61+ Active Directory Interview Questions And Answers

Spread the love

Active Directory Interview Questions

Question 1. Mention What Is Active Directory?

An energetic listing is a listing construction used on Micro-soft Windows primarily based servers and computer systems to retailer information and details about networks and domains.

Question 2. What Is Domains In Active Directory?

In Windows 2000, a website defines each an administrative boundary and a safety boundary for a group of objects which might be related to a selected group of customers on a community. A site is an administrative boundary as a result of administrative privileges don’t lengthen to different domains. It is a safety boundary as a result of every area has a safety coverage that extends to all safety accounts inside the area. Active Directory shops details about objects in a number of domains.
Domains might be organized into parent-child relationships to type a hierarchy. A guardian area is the area instantly superior within the hierarchy to a number of subordinate, or little one, domains. A baby area additionally might be the guardian of a number of little one domains.

Question 3. Mention Which Is The Default Protocol Used In Directory Services?

The default protocol utilized in listing providers is LDAP ( Lightweight Directory Access Protocol).

Question 4. What Is Mixed Mode?

Allows area controllers working each Windows 2000 and earlier variations of Windows NT to co-exist within the area. In blended mode, the area options from earlier variations of Windows NT Server are nonetheless enabled, whereas some Windows 2000 options are disabled. Windows 2000 Server domains are put in in blended mode by default. In blended mode the area might have Windows NT 4.zero backup area controllers current. Nested teams usually are not supported in blended mode.

Question 5. Explain The Term Forest In Ad?

Forest is used to outline an meeting of AD domains that share a single schema for the AD. All DC’s within the forest share this schema and is replicated in a hierarchical style amongst them.

Question 6. What Is Native Mode?

When all of the area controllers in a given area are working Windows 2000 Server. This mode permits organizations to make the most of new Active Directory options corresponding to Universal teams, nested group membership, and inter-domain group membership.

Question 7. Explain What Is Sysvol?

The SysVOL folder retains the server’s copy of the area’s public recordsdata. The contents corresponding to customers, group coverage, and many others. of the sysvol folders are replicated to all area controllers within the area.

Question 8. What Is Ldap?

LDAP is the listing service protocol that’s used to question and replace AD. LDAP naming paths are used to entry AD objects and embody the next:

Distinguished names
Relative Distinguished names

Question 9. Mention What Is Kerberos?

Kerberos is an authentication protocol for community. It is constructed to supply sturdy authentication for server/shopper purposes by utilizing secret-key cryptography.

Question 10. Minimum Requirement For Installing Ad?

Windows Server, Advanced Server, Datacenter Server
Minimum Disk house of 200MB for AD and 50MB for log recordsdata
NTFS partition
TCP/IP Installed and Configured to make use of DNS
Administrative privilege for creating a website in present community

Question 11. Mention What Are Lingering Objects?

Lingering objects can exists if a website controller doesn’t replicate for an interval of time that’s longer than the tombstone lifetime (TSL).

Question 12. What Is Domain Controller?

In an Active listing forest, the area controller is a server that accommodates a writable copy of the Active Directory Database participates in Active listing replication and controls entry to community useful resource.

Question 13. Mention What Is Tombstone Lifetime?

Tombstone lifetime in an Active Directory determines how lengthy a deleted object is retained in Active Directory. The deleted objects in Active Directory is saved in a particular object referred as TOMBSTONE. Usually, home windows will use a 60- day tombstone lifetime if time will not be set within the forest configuration.

Question 14. Why We Need Netlogon?

Maintains a safe channel between this laptop and the area controller for authenticating customers and providers. If this service is stopped, the pc might not authenticate customers and providers, and the area controller can not register DNS data.”

Question 15. Explain What Is Active Directory Schema?

Schema is an energetic listing part describes all of the attributes and objects that the listing service makes use of to retailer information.

Question 16. What Is Dns Scavenging?

Scavenging will enable you to clear up outdated unused data in DNS.

Question 17. Explain What Is A Child Dc?

CDC or little one DC is a sub area controller underneath root area controller which share identify house

Question 18. What Is New In Windows Server 2008 Active Directory Domain Services?

AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain Controllers,Restartable Active Directory Domain Services

Question 19. Explain What Is Rid Master?

RID grasp stands for Relative Identifier for assigning distinctive IDs to the thing created in AD.

Question 20. Explain What Are Rodcs? And What Are The Major Benefits Of Using Rodcs?

Read solely Domain Controller, organizations can simply deploy a website controller in places the place bodily safety can’t be assured.

Question 21. Mention What Are The Components Of Ad?

Components of AD consists of
Logical Structure: Trees, Forest, Domains and OU.
Physical Structures: Domain controller and Sites.

Question 22. What Is The Number Of Permitted Unsuccessful Log Ons On Administrator Account?

Unlimited. Remember, although, that it’s the Administrator account, not any account that’s a part of the Administrators group.

Question 23. Explain What Is Infrastructure Master?

Infrastructure Master is accountable for updating details about the person and group and world catalogue.

Question 24. What Hidden Shares Exist On Windows Server 2003 Installation?

Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.

Question 25. Can You Connect Active Directory To Other Third-party Directory Services? Name A Few Options?

Yes you’ll be able to Connect Active Directory to different Third -party Directory Services corresponding to dictionaries utilized by SAP, Domino and many others with the assistance of MIIS (Microsoft Identity Integration Server).

Question 26. What Is The List Folder Contents Permission On The Folder In Ntfs?

Same as Read & Execute, however not inherited by recordsdata inside a folder. However, newly created subfolders will inherit this permission.

Question 27. How Do I Set Up Dns For Other Dcs In The Domain That Are Running Dns?

For every extra DC that’s working DNS, the popular DNS setting is the guardian DNS server (first DC within the area), and the alternate DNS setting is the precise IP tackle of community interface.

Question 28. Where Is Gpt Stored?

%SystemRootpercentSYSVOLsysvoldomainnamePoliciesGUID

Question 29. Tell Me What Should I Do If The Dc Points To Itself For Dns, But The Srv Records Still Do Not Appear In The Zone?

Check for a disjointed namespace, after which run Netdiag.exe /repair. You should set up Support Tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.

Question 30. Abbreviate Gpt And Gpc?

GPT : Group coverage template.
GPC : Group coverage container.

Question 31. Tell Me What If My Windows 2000 Or Windows Server 2003 Dns Server Is Behind A Proxy Server Or Firewall?

If you’ll be able to question the ISP’s DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is ready to question the foundation trace servers. UDP and TCP Port 53 ought to be open on the proxy server or firewall.

Question 32. Explain What Is The Difference Between Local, Global And Universal Groups?

Domain native teams assign entry permissions to world area teams for native area sources. Global teams present entry to sources in different trusted domains. Universal teams grant entry to sources in all trusted domains.

Question 33. Do You Know What Is The “.” Zone In My Forward Lookup Zone?

This setting designates the Windows 2000 DNS server to be a root trace server and is normally deleted. If you don’t delete this setting, it’s possible you’ll not be capable of carry out exterior identify decision to the foundation trace servers on the Internet.

Question 34. Define Lsdou?

It’s group coverage inheritance mannequin, the place the insurance policies are utilized to Local machines, Sites, Domains and Organizational Units

Question 35. Define Attribute Value?

An object’s attribute is about concurrently to 1 worth at one grasp, and one other worth at a second grasp.

Question 36. What Is Netdom?

NETDOM is a command-line instrument that enables administration of Windows domains and belief relationships

Question 37. Do You Know How Kerberos V5 Works?

The Kerberos V5 authentication mechanism points tickets (A set of identification information for a safety precept, issued by a DC for functions of person authentication. Two types of tickets in Windows 2000 are ticket-granting tickets (TGTs) and repair tickets) for accessing community providers. These tickets include encrypted information, together with an encrypted password, which confirms the person’s identification to the requested service.

Question 38. What Is Adsiedit?

ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory instrument permits you to view objects and attributes that aren’t uncovered within the Active Directory Management Console.

Question 39. What Is Kerberos V5 Authentication Process?

Kerberos V5 is the first safety protocol for authentication inside a website. The Kerberos V5 protocol verifies each the identification of the person and community providers. This twin verification is called mutual authentication.

Question 40. Define The Schema Master Failure?

Temporary lack of the schema operations grasp will likely be seen provided that we are attempting to change the schema or set up an software that modifies the schema throughout set up. A DC whose schema grasp function has been seized must not ever be introduced again on-line.

Question 41. What Is Replmon?

Replmon is the primary instrument it’s best to use when troubleshooting Active Directory replication points

Question 42. How To Find Fsmo Roles?

Netdom question fsmo OR Replmon.exe

Question 43. Describe The Infrastructure Fsmo Role?

When an object in a single area is referenced by one other object in one other area, it represents the reference by the GUID, the SID (for references to safety principals), and the DN of the thing being referenced. The infrastructure FSMO function holder is the DC chargeable for updating an object’s SID and distinguished identify in a cross-domain object reference.

Question 44. What Are The Advantages Of Active Directory Sites?

Active Directory Sites and Services mean you can specify web site info. Active Directory makes use of this info to find out how finest to make use of out there community sources.

Question 45. Define Edb.chk?

This is the checkpoint file used to trace the information not but written to database file. This signifies the start line from which information is to be recovered from the log file, in case of failure.

Question 46. Define Edb.log?

This is the transaction log file (10 MB). When EDB.LOG is full, it’s renamed to EDBnnnn.log. Where nnnn is the growing quantity ranging from 1.

Question 47. How To View All The Gcs In The Forest?

repadmin.exe /choices * and use IS_GC for present area choices.
nltest /dsgetdc:corp /GC

Question 48. How To Seize Fsmo Roles?

ntdsutil – kind roles – connections – join servername – q – kind seize function – on the fsmo upkeep immediate – kind seize rid grasp

Question 49. How To Transfer Fsmo Roles?

ntdsutil – kind roles – connections – join servername – q – kind switch function – on the fsmo upkeep immediate – kind trasfer rid grasp

Question 50. What Is The Kcc (data Consistency Checker)?

The KCC generates and maintains the replication topology for replication inside websites and between websites. KCC runs each 15 minutes.

Question 51. What Is Schema Information In Active Directory?

Definitional particulars about objects and attributes that one CAN retailer within the AD. Replicates to all DCs. Static in nature.

Question 52. What Is Online Defragmentation In Active Directory?

Online Defragmentation methodology that runs as a part of the rubbish assortment course of. The solely benefit to this methodology is that the server doesn’t should be taken offline for it to run. However, this methodology doesn’t shrink the Active Directory database file (Ntds.dit).

Question 53. What Is Ads Database Garbage Collection Process?

Garbage Collection is a course of that’s designed to free house inside the Active Directory database. This course of runs independently on each DC with a default lifetime interval of 12 hours.

Question 54. Define Res1.log And Res2.log?

This is reserved transaction log recordsdata of 20 MB (10 MB every) which supplies the transaction log recordsdata sufficient room to shutdown if the opposite areas are getting used.

Question 55. What Is Domain Information In Active Directory?

Object info for a website. Replicates to all DCs inside a website. The object portion turns into a part of GC. The attribute values solely replicates inside the area.

Question 56. What Is Lightweight Directory Access Protocol?

LDAP is the listing service protocol that’s used to question and replace AD. LDAP naming paths are used to entry AD objects and embody the next:

Distinguished names
Relative Distinguished names

Question 57. How Will You Verify Whether The Ad Installation Is Proper With Srv Resource Records?

Verify SRV Resource Records: After AD is put in, the DC will register SRV data in DNS when it restarts. We can examine this utilizing DNS MMC or nslookup command.

Question 58. What Is Ntds.dit?

This is the AD database and shops all AD objects. Default location is SystemRootpercentntdsNTDS.DIT.
Active Directory’s database engine is the Extensible Storage Engine which is predicated on the Jet database and may develop as much as 16 TB.

Question 59. What Is Ntds.dit Schema Table?

The forms of objects that may be created within the Active Directory, relationships between them, and the attributes on every kind of object. This desk is pretty static and far smaller than the information desk.

Question 60. Mention What Is The Difference Between Domain Admin Groups And Enterprise Admins Group In Ad?

Enterprise Admin Group :
Members of this group have full management of all domains within the forest By default, this group belongs to the directors group on all area controllers within the forest As such this group has full management of the forest, add customers with warning

Domain Admin Group :
Members of this group have full management of the area By default, this group is a member of the directors group on all area controllers, workstations and member servers on the time they’re linked to the area As such the group has full management within the area, add customers with warning


Spread the love