all of its sub domains?

For example if I purchase example.com, do I automatically own mail.example.com, blog.example.com, etc?

If I do not own the sub domains, can anyone buy mail.example.com if I own example.com? Do I have a right of first sale if someone tries to buy one of my sub domains?

Finally, do the answers to the above questions apply to all domains in all TLDs, like .org, .net, .ca, .name, etc?

Thank you.

EDIT: According to the .name agreement registration restrictions at


an individual can register a .name domain only if the domain matches the eligibility requirements. There are several eligibility requirements, one of which is that a .name domain must be the real name or identifier of an individual. So, for example, firstname.lastname.name and firstnamelastname.name are both valid. However, lastname.name is not valid because it does not identify an individual. If I registered lastname.name, someone else could mount a challenge based on the eligibility requirements and register otherfirstname.lastname.name. So I do not in fact control the sub domains.

Am I reading that right? Are there similar restrictions on ownership of subdomains in other TLDs?

Source: (StackOverflow)