TOP 20 ACTIVE DIRECTORY INTERVIEW

QUESTIONS & ANSWERS

Question 1: What is Active Directory (AD)?
Answer: Active Directory provides centralized control over your network. It's
store all the object like users, computers, printers and other information in active
directory database, so it's easy to maintain all the objects from a single location.

Question 2: Which one is the default protocol used in directory services?

Answer: The default protocol is used in directory services is LDAP; which is stand
for Lightweight Directory Access Protocol.

Question 3: What is LDAP?

Answer: When we are talking about LDAP in Windows Server, It is a protocol
which is used for access Active Directory objects, user authentication and
authorization. LDAP is also used to store credential in a network Security system
and retrieve it with your password and decrypted key giving you access to the
services.
(Note: AD is a directory services database, and LDAP is one of the protocols you
can use to talk to it.)

Question 4: What is the Logical and Physical structure in Active Directory?

OR What are the components of AD?
Answer: For this answer please click on below link. (What is forest, domain,
trees, OUs)

WHAT IS THE LOGICAL AND PHYSICAL STRUCTURE IN ACTIVE

DIRECTORY?

Question 5: What is Domain Controller?

Answer: Domain Controller is the server which holds the AD database, All AD
changes get replicated to other DC and vice-versa.

Question 6: How can we install Active Directory Domain Service(ADDS) on

Windows server 2008 R2?
Answer: We can install ADDS from Server Manager.
Server Manager > Add Roles > Select Active Directory Domain Services > Next >
Install.

After Adding ADDS role, you need to promote your server.

To promote Server 2008 R2, You can click on the message from server manager or
you can open CMD as administrator and type dcpromo.exe command and hit
enter a new window will pop-up just follow that screen and provide appropriate
information and that's it.
Question 7: How can you install ADDS manager tool on windows 8.1 computer?
OR how can you manage a AD from your windows 8.1 computer?
Answer: To manage the AD from a windows 8.1 computer, you need to install
RSAT (Remote Server Administrator Tool). RSAT is a tool to manage AD from a
client computer. To download this tool, you can click on below link from
Microsoft website.

Remote Server Administration Tools for Windows 8.1

To read more about this tool like how does it work on windows 7 and windows 10,
go through below link.

Remote Server Administration Tools (RSAT) for Windows Client and Windows
Server (dsforum2wiki)

(Note: Remote Server Administration Tools for Windows 8.1 enables IT

administrators to manage roles and features that are installed on computers that are
running Windows Server 2012 or Windows Server 2012 R2 from a remote
computer that is running Windows 8.1 Pro or Windows 8.1 Enterprise. Remote
Server Administration Tools for Windows 8.1 can be installed ONLY on
computers that are running full releases of Windows 8.1 Pro or Windows 8.1
Enterprise.)

Question 8: What is Schema?

Answer: The schema is the Active Directory component that defines all the
objects and attributes that the directory service uses to store data. The physical
structure of the schema consists of the object definitions. The schema itself is
stored in the directory.

Object Class = User

Attributes = first name, last name, email, and others

Question 9: What is the FSMO roles? OR tell me something about FSMO roles?
Answer: Flexible Single Master Operation Roles (FSMO); Active Directory has
five special roles which are vital for the smooth running of AD as a multi-master
system.
Some functions of AD require there is an authoritative master to which all Domain
Controllers can refer to.

Here are five roles, these roles are Forest based and Domain based.

Forest Based Roles

Schema Master
Domain Naming Master

Domain Based Roles

PDC emulator
RID Master
Infrastructure Master

Question 10: How to check which server holds which FSMO role?
Answer: To check the FSMO roles, type below command on CMD.
netdom query fsmo

Question 11: Can you define FSMO roles?

Answer: For this answer please click on below link.

FSMO Roles

(Here you get answer like, What is Schema Master? What is Domain Naming
Master? What is PDC emulator? What is RID Master? What is Infrastructure
Master?)

Question 12: Explain where does the AD database is held? What other folders are
related to AD?
OR Tell me about Active Directory Database and list the Active Directory
Database files?
Answer:
%SystemRoot%\NTDS\Ntds.dit

This file stores the database that is in use on the domain controller. It contains the
values for the domain and a replica of the values for the forest (the Configuration
container data).

%SystemRoot%\NTDS\EDB.Log

EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB
Num.log where num is the increasing number starting from 1, like EDB1.Log

%SystemRoot%\NTDS\EDB.Che

EDB.Che is the checkpoint file used to trace the data not yet written to database
file this indicate the starting point from which data is to be recovered from the log
file in case if failure

Res1.log and Res2.log

Res is reserved transaction log file which provide the transaction log file enough
time to shutdown if the disk didn’t have enough space

Question 13: What is SYSVOL?

Answer: The System Volume (SYSVOL) is a shared directory that stores the
server copy of the domain's public files that must be shared for common access and
replication throughout a domain. The SYSVOL folder on a domain controller
contains the following items:

- Net Logon shares. These typically host logon scripts and policy objects for
network client computers.
- User logon scripts for domains where the administrator uses Active Directory
Users and Computers.
- Windows Group Policy.
- File replication service (FRS) staging folder and files that must be available and
synchronized between domain controllers.
- File system junctions.

File system junctions are used extensively in the SYSVOL structure and are a
feature of NTFS file system 3.0. You must be aware of the existence of junction
points and how they operate so that you can avoid data loss or corruption that may
occur if you modify the SYSVOL structure.

Question 14: What is TOMBSTONE lifetime?

Answer: When an Active Directory (AD) object, such as a user or computer
account, is deleted, the object actually remains in the directory for a period of time
known as the tombstone lifetime. The default time for Tombstone is 60 days but
Microsoft suggest to put it 180 days.

Question 15: what is the difference between domain admins and enterprise admins
in AD?
Answer:
Domain Admins Group

- Members of this group have complete control of the domain

- By default, this group is a member of the administrators group on all domain
controllers, workstations and member servers at the time they are linked to the
domain
- As such the group has full control in the domain, add users with caution

Enterprise Admins Group

- Members of this group have complete control of all domains in the forest.
- By default, this group belongs to the administrators group on all domain
controllers in the forest.

- As such this group has full control of the forest, add users with caution.

Question 16: What is Active Directory Partitions?

Answer: Active Directory partition is how and where the Active Directory
information logically stored.

Question 17: How many types of Active Directory Partitions?

Answer: Every domain controller contains the following three directory partitions:

Schema Partition
Configuration Partition
Domain Partition

Question 18: What is use of Active Directory Partitions? And

How to find the Active Directory Partitions and there location?
Answer:

Schema Partition, It store details about objects and attributes. Replicates to all
domain controllers in the Forest

DN location is CN=Schema,CN=Configuration,DC=Domainname, DC=com

Configuration Partition, It store details about the AD configuration information
like, Site, site-link, subnet and other replication topology information. Replicates
to all domain controllers in the Forest

DN Location is CN=Configuration,DC=Domainname,DC=com

Domain Partitions, object information for a domain like user, computer, group,
printer and other Domain specific information. Replicates to all domain controllers
within a domain

DN Location is DC=Domainname,DC=com

Question 19: What Is Kerberos?

Answer: Kerberos is an authentication protocol for network. It is built to offer
strong authentication for server/client applications by using secret-key
cryptography.

Question 20: Explain What Is A Child Dc?

Answer: CDC or child DC is a sub domain controller under root domain controller
which share name space.

Writer: Sahil Hasan

Website: www.techiescure.com