Question 1: Why Global Catalogue server and Infrastructure operation master shouldn’t be on same server?
Answer: Refer to Why Global Catalog server and Infrastructure Operation Master shouldn’t be on same server
Question 2: What will happen if Global Catalog is down?
Users may not be able to log in if their account is in a different domain and Universal Group memberships are required.
Queries involving the forest-wide search (like finding objects in another domain) will fail.
Outlook and Exchange-related services depending on GC may stop functioning properly.
Question 3: When Global Catalog will not authenticate after 12 hours?
If a Domain Controller with GC is unavailable, cached logon credentials are used.
After the Kerberos ticket expiry (default 12 hours), authentication may fail if the GC is still down.
Question 4: Understanding Global Catalog (Active Directory)
Answer: Refer to Understanding Global Catalog in Active Directory
Question 5: What is the Difference Between GPUpdate and GPUpdate /force?
GPUpdate: Refreshes only the policies that have changed.
GPUpdate /force: Reapplies all policies, regardless of whether they have changed or not.
Question 6: What is Central Store in GPO?
Stored in the SYSVOL folder (
\\domain\SYSVOL\domain\Policies\PolicyDefinitions).Helps ensure consistency of administrative templates across the domain.
Key Components:
PolicyDefinition folders – Store ADMX templates.
ADM – Legacy templates (used in older versions).
ADMX – XML-based administrative template files.
ADML – Language-specific files paired with ADMX.
Question 7: What is GPO refresh interval?
Default refresh interval: 90 minutes with a random offset of 0–30 minutes.
For Domain Controllers: every 5 minutes.
Question 8: What is GPO Processing Order?
Processing Order (Lowest → Highest):
Local
Site
Domain
OU (Organizational Unit)
Precedence and Options:
Block Inherit – Prevents inheritance of GPOs from above.
Enforced – Overrides block inheritance and forces GPO application.
Security Filtering – GPO applies only to specified security groups.
WMI Filter – GPO applies only when system matches WMI query conditions.
Question 9: What is Starter GPO?
A template used to create new GPOs with preconfigured settings.
Useful for maintaining consistency across GPOs.
Question 10: What is AD Delegation Controls?
Allows administrators to delegate specific tasks to non-admin users or groups.
Example: Allow helpdesk staff to reset passwords or create user accounts without giving them full admin rights.
Question 11: Import/Export Firewall policy to GPO from Single Workstation?
Export firewall rules from one workstation (
netsh advfirewall export).Import into GPO using Group Policy Management Editor under Windows Settings → Security Settings → Windows Firewall with Advanced Security.
Question 12: App Locker GPO (Application Control Policy)
Used to define rules for application execution.
Helps block unauthorized software and allow only trusted applications.
Supports rules for Executables, Scripts, Windows Installers, DLLs, and Packaged apps.
