Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
Most Asked Active Directory Interview Questions
2.1.
1. What is Active Directory?
2.2.
2. What are the benefits of Active Directory?
2.3.
3. Define Kerberos.
2.4.
4. What do you understand by domain in Active Directory?
2.5.
5. List out new features of Active Directory in the latest windows server 2012.
2.6.
6. Define SYSVOL folder.
2.7.
8. What do you understand about ARP?
2.8.
9. What is Subnet?
2.9.
10. What is the Physical structure of AD?
2.10.
11. What is the location of the AD database?
2.11.
12. Differentiate between the Enterprise Admin group and Domain Admin Group in the Active Directory.
2.12.
13. What happens if the replication in AD fails?
2.13.
14. What does Active Directory Recycle Bin do?
2.14.
15. List different types of containers.
2.15.
16. What is contained in system state data?
2.16.
17. What is the port number of LDAP?
2.17.
18. Name any three ports used by the Active Directory.
2.18.
19. In what format is data shown in Active Directory?
2.19.
20. What do you mean by the term forest in Active Directory?
2.20.
21. What is DNS in AD?
2.21.
22. What are some common Active Directory issues?
2.22.
23. Compare domain local, global, and universal groups in Active Directory.
2.23.
24. List out the components of AD.
2.24.
25. What is the use of replication in AD?
2.25.
26. Name the different components of the active directory schema.
2.26.
27. What is the use of APIPA?
2.27.
28. On which factors Active Directory Domain Services are dependent?
2.28.
29. What is the difference between a domain and a forest? 
2.29.
30. What is the role of the RID Master in Active Directory? 
3.
Frequently Asked Questions
3.1.
What are the basic interview questions for Active Directory?
3.2.
How do I prepare for an interview with Active Directory?
3.3.
What are the 3 main components of an Active Directory?
3.4.
What is Active Directory used for?
4.
Conclusion
Last Updated: Jun 20, 2024
Medium

Active Directory Interview Questions

Introduction

Active Directory is a directory that stores information as objects. It includes groups, applications, and devices according to their attributes and names that enable the administrators to manage access and permissions across the network.

active directory interview questions

This article will cover the Top 30 Active Directory Interview Questions (2023) and their answers. Questions are divided into three categories based on their levels. You can choose according to your need.

Let's Begin!

Most Asked Active Directory Interview Questions

Below are the most asked active directory interview questions and answers.

1. What is Active Directory?

It is a database and set of services that contain critical information about users and computers, including the environment and who is allowed to do what. All this information stored under the AD database makes it easy for the administration and users to find and easy to use.

2. What are the benefits of Active Directory?

The benefits of AD are:

  • Security.
     
  • Simple.
     
  • Extensible.
     
  • Resiliency.

3. Define Kerberos.

Kerberos is a widely used computer network authentication protocol that provides security to the service requests between two or more trusted hosts across untrustworthy networks(like the Internet). It is widely used because of the below-listed benefits:

  • Single sign-on.
     
  • Secure.
     
  • Mutual authentication. 
     
  • Trusted third party.

4. What do you understand by domain in Active Directory?

An Active Directory domain is a grouping of network resources that share common administration and services. Each domain contains a database that will store the object identity information. Domains are grouped in a tree structure; the group of trees is known as an Active Directory forest. 

5. List out new features of Active Directory in the latest windows server 2012.

The new features of Active Directory in the latest windows server 2012 are:

  • Dynamic Access Control.
     
  • Virtualization.
     
  • Event logs.
     
  • AD Recycle Bin.
     
  • Windows Powershell History Viewer.
     
  • Active Directory Federation Services.
     
  • Group Managed Service Accounts.
     
  • Simplified Management.
     
  • Fine-Grained password policies.
     

6. Define SYSVOL folder.

The SYSVOL(System volume) folder is an essential part of AD found on each domain controller (DC). The log files and Active Directory database are stored in the SysVOL folder on the server.

The SYSVOL folder is located at C:\Windows\SYSVOL.
 
7. What is RID Master?

RID is one of the FSMO roles in AD forest. It is responsible for allocating a unique RID sequence or relative IDs to all the domain controllers in its domain. Only one domain controller in each domain will be there that holds this role.

8. What do you understand about ARP?

ARP stands for Address Resolution Protocol, which provides connectivity in the present world. LAN is a group of two or more network devices. Each network device has an IP as one of its addresses, which keeps changing. ARP helps in connecting this IP address with the MAC address of the network device, which creates connectivity.

9. What is Subnet?

A subnet is a short form of the subnetwork where smaller networks are formed by dividing a larger network into smaller networks. This is done to improve a large network's performance and security. It helps in understanding network management. Also, each subnet has its own network address, which means each subnet is considered a separate network.

10. What is the Physical structure of AD?

The physical structure of AD is divided into:

  • Domain Controller - A domain controller is a server running an active directory containing a complete replica of the domain database. 
     
  • Sites - Grouping of one or more than one subnet used by the replication service to optimize bandwidth.
     

Also see, Power Electronics Interview Questions

11. What is the location of the AD database?

Microsoft Windows has a centralized database known as AD(Active Directory). It stores information about the user, computers, and other things in the network. The location of the Active Directory is not fixed. It is dependent on various things like the Operating System version, network configuration, etc. Although, in many cases, it is stored in the form of a file named NTDS.DIT, which is on a domain controller. 

12. Differentiate between the Enterprise Admin group and Domain Admin Group in the Active Directory.

Let's discuss the Enterprise Admin group vs. the Domain Admin group.

Enterprise admin groupDomain admin group
The enterprise admin group belongs to the administrator's group on all domain controllers in the forest.Domain admin group belongs to the administrator's group on all workstations and domain controllers at the time they are linked to the domain.
All members have complete control of all domains in the forest.All members have complete control of the domain.
Full control of the forest.Full control in the domain.

13. What happens if the replication in AD fails?

Replication in AD is a method of transferring objects from one domain controller to another domain controller. If AD replication fails, then it would lead to inconsistent results or operational failures that depend upon the domain controller who is in charge of the operation.

14. What does Active Directory Recycle Bin do?

The Active Directory Recycle bin is a tool of Windows Server 2008. That is used to recover, by chance, deleted AD objects such as groups, users, computers, or organizational units on a network without using a backed-up AD database. It facilitates the recovery of deleted objects and properties, and services are operated while the restoration is done.

15. List different types of containers.

The two types of containers are Default Containers and Organizational units(OU).

Container or Organizational Units(OU)Contents
ComputersComputers joined to the domain without a computer account are kept in this container.
BuiltinDomain local security groups and default service administrator accounts are stored in this container.
Domain ControllersThis container is the default location for domain controllers.

Note:

The default containers are created automatically and cannot be deleted.

16. What is contained in system state data?

The System state data contains:

  • System files.

 

  • SYSVOL folder.

 

  • Registry.

 

  • Registration Database.

 

  • Startup files.

 

  • Memory page file.

 

  • AD information etc.

17. What is the port number of LDAP?

The port number of Lightweight Directory Access Protocol(LDAP) is 389.The LDAP helps users to find data about persons, organizations, or other resources. It is used in various applications to validate usernames and passwords of the users.

18. Name any three ports used by the Active Directory.

The three ports used by the AD are:

  • DNS: port 53 TCP, UDP
     
  • LDAP: port 389 TCP, UDP
     
  • Kerberos: port 88 TCP, UDP

19. In what format is data shown in Active Directory?

In Active Directory, data is stored in the form of objects, including groups, users, applications, etc. It is presented in the form of a hierarchy where AD uses structured data stores for the logical organization of directory information.

20. What do you mean by the term forest in Active Directory?

Forest in AD is a collection of various trees with shared catalogs, application data, domain parameters, and directory schemas. It is the highest level container in the organization within the Active Directory and manages and controls authentication across the organization. 

21. What is DNS in AD?

The Domain Name System in Active Directory holds a database to locate services active on that network. Computers use DNS to find Active Directory domain controllers when carrying out any of the key Active Directory operations, such as authentication, updating, or searching.

The three main components of DNS are:

  • Domain Controller locator.

 

  • Active Directory DNS objects.

 

  • Active Directory domain names in DNS.

22. What are some common Active Directory issues?

Ans: Some of the common issues that occur in Active Directory are:

  • AD can become unresponsive if Active Directory servers are not working properly
     
  • AD databases can become corrupt if the database is not maintained properly or get damaged

23. Compare domain local, global, and universal groups in Active Directory.

The domain local, global, and universal groups are used to manage user access.

  • Domain local groups: Permissions are granted to users inside a single domain using domain local groups
     
  • Global groups: Permissions are given to users across multiple domains using global groups
     
  • Universal groups: Permissions are given to users across multiple domains and forests using universal groups

24. List out the components of AD.

Ans: The main components of Active Directory are

  •  Kerberos - Kerberos is an authentication protocol of Microsoft Windows Server and is used by AD to provide secure access to their networks. It uses a combination of encryption and tickets to allow nodes to communicate over unsecured networks to ensure the identity of each other

 

  • Domain Name System (DNS) - DNS is an active Directory that holds a database of the services active on that network. DNS is used as the domain controller location mechanism by Active Directory Domain Services (AD DS)

 

  • Active Directory Domain Services (AD DS) - AD DS uses DNS name resolution services to allow clients to find domain controllers, and the domain controllers host the directory service to communicate with one another

 

  • Lightweight Directory Access Protocol (LDAP) - It is a protocol used to work with various services within a network

25. What is the use of replication in AD?

The use of replication in AD is to share and update the AD objects from one DC to another DC to increase the availability, data defense, and performance. There are two types of replication in AD.

26. Name the different components of the active directory schema.

The three components of active directory schema are:

1. Classes: Attributes are organized into object classes in an Active Directory Schema. In an Active Directory structure, there are three different classes: 

  • Structural class
     
  • Abstract class
     
  • Auxilliary class

  
2. Objects: Objects is the basic element of Active Directory that represents resources present in the AD network, such as users, printers, applications, a group, or a computer.

3. Attributes: In the Active Directory environment, attributes are the entities that are used to hold data/information about the objects.

27. What is the use of APIPA?

Automatic Private IP Addressing is a feature of operating systems used by DHCP clients to automatically assign an Internet Protocol address to itself if there is no DHCP(Dynamic Host Configuration Protocol) server available to perform that function. 

Also see,System Design Interview Questions

28. On which factors Active Directory Domain Services are dependent?

AD Domain Services depend on the directory database, name resolution, the replication topology, network connectivity, the replication engine, authentication, and authorization.

29. What is the difference between a domain and a forest? 

A domain is a logical grouping of users, computers, and other resources while a forest is a collection of one or more domains that share a common schema, configuration, and Global Catalog.

30. What is the role of the RID Master in Active Directory? 

The RID Master is responsible for assigning Relative Identifiers (RIDs) to objects in Active Directory. RIDs are unique identifiers that are used to identify objects in Active Directory. The job of RID Master is to ensure that no two objects in Active Directory have the same RID.

Frequently Asked Questions

What are the basic interview questions for Active Directory?

Common Active Directory interview questions include:

  • What is Active Directory?
  • Explain the difference between a domain and a forest.
  • How do you create a user account in AD?
  • What are Group Policies?
  • Describe FSMO roles.
  • How do you troubleshoot AD replication issues?
  • Define LDAP and Kerberos.

How do I prepare for an interview with Active Directory?

To prepare for an Active Directory interview:

  • Review AD basics and concepts.
  • Understand AD roles, components, and functions.
  • Practice common AD tasks.
  • Study AD-related technologies (DNS, LDAP).
  • Be ready for troubleshooting scenarios.
  • Highlight relevant experience and certifications.

What are the 3 main components of an Active Directory?

The three main components of Active Directory (AD) are:

  • Domains: Logical units for organizing objects.
  • Domain Controllers: Servers that store AD data and authenticate users.
  • Active Directory Database: Stores user, computer, and other objects' information.

What is Active Directory used for?

Active Directory (AD) is used for centralizing network management in Windows environments. It stores information about network resources, manages user accounts, authentication, and security policies, allowing efficient administration and access control in a Windows-based network.

Conclusion

In conclusion, preparing for an Active Directory interview involves understanding its key concepts, components, and related technologies. Being well-versed in common AD tasks, troubleshooting scenarios, and highlighting relevant experience can help candidates succeed in the interview process.

Read out more articles on similar topics for further reading:

You can also consider our Interview Preparation Course to give your career an edge over others.
 

Live masterclass