Introduction
Active Directory is a directory that stores information as objects. It includes groups, applications, and devices according to their attributes and names that enable the administrators to manage access and permissions across the network.
This article will cover the Top 30 Active Directory Interview Questions (2023) and their answers. Questions are divided into three categories based on their levels. You can choose according to your need.
Let's Begin!
Most Asked Active Directory Interview Questions
Below are the most asked active directory interview questions and answers.
1. What is Active Directory?
It is a database and set of services that contain critical information about users and computers, including the environment and who is allowed to do what. All this information stored under the AD database makes it easy for the administration and users to find and easy to use.
2. What are the benefits of Active Directory?
The benefits of AD are:
- Security.
- Simple.
- Extensible.
- Resiliency.
3. Define Kerberos.
Kerberos is a widely used computer network authentication protocol that provides security to the service requests between two or more trusted hosts across untrustworthy networks(like the Internet). It is widely used because of the below-listed benefits:
- Single sign-on.
- Secure.
- Mutual authentication.
- Trusted third party.
4. What do you understand by domain in Active Directory?
An Active Directory domain is a grouping of network resources that share common administration and services. Each domain contains a database that will store the object identity information. Domains are grouped in a tree structure; the group of trees is known as an Active Directory forest.
5. List out new features of Active Directory in the latest windows server 2012.
The new features of Active Directory in the latest windows server 2012 are:
- Dynamic Access Control.
- Virtualization.
- Event logs.
- AD Recycle Bin.
- Windows Powershell History Viewer.
- Active Directory Federation Services.
- Group Managed Service Accounts.
- Simplified Management.
- Fine-Grained password policies.
6. Define SYSVOL folder.
The SYSVOL(System volume) folder is an essential part of AD found on each domain controller (DC). The log files and Active Directory database are stored in the SysVOL folder on the server.
The SYSVOL folder is located at C:\Windows\SYSVOL.
7. What is RID Master?
RID is one of the FSMO roles in AD forest. It is responsible for allocating a unique RID sequence or relative IDs to all the domain controllers in its domain. Only one domain controller in each domain will be there that holds this role.
8. What do you understand about ARP?
ARP stands for Address Resolution Protocol, which provides connectivity in the present world. LAN is a group of two or more network devices. Each network device has an IP as one of its addresses, which keeps changing. ARP helps in connecting this IP address with the MAC address of the network device, which creates connectivity.
9. What is Subnet?
A subnet is a short form of the subnetwork where smaller networks are formed by dividing a larger network into smaller networks. This is done to improve a large network's performance and security. It helps in understanding network management. Also, each subnet has its own network address, which means each subnet is considered a separate network.
10. What is the Physical structure of AD?
The physical structure of AD is divided into:
- Domain Controller - A domain controller is a server running an active directory containing a complete replica of the domain database.
- Sites - Grouping of one or more than one subnet used by the replication service to optimize bandwidth.
Also see, Power Electronics Interview Questions
11. What is the location of the AD database?
Microsoft Windows has a centralized database known as AD(Active Directory). It stores information about the user, computers, and other things in the network. The location of the Active Directory is not fixed. It is dependent on various things like the Operating System version, network configuration, etc. Although, in many cases, it is stored in the form of a file named NTDS.DIT, which is on a domain controller.
12. Differentiate between the Enterprise Admin group and Domain Admin Group in the Active Directory.
Let's discuss the Enterprise Admin group vs. the Domain Admin group.
Enterprise admin group | Domain admin group |
---|---|
The enterprise admin group belongs to the administrator's group on all domain controllers in the forest. | Domain admin group belongs to the administrator's group on all workstations and domain controllers at the time they are linked to the domain. |
All members have complete control of all domains in the forest. | All members have complete control of the domain. |
Full control of the forest. | Full control in the domain. |
13. What happens if the replication in AD fails?
Replication in AD is a method of transferring objects from one domain controller to another domain controller. If AD replication fails, then it would lead to inconsistent results or operational failures that depend upon the domain controller who is in charge of the operation.
14. What does Active Directory Recycle Bin do?
The Active Directory Recycle bin is a tool of Windows Server 2008. That is used to recover, by chance, deleted AD objects such as groups, users, computers, or organizational units on a network without using a backed-up AD database. It facilitates the recovery of deleted objects and properties, and services are operated while the restoration is done.
15. List different types of containers.
The two types of containers are Default Containers and Organizational units(OU).
Container or Organizational Units(OU) | Contents |
---|---|
Computers | Computers joined to the domain without a computer account are kept in this container. |
Builtin | Domain local security groups and default service administrator accounts are stored in this container. |
Domain Controllers | This container is the default location for domain controllers. |
Note:
The default containers are created automatically and cannot be deleted.
16. What is contained in system state data?
The System state data contains:
- System files.
- SYSVOL folder.
- Registry.
- Registration Database.
- Startup files.
- Memory page file.
- AD information etc.
17. What is the port number of LDAP?
The port number of Lightweight Directory Access Protocol(LDAP) is 389.The LDAP helps users to find data about persons, organizations, or other resources. It is used in various applications to validate usernames and passwords of the users.
18. Name any three ports used by the Active Directory.
The three ports used by the AD are:
- DNS: port 53 TCP, UDP
- LDAP: port 389 TCP, UDP
- Kerberos: port 88 TCP, UDP
19. In what format is data shown in Active Directory?
In Active Directory, data is stored in the form of objects, including groups, users, applications, etc. It is presented in the form of a hierarchy where AD uses structured data stores for the logical organization of directory information.
20. What do you mean by the term forest in Active Directory?
Forest in AD is a collection of various trees with shared catalogs, application data, domain parameters, and directory schemas. It is the highest level container in the organization within the Active Directory and manages and controls authentication across the organization.
21. What is DNS in AD?
The Domain Name System in Active Directory holds a database to locate services active on that network. Computers use DNS to find Active Directory domain controllers when carrying out any of the key Active Directory operations, such as authentication, updating, or searching.
The three main components of DNS are:
- Domain Controller locator.
- Active Directory DNS objects.
- Active Directory domain names in DNS.
22. What are some common Active Directory issues?
Ans: Some of the common issues that occur in Active Directory are:
- AD can become unresponsive if Active Directory servers are not working properly
- AD databases can become corrupt if the database is not maintained properly or get damaged
23. Compare domain local, global, and universal groups in Active Directory.
The domain local, global, and universal groups are used to manage user access.
- Domain local groups: Permissions are granted to users inside a single domain using domain local groups
- Global groups: Permissions are given to users across multiple domains using global groups
- Universal groups: Permissions are given to users across multiple domains and forests using universal groups
24. List out the components of AD.
Ans: The main components of Active Directory are
- Kerberos - Kerberos is an authentication protocol of Microsoft Windows Server and is used by AD to provide secure access to their networks. It uses a combination of encryption and tickets to allow nodes to communicate over unsecured networks to ensure the identity of each other
- Domain Name System (DNS) - DNS is an active Directory that holds a database of the services active on that network. DNS is used as the domain controller location mechanism by Active Directory Domain Services (AD DS)
- Active Directory Domain Services (AD DS) - AD DS uses DNS name resolution services to allow clients to find domain controllers, and the domain controllers host the directory service to communicate with one another
- Lightweight Directory Access Protocol (LDAP) - It is a protocol used to work with various services within a network
25. What is the use of replication in AD?
The use of replication in AD is to share and update the AD objects from one DC to another DC to increase the availability, data defense, and performance. There are two types of replication in AD.
26. Name the different components of the active directory schema.
The three components of active directory schema are:
1. Classes: Attributes are organized into object classes in an Active Directory Schema. In an Active Directory structure, there are three different classes:
- Structural class
- Abstract class
- Auxilliary class
2. Objects: Objects is the basic element of Active Directory that represents resources present in the AD network, such as users, printers, applications, a group, or a computer.
3. Attributes: In the Active Directory environment, attributes are the entities that are used to hold data/information about the objects.
27. What is the use of APIPA?
Automatic Private IP Addressing is a feature of operating systems used by DHCP clients to automatically assign an Internet Protocol address to itself if there is no DHCP(Dynamic Host Configuration Protocol) server available to perform that function.
Also see,System Design Interview Questions
28. On which factors Active Directory Domain Services are dependent?
AD Domain Services depend on the directory database, name resolution, the replication topology, network connectivity, the replication engine, authentication, and authorization.
29. What is the difference between a domain and a forest?
A domain is a logical grouping of users, computers, and other resources while a forest is a collection of one or more domains that share a common schema, configuration, and Global Catalog.
30. What is the role of the RID Master in Active Directory?
The RID Master is responsible for assigning Relative Identifiers (RIDs) to objects in Active Directory. RIDs are unique identifiers that are used to identify objects in Active Directory. The job of RID Master is to ensure that no two objects in Active Directory have the same RID.