Active Directory interview question Answer

1. Define what is Active Directory ?

  Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user information, computerinformation and also other network object info. It has capabilities to manage and administor the complite Network which connect with AD.

2. Define what is Active Directory Domain Services ?

 In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to ADDS, but the information is also applicable to Active Directory.

3. Define what is domain ?

  A domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to thedomain to gain access to the resources, which may be located on a number of different servers in the network. The ‘domain’ is simply  your computer address not to confused with an URL. A domain address might look something like 211.170.469.

4. Define what is domain controller ?

  A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) withinthe Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

5. Define what is LDAP ?

 Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.

 ACTIVE DIRECTORY Interview Questions

6. Define what is KCC ?

 KCC ( knowledge consistency checker ) – It generates the replication topology by specifying Define what domain controllers willreplicate to which other domain controllers in the site. The KCC maintains a list of connections, called a replication topology, to otherdomain controllers in the site. The KCC ensures that changes to any object are replicated to all site domain controllers and updates gothrough no more than three connections. Also an administrator can configure connection objects..

7. Where is the AD database held ? Define what other folders are related to AD?

 By default AD data base is stored in c:\windows\ntds\NTDS.DIT. SYSVOL & NETLOGON are other folders related to AD DS.

8. Define what is the SYSVOL folder?

 System Volume (Sysvol) is a shared directory that stores the server copy of the domain’s public files that must be shared for commonaccess and replication throughout a domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS). Network clients access the contents of the SYSVOL tree by using the NETLOGON and SYSVOL shared folders. Sysvol uses junction points-a physical location on a hard disk that points to data that is located elsewhere on your disk or other storage device-to manage a single instance store.

9. Define what is the Netlogon folder in AD DS and Define what is it used for?

 The NETLOGON share is pointing to %SystemRoot%\sysvol\sysvol\{DOMAIN}\scripts folder on DC, and it’s main purpose is forstoring logon scripts.

 Differentiate between NTFS & FAT.

NTFS is the current file system used by Windows. It offers features like securitypermissions (to limit other users' access to folders), quotas (so one user can't fill up thedisk), shadowing (backing up) and many other features that help Windows.FAT32 is the older Microsoft filesystem, primarily used by the Windows 9X line and Windowcould be installed on a FAT32 parition up to XP. In comparision, FAT32 offers none of whatwas mentioned above, and also has a maximum FILE (not folder) size of 4GB, which is kindof small these days, especially in regards to HD video.

2) What Is VOIP.

VOIP - Short for Voice Over Internet Protocol, a category of hardware and software thatenables people to use the Internet as the transmission medium for telephone calls bysending voice data in packets using IP rather than by traditional circuit transmissions.

3) What is loop back.

Loopback address is 127.0.0.1,An address that sends outgoing signals back to the same computer for testing.

4) What is Proxy Server.

 A proxy server is a computer that acts as a gateway between a local network (e.g., all thecomputers at one company or in one building) and a larger-scale network such as theInternet. Proxy servers provide increased performance and security. In some cases, theymonitor employees' use of outside resources.

5) Differentiate between FIREWALL/ANTIVIRUS.Antivirus:

The prime job of an anivirus is protect your system from computer viruses. Your computermay be standalone or part of network or connected to Internet you need an antivirusprogram. It actively monitors when you are using your system for any virus threat fromdifferent sources. if it found one it tries to clean or quarantine the virus ultimately keepingyour system and data safe.

Firewall: 

Firewall is in other hand a program which protects your system fromoutsider/intruder/hacker attacks. These attacks may not be virus type. In some caseshackers can take control of your system remotely and steal your data or importantinformation from system. If your system is directly connected to internet or a large networkthan you can install a software firewall in your PC to protect your self from unauthorizedaccess. Firewall is available either in software or in hardware form. For a single PC you mayneed a software firewall while a large corporate implements hardware firewall to protect allof their systems from such attacks.

6) Differentiate between Frond end & Back End Server.Backend server:

A back end server is a computer resource that has not been exposed to the internet. Inthis regard the computing resource does not directly interact with the internet user. It canalso be described as a server whose main function is to store and retrieve email messages.

Frontend server:

 A frontend server is a computer resources that has exposed to the internet.

7) What is APIPA.

Stands for Automatic Private IP AddressingAPIPA is a DHCP fail over mechanism for local networks. With APIPA, DHCP clients canobtain IP addresses when DHCP servers are non-functional.APIPA exists in all modern versions of Windows except Windows NT.When a DHCP server fails, APIPA allocates IP addresses in the private range 169.254.0.1 to169.254.255.254.

8) How Release and renew IP address from Command prompt.

Ipconfig / releaseipconfig / renew

9) What is wins server.

Windows Internet Name Service (WINS) servers dynamically map IP addresses to computernames (NetBIOS names). This allows users to access resources by computer name insteadof by IP address. If you want this computer to keep track of the names and IP addresses of other computers in your network, configure this computer as a WINS server.If you do not use WINS in such a network, you cannot connect to a remote networkresource by using its NetBIOS name.

10)What is the Windows Registry.

The Windows Registry, usually referred to as "the registry," is a collection of databases of configuration settings in Microsoft Windows operating systems.

11) System Volume Information (SVI) Folder.

Windows XP includes a folder named System Volume Information on the root of each drivethat remains hidden from view even when you choose to show system files. It remainshidden because it is not a normally hidden folder you can say it is a Super Hidden Folder.Windows does not shows Super Hidden Folders even when you select "Show Hidden Files."

12 ) What is MBR.

Short form Master Boot Record, a small program that is executed when a computer bootsup. Typically, the MBR resides on the first sector of the hard disk. The program begins theboot process by looking up the partition table to determine which partition to use forbooting

13) What is Bit Locker

.BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows7 and Vista,To encrypt an entire drive, simply right-click on the drive and select Turn on BitLocker fromthe context menu.

14) Difference b/w sata and IDE.

IDE and SATA are different types of interfaces to connect storage devices (like hard drives)to a computer's system bus. SATA stands for Serial Advanced Technology Attachment (orSerial ATA) and IDE is also called Parallel ATA or PATA. SATA is the newer standard andSATA drives are faster than PATA (IDE) drives. For many years ATA provided the mostcommon and the least expensive interface for this application. But by the beginning of 2007, SATA had largely replaced IDE in all new systems.

15)Main Difference Between Windows server 2008 and 2012

1) New Server Manager: Create, Manage Server Groups2) Hyper-V Replication : The Hyper-V Replica feature allows you to replicate a virtualmachine from one location to another with Hyper-V and a network connection—and without

If you new to Windows server 2012 and 2012 R2 you might find difficulty to run some of the essential tasks like, Run, CMD, and even to shut down and logoff the server, how do we do a basic  server administration work on Windows server 2012? Even administrative tool are removed, unable to see run, CMD and start menu in Windows server 2012,

Windows server 2012 comes with a new GUI which hides the most essential buttons and tools like Start menu, Run, Command prompt, shutdown, Restart, logoff and many more, just want share Shortcut Keys for Windows server 2012 to make life easier

Start screen – Windows Key

Charms bar – Windows Key + C

Run – Windows Key + R

CMD – Windows Key + R – CMD

Command Prompt with Admin access – Windows Key + X + A

Start Menu – Windows Key + X

Shutdown- Ctl+Alt+Del, select Power button in the lower right corner

Logoff/lock/Task Manager –   Ctl+Alt+Del

Control Panel – Windows Key + X + P

Task Manager – Windows Key + X + T

Computer Management – Windows Key + X + G

Divice Manager – Windows Key + X + M

Event Viewer – Windows Key + X + V

Disk Management – Windows Key + X + K

Windows Explorer – Windows Key + X + E

Search – Windows Key + X + S

System – Windows Key + X + Y

Programs and Features – Windows Key + X + F

Powershell – Windows Key Powershell

Active Directory Health Check

How to perform active directory health check: As an administrator you have to check your active directory health daily to reduce the active directory related issues, if you are not monitoring the health of your active directory what will happen

Let’s say one of the Domain Controller failed to replicate, first day you will not have any issue. If this will continue then you will have login issue and you will not find the object change and new object, that’s created and changed in other Domain Controller this will lead to other issues

If the Domain Controller is not replicated more then 60 day’s then it will lead to Lingering issue

Command to check the replication to all the DC’s(through this we can check Active Directory Health)

Repadmin /replsum /bysrc /bydest /sort:delta

You can also save the command output to text file, by using the below command

Repadmin /replsum /bysrc /bydest /sort:delta >>c:replication_report.txt

How to check Active Directory replication

The RPC server is unavailable.

Some time you will get the below status through repamin command

1. Active Directory replication has been preempted.
2. Replication posted, waiting.
3. Server busy

All the above status are related to replication progressing without any major issues, but we don’t know about the exact status

check the active directory replication on test0005

1. Run the “repadmin /showreps /v” on test0005
a. Check for respective connection object and partition (domain partition)
b. Check the USN value on /OU /PU
c. Find the below result

2. Check after some time if the value increase then the replication happening, as per the below screenshot replication happening because the USN: /OU value changing

3. Also check other partition for the same server, for up to date USN, find the screenshot for configuration partition.

4. In order to complete the replication this USN /OU value should reach USNs: 262820263/OU

5. If this USN /OU value not changed for long time then replication failed (replication not progress) please check for event log for more info.

This procedures are mainly used to check The high-watermark value, it can help you deduce the state of progress on that replication link

Differences between Windows Server 2012 R2 Hyper-V and Hyper-V Server 2012 R2

Sound’s confusing right? We have two different versions of Hyper-V, one is Microsoft Hyper-V Server 2012 R2, it’s a standalone version of Windows Server 2012 R2 Hyper-V (standalone hypervisor) and second one is Hyper-V can be installed on top of Windows Server and licensing Difference on each versions

Microsoft Hyper-V Server 2012 R2

Hyper-V Server 2012 R2 is free, yes it’s completely free to download and install, and hypervisor license is free however still need a license for the virtual machines that you will be running on top of the hypervisor

We can build our own virtual environment for free with Hyper-V Server 2012 R2, install standalone Hyper-V Server 2012 R2 and create as many virtual machines, if you already having your virtual machines operating system licenses then no need to buy any more licenses

User Interface

Hyper-V Server 2012 R2 has a limitation, its litter version on GUI and you can able to do very limited configuration task on the server console

Then how do we manage Hyper-V Server 2012 R2? We have multiple other options to manage the Hyper-V Server, manage virtual machines through PowerShell, Hyper-V Manager to connect the Hyper-V Server and manage the Hyper-V Server through System Center Virtual Machine Manager

Other Features

Hyper-V Server 2012 R2 is not come with a GUI, however Hyper-V Server is not light on features, you can configure failover cluster for free using Hyper-V Server 2012 R2.

Windows Server 2012 R2 Hyper-V

Windows Server 2012 R2 standard Edition allows you to have 2 VMs running Windows Server 2012 R2

Windows Server 2012 R2 Datacenter Edition allows you to have unlimited number of VMs running Windows Server 2012 R2, you can install Windows Server 2012 R2 onto a physical box and then install Hyper-V, as many virtual machines can be created on that host server. No need to pay any additional operating system licensing fees so long as the VM’s are running Windows Server 2012 R2 Datacenter Edition

User Interface

No limitation on user interface and you can all configuration and others task on GUI mode

Which is best, Hyper-V Server 2012 or Windows Server 2012?

It depends on the requirement and licenses needs, if you want to host VMs that are already licensed then Hyper-V Server is the best choice, If you want dedicated hypervisor to consolidating large numbers of virtual machines then Hyper-V Server 2012 R2 is way to go and the core hypervisors are completely identical

If you want to create new virtual machines then you are probably better off using Windows Server 2012 R2, you will get the 2 VM licenses on standard Edition and unlimited licenses on Datacenter Edition

Conclusion

With the help of new Hyper-V Server 2012 R2 Microsoft hypervisor is finally starting to maturing and gives the features to compelling alternative to some of the other hypervisors in the market

Active Directory Features in Windows Server 2012

Active Directory 2012 features on Windows Server 2012 and R2: I am going to discuss about Windows Server 2012 Active Directory feature, as per my understanding newer version has not have many new features however Microsoft has improved the features of Active Directory 2008 in Active Directory 2012 List of improvement compare to the earlier version Active Directory 2008, also

Active Directory 2012 features

Virtualization

Virtualization and cloud computing is the emerging technology in an IT infrastructure over the past few year, I personally never thought of having virtual Active directory environment, if you are restoring AD database from snapshot image it won’t reset the Invocation ID it will lead to database version mismatch with other Domain controllers and stop replicationSupport virtual snapshot, Active Directory 2012 Virtualization feature correctly resets the Invocation ID if snapshot is applied or a VM copied using the VM generation ID

Support virtual clone, we can clone existing virtual domain controllers without any issue and this will reduces the number of steps and time involved by eliminating repetitive deployment tasks

Simplifies Active Directory Upgrades and Deployments

Dcpromo not available in Active Directory 2012! Yes Active Directory Domain Services Installation Wizard is relocated in Server Manager is replaced the Dcpromo command

Forest preparation and domain preparation happens automatically (Forestprep and ADprep) while doing Server 2012 DC installation, still if you wish you can do manually using commands Adprep, /forestprep, /domainprep and /rodcprep

Dynamic Access Control

Native access control require a user or a group needs to be add to file/folder NTFS permission to get an access, in windows 2012 claims-based authorization is it’s not replaced the existing model however if added new features to an existing system

If the user department is accounts in Active directory, user able to access the accounts related data’s from file servers using Dynamic Access Control feature

Customised audit policies

You can fine-tune the audit policies as per your requirement, not only monitor the file access success or failure but also what actions were carried out or attempted on the file, like read, write, delete, change file permissions and so on. You can narrow down the scope of the file auditing to specific users or groups of users, using configure the “Global Object Access Auditing” policy within a GPO

Event logs

If you enable auditing for multiple items and configuring the customised audit policies, then security logs will grow faster, by default the log will overwrite old events when it runs out of space, most organisations uses the third party application to backup the event logs and store it to centralized repository, in windows 2012 you can select the option “Archive the log when full, do not overwrite events” so you can examine the old logs and of course you require a enough disk space to store the logs

Offline Domain Join

Offline Domain Join is improved in Windows Server 2012 AD DS, over the internet we can join the computer to domain if the domain is DirectAccess enabled

Active Directory Federation Services (AD FS)

Adding ADFS no longer requires a separate installation. ADFS also gains multiple improvements.

Windows PowerShell

Windows PowerShell History Viewer: You will have a ready made command for what action you did in Active Directory Administrative Centre, like if you create a user or add user to group you have command to do the same, this can minimize the learning investment and you can automate the activity very easily

Windows PowerShell Cmdlets for Active Directory Replication and Topology: Am expecting this for a long time, yes we have a PowerShell commands for repadmin, ntdsutil and Active Directory Sites and Services, troubleshoot replication and Create and manage sites, site-links, site-link bridges, subnets and connections using new available Cmdlets

Active Directory Recycle Bin

We can recover deleted object with in graphical user interface through Active Directory Administrative Centr (ADAC), this will reduce the recovery time and simplified the complex procedure

Kerberos Constrained Delegation across Domains (KCD)

KCD was first introduced in Windows Server 2003 to permits a service’s account (front-end) to act on behalf of users in the applications to access back-end services, like web server (front-end) access the database server (back-end) by the user, this only works for back-end services in the same domain as the front-end service-accounts.

The KCD in Windows Server 2012 Supports across-domain, across-forest scenarios, it’s very demanding feature and reduce the pass through authentication load (if you have multi domain and multi forest this will be your future)

Flexible Authentication Secure Tunneling (FAST) 

More secure Kerberos in Windows Server 2012 through Flexible Authentication Secure tunneling, it provides a protected channel between a domain-joined client and DC

Active Directory-Based Activation (ADBA) 

This will eliminates the need for Key Management Service (KMS) servers, No additional machines required and No RPC requirement Active Directory-based activation uses LDAP exclusively

AD FS (v2.1) ships in-the-box as a server role in Windows Server 2012 and is able to populate SAML tokens with user- and device-claims taken directly from the Kerberos ticket

And RID improvements, index creation improvements and many more…..

Difference between windows server 2012 and R2

Windows server 2012 R2 brings many new features and enhancements to windows server world compared to older version windows server 2012, will discuss major difference between windows server 2012 and windows server 2012 R2 and some of the very innovative Windows Server 2012 R2 Features and improvements

Windows Server 2012 Schema version is 56 and Windows Server 2012 R2 is 69, schema will be updated while doing Forest preparation/installing Windows Server 2012 R2

Active Directory comes first when I think about windows server, will start with Active Directory new features on Windows Server 2012 R2

Active Directory has been enhanced with the following

Join the Workplace (Workplace Join)

SSO Support (Single Sign-On)

Connect from Anywhere with Web Application Proxy

Multi-Factor Access Control (Anywhere-and-on-Any-Device)

Workplace Join

Workplace Join is allows user to connect/join their personal devices with their company’s workplace network and computers to access resources and services, yes now we can connect our personal device like mobile phone/tablets and other device(Windows 8.1, iOS 6.0 +, and Android 4.0 + devices can be joined by using Workplace Join)

It’s not like a Domain Joining, when a device is joined to your workplace, it becomes a known device and provides seamless second factor authentication through Single Sign On to access the workplace resources and applications.

Workplace Join through the Device Registration Service, Device Registration Service (DRS) is part of the Active Directory Federation, creates a device object in Active Directory, and tracks the associated device’s certificate in order to represent the device’s identity.

SSO Support (Single Sign-On)

Effectively using Single Sign-On (SSO), user no needs to provide their user name and password while accessing the different application event the outside the office network, again this uses the Device Registration Service and Active Directory Federation roles allows claims-based authentication to occur based on trusted certificates

Web Application Proxy

Remote Access role service is replaced by web application proxy in Windows Server 2012 R2, this will provide access to a sample web application by using claims-based authentication using Active Directory Federation authentication

Company application can be accessed anywhere with the help of Web Application Proxy in a secured way

Multi-Factor Authentication

Multi-Factor Authentication is nothing but the authenticating user and the device used by the user, user and user personal device joined through Workplace Join are authenticated

New DNS Features on windows server 2012 R2

DNS Logging and Diagnostics

Unlike the older windows versions, enabling DNS logging will not degrading the server performance through enhanced DNS logging and diagnostics feature, this will provides extremely detailed data about all DNS related information that is sent & received by the DNS server, similar to the data that can be gathered using network packet capture tools such as Netmon, this included the DNS Audit events and DNS Analytic events very helpful for troubleshooting

New Group Policy Features in Windows Server 2012 R2

Policy Caching

Policy Caching is newly introduced In Windows Server 2012 R2, when Group Policy gets updated, client gets the latest version of a policy from the domain controller, and writes the policy to a local store. Next time the computer restarted, it reads the most recently version of the policy from the local store, instead of downloading it from the domain controller. This reduces the time it takes to update the policy. Most important the boot time is reduced in synchronous mode

New DHCP Features in Windows Server 2012 R2 

DNS PTR registration options

Now you can configure the DHCP scope to r register only address (A) resource records of DHCP clients with the DNS server. This can be helpful when a reverse lookup zone has not been configured on your DNS server and that causing attempts to register pointer (PTR) resource records to fail.

And most important, PowerShell commands will be available for DHCP servers

Also Windows PowerShell for Certificate Services and Many new Features  in Remote Desktop Services in Windows Server 2012 R2

Other than the Active Directory Features on windows server 2012 R2

Work Folders

You can store and access work files on your personal computers and personal device, similar to Dropbox, this role only available on Windows Server 2012 R2, it’s like an offline file with your personal device and it get replicated to company network, Access your office files while offline from personal device, and then sync with the central file server when the PC or device next has Internet or intranet connectivity,

Windows PowerShell Desired State Configuration

It’s cool new features from Windows Server 2012 R2, to replace the Group policy (GPO)

Yes, it’s similar to Group policy, enables deploying and managing configuration data like registry settings, Enabling or disabling server roles and features, Managing files and directories, Starting, stopping, and managing processes and services, Managing groups and user accounts, Deploying new software, Managing environment variables, Running Windows PowerShell scripts and Discovering the actual configuration state,

Storage Tiering

If you are a storage admin then you know Storage Tiering, yes it’s been there for long time and now this feature available on Windows Server 2012 R2 operating system, this is the first time available at the operating system level. Microsoft uses a heat-map algorithm to determine which chunks of data are seeing the most activity and automatically moves the “hottest” data to the fastest disk. You can adjust the settings using PowerShell.

RRAS Multitenant Gateway

Now you can deploy RRAS as a virtual machine (VM)-based software gateway and router that allows Cloud Service Providers (CSPs) and Enterprises to enable datacentre and cloud network traffic routing between virtual and physical networks

Each site-to-site network connection require a separate gateway in Windows Server 2012, this is impacting both cost and ease of implementation when more than a few connections are required for a single application. Windows Server 2012 R2 does away with this limitation, this can reduce their capital expenditure and operation expenditure

Windows Server Essentials role

Windows Server 2012 R2 Essentials vision is bundled all the required features for small businesses with up to 25 users and 50 devices, when you install the Windows Server Essentials Experience role on other Windows server version, you can take advantage of all the features that are available to you in Windows Server 2012 R2 Essentials without the locks and limits enforced in it.

Difference between windows server 2008 and 2012

I have already discussed Active Directory 2012 Featureson previous article which gives some idea about difference between windows server 2008 and windows server 2012, I will try to list the major difference and new features

Distributed File System (DFS) Replication:

§  On Windows Server 2012 we can use the WMI based methods to manage DFS Replication

§  Database cloning bypass the initial synch when creating a new replicated folders

§  Provides support for rebuilding corrupted database without data loss caused by non-authoritative initial sync

Failover Clustering:

§  Now we can manage large scale clusters using simple GUI based Server Manager(Failover Cluster Manager)

§  Virtual machine can be added to or removed from a failover cluster and other clustered roles

§  Cluster aware software updates across the cluster nodes with high availability

§  Automation can be done using Task Scheduler with Failover Clustering to configure clustered task

§  Many virtualization features and Hyper-V supported on Windows Server 2012 R2 like Hyper-V host to automatically live migrate running virtual machines if the computer is shut down or network disconnection occurs

§  Use of .vhdx files as shared storage and less dependency on Active Directory Domain Services

IP Address Management (IPAM):

§  IPAM is newly added feature in Windows Server 2012, it provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network

Hyper-V:

§  Now we can use Hyper-V for a desktop operating system version,

§  Replicate VM between storage systems, clusters, and data centers in two different sites to provide business continuity and disaster recovery by using Hyper-V replica

§  Improved Hyper-V Network Virtualization (HNV) in Windows Server 2012 R2

Kerberos Authentication:

§  Kerberos token size has been increased, this will reduce the authentication failure due to TGT token size

§  Also the token size been reduced by KDC resource group compression

§  Now we can configure MaxTokenSize registry value through Group policy

§  We can easily manage the Authentication failure due to Kerberos token size, system will log a Warning events for large Kerberos tickets

§  Windows Server 2012 Kerberos Key Distribution Center service can be patched without a system reboot

Group Managed Service Account:

§  Group Managed Service Account is newly added feature in Windows Server 2012, it eliminates managing the service account password, managed domain account that provides automatic password management

Windows PowerShell:

§  No need to load the modules manually like Active Directory to get the specific commands related to the applications, by default all the Active Directory modules are leaded while opening the PowerShell

§  Now PowerShell fully supported, no decency on legacy Windows commands

§  PowerShell support has been extended to Active Directory, DFS, Hyper-V and many more

Windows server 2012 co-existence and migrate/upgrade scenarios

Is windows server 2012 R2 can co-existence with windows server 2003? Can I do in-place upgrade from windows server 2003 or windows server 2008? Which is supported and which is not supported

Do you want to know the answer for all these questions then you are on right page, will discuss more about supported upgrade scenarios

Not supported

In-place upgrade from windows Server 2003 and from 32-bit system and from Server Core Edition are not supported

Windows 2000 Domain Controllers are not supported

Windows NT Domain Controllers are not supported

Supported

Add a new Windows Sevrer 2012 DC in a Windows Server 2003 Forest/Domain

Add a new Windows Server 2012 DC in a Windows Server 2008/2008 R2 Forest/Domain

Supported Upgrade Scenarios

Windows Server 2008 Standard Sp2 or Windows Server 2008 enterprise Sp2 can be upgrade to Windows Server 2012 Standard or Windows Server 2012 Datacentre

Windows Server 2008 Datacentre SP2 can be upgrade to Windows Server 2012 Datacentre

Windows Web Server 2008 can be upgrade to Windows Server 2012 Standard

Prerequisites

Domain Functional Level should be at least Windows 2003 mode. This is the minimum required Domain Functional Level that would allow Windows Server 2012 Domain Controller installation.

Windows NT / 2000 DC’s are not supported

Need to raise a Domain Functional Level to Windows 2003 mode, for that older DC’s like Windows NT and Windows 2000 needs to be removed / decommissioned.

Supported and Not Supported Trust

Anyway Forest Trust not supported on Windows NT / 2000 DC’s, an external trusts can be configure to connect to Windows 2000 Server and Windows NT 4 domains

Note: From Windows Server 2008 onwards “legacy” cryptography algorithms not supported for secure channel communications, hence  external trusts can’t be established Windows NT 4.0 with a Windows Server 2008, or higher, domain controller, this can be rectified through simple registry change however not recommended

Hope this will help you to understand the requirement and prerequisites to Install Windows Server 2012 to your existing environment, what can be possible and what can’t be possible with your current Domain configuratio