Top 100+ Active Directory Interview Questions And Answers
Question 1. Mention What Is Active Directory?
Answer :
An energetic listing is a directory shape used on Micro-gentle Windows primarily based servers and computers to shop records and facts approximately networks and domain names.
Question 2. What Is Domains In Active Directory?
Answer :
In Windows 2000, a domain defines both an administrative boundary and a protection boundary for a group of items that are applicable to a specific organization of users on a network. A area is an administrative boundary because administrative privileges do now not extend to other domain names. It is a security boundary due to the fact every area has a protection policy that extends to all safety bills in the domain. Active Directory shops information approximately items in a single or more domain names.
Domains may be prepared into determine-infant relationships to form a hierarchy. A figure domain is the area without delay advanced in the hierarchy to at least one or greater subordinate, or child, domain names. A child area also can be the determine of 1 or extra baby domain names.
System Administration Interview Questions
Question 3. Mention Which Is The Default Protocol Used In Directory Services?
Answer :
The default protocol utilized in directory services is LDAP ( Lightweight Directory Access Protocol).
Question 4. What Is Mixed Mode?
Answer :
Allows area controllers running both Windows 2000 and in advance versions of Windows NT to co-exist within the domain. In combined mode, the domain features from preceding versions of Windows NT Server are nonetheless enabled, whilst some Windows 2000 capabilities are disabled. Windows 2000 Server domain names are hooked up in mixed mode through default. In mixed mode the domain may have Windows NT four.Zero backup domain controllers gift. Nested groups are not supported in combined mode.
Windows 10 Tutorial
Question 5. Explain The Term Forest In Ad?
Answer :
Forest is used to define an meeting of AD domain names that percentage a unmarried schema for the AD. All DC’s in the forest share this schema and is replicated in a hierarchical style amongst them.
Windows Administration Interview Questions
Question 6. What Is Native Mode?
Answer :
When all the area controllers in a given area are running Windows 2000 Server. This mode permits businesses to take gain of new Active Directory functions along with Universal organizations, nested group membership, and inter-area organization club.
Question 7. Explain What Is Sysvol?
Answer :
The SysVOL folder keeps the server’s replica of the domain’s public documents. The contents together with customers, organization coverage, and so forth. Of the sysvol folders are replicated to all domain controllers within the domain.
Windows 10 Development Tutorial Emc Symmetrix Interview Questions
Question 8. What Is Ldap?
Answer :
LDAP is the listing carrier protocol that is used to question and replace AD. LDAP naming paths are used to get entry to AD gadgets and consist of the subsequent:
Distinguished names
Relative Distinguished names
Question nine. Mention What Is Kerberos?
Answer :
Kerberos is an authentication protocol for community. It is built to provide robust authentication for server/consumer applications through the use of mystery-key cryptography.
Group Policy Interview Questions
Question 10. Minimum Requirement For Installing Ad?
Answer :
Windows Server, Advanced Server, Datacenter Server
Minimum Disk space of 200MB for AD and 50MB for log files
NTFS partition
TCP/IP Installed and Configured to use DNS
Administrative privilege for creating a domain in current network
Question eleven. Mention What Are Lingering Objects?
Answer :
Lingering gadgets can exists if a website controller does now not mirror for an c language of time this is longer than the tombstone lifetime (TSL).
Wintel Administrator Interview Questions
Question 12. What Is Domain Controller?
Answer :
In an Active directory woodland, the domain controller is a server that carries a writable replica of the Active Directory Database participates in Active directory replication and controls get right of entry to to network resource.
System Administration Interview Questions
Question 13. Mention What Is Tombstone Lifetime?
Answer :
Tombstone lifetime in an Active Directory determines how lengthy a deleted item is retained in Active Directory. The deleted objects in Active Directory is saved in a special item referred as TOMBSTONE. Usually, windows will use a 60- day tombstone lifetime if time isn't set inside the wooded area configuration.
Question 14. Why We Need Netlogon?
Answer :
Maintains a relaxed channel among this computer and the domain controller for authenticating users and offerings. If this provider is stopped, the laptop may not authenticate customers and services, and the area controller can not register DNS facts."
Question 15. Explain What Is Active Directory Schema?
Answer :
Schema is an lively listing factor describes all the attributes and gadgets that the directory service uses to store records.
Question sixteen. What Is Dns Scavenging?
Answer :
Scavenging will help you clean up vintage unused facts in DNS.
Question 17. Explain What Is A Child Dc?
Answer :
CDC or toddler DC is a sub domain controller underneath root area controller which proportion name space
Question 18. What Is New In Windows Server 2008 Active Directory Domain Services?
Answer :
AD Domain Services auditing, Fine-Grained Password Policies,Read-Only Domain Controllers,Restartable Active Directory Domain Services
Windows Administration Interview Questions
Question 19. Explain What Is Rid Master?
Answer :
RID grasp stands for Relative Identifier for assigning precise IDs to the object created in AD.
Question 20. Explain What Are Rodcs? And What Are The Major Benefits Of Using Rodcs?
Answer :
Read simplest Domain Controller, corporations can without problems install a website controller in locations where physical security can not be assured.
Question 21. Mention What Are The Components Of Ad?
Answer :
Components of AD includes
Logical Structure: Trees, Forest, Domains and OU.
Physical Structures: Domain controller and Sites.
Question 22. What Is The Number Of Permitted Unsuccessful Log Ons On Administrator Account?
Answer :
Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators institution.
Question 23. Explain What Is Infrastructure Master?
Answer :
Infrastructure Master is answerable for updating statistics about the person and institution and international catalogue.
Question 24. What Hidden Shares Exist On Windows Server 2003 Installation?
Answer :
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
Emc Symmetrix Interview Questions
Question 25. Can You Connect Active Directory To Other third-birthday party Directory Services? Name A Few Options?
Answer :
Yes you can Connect Active Directory to different 3rd -celebration Directory Services together with dictionaries used by SAP, Domino and so on with the assist of MIIS (Microsoft Identity Integration Server).
Question 26. What Is The List Folder Contents Permission On The Folder In Ntfs?
Answer :
Same as Read & Execute, but now not inherited through documents within a folder. However, newly created subfolders will inherit this permission.
Question 27. How Do I Set Up Dns For Other Dcs In The Domain That Are Running Dns?
Answer :
For every additional DC this is jogging DNS, the favored DNS putting is the determine DNS server (first DC inside the area), and the trade DNS putting is the real IP address of community interface.
Group Policy Interview Questions
Question 28. Where Is Gpt Stored?
Answer :
%SystemRootp.CSYSVOLsysvoldomainnamePoliciesGUID
Question 29. Tell Me What Should I Do If The Dc Points To Itself For Dns, But The Srv Records Still Do Not Appear In The Zone?
Answer :
Check for a disjointed namespace, and then run Netdiag.Exe /repair. You must set up Support Tools from the Windows 2000 Server CD-ROM to run Netdiag.Exe.
Question 30. Abbreviate Gpt And Gpc?
Answer :
GPT : Group coverage template.
GPC : Group policy box.
Question 31. Tell Me What If My Windows 2000 Or Windows Server 2003 Dns Server Is Behind A Proxy Server Or Firewall?
Answer :
If you are able to question the ISP's DNS servers from behind the proxy server or firewall, Windows 2000 and Windows Server 2003 DNS server is capable of query the root trace servers. UDP and TCP Port fifty three should be open at the proxy server or firewall.
Question 32. Explain What Is The Difference Between Local, Global And Universal Groups?
Answer :
Domain neighborhood organizations assign access permissions to global area groups for local domain sources. Global organizations offer get right of entry to to resources in other relied on domain names. Universal companies supply get entry to to resources in all depended on domains.
Question 33. Do You Know What Is The "." Zone In My Forward Lookup Zone?
Answer :
This setting designates the Windows 2000 DNS server to be a root hint server and is usually deleted. If you do not delete this placing, you could now not be able to perform outside call decision to the root hint servers at the Internet.
Wintel Administrator Interview Questions
Question 34. Define Lsdou?
Answer :
It’s group policy inheritance version, where the rules are applied to Local machines, Sites, Domains and Organizational Units
Question 35. Define Attribute Value?
Answer :
An item's characteristic is ready concurrently to one cost at one grasp, and any other price at a 2nd master.
Question 36. What Is Netdom?
Answer :
NETDOM is a command-line tool that allows management of Windows domain names and believe relationships
Question 37. Do You Know How Kerberos V5 Works?
Answer :
The Kerberos V5 authentication mechanism troubles tickets (A set of identity information for a protection precept, issued by using a DC for purposes of person authentication. Two varieties of tickets in Windows 2000 are ticket-granting tickets (TGTs) and carrier tickets) for accessing network services. These tickets contain encrypted statistics, including an encrypted password, which confirms the user's identity to the requested service.
Question 38. What Is Adsiedit?
Answer :
ADSI Edit is an LDAP editor for dealing with items in Active Directory. This Active Directory tool helps you to view items and attributes that aren't uncovered within the Active Directory Management Console.
Question 39. What Is Kerberos V5 Authentication Process?
Answer :
Kerberos V5 is the primary protection protocol for authentication within a website. The Kerberos V5 protocol verifies both the identification of the person and community offerings. This dual verification is called mutual authentication.
Question 40. Define The Schema Master Failure?
Answer :
Temporary loss of the schema operations master might be seen only if we are seeking to alter the schema or install an utility that modifies the schema during installation. A DC whose schema grasp function has been seized need to in no way be introduced back on line.
Question forty one. What Is Replmon?
Answer :
Replmon is the first device you have to use whilst troubleshooting Active Directory replication troubles
Question 42. How To Find Fsmo Roles?
Answer :
Netdom query fsmo OR Replmon.Exe
Question 43. Describe The Infrastructure Fsmo Role?
Answer :
When an item in a single domain is referenced by some other object in some other area, it represents the reference by using the GUID, the SID (for references to protection principals), and the DN of the object being referenced. The infrastructure FSMO function holder is the DC responsible for updating an item's SID and prominent name in a move-area item reference.
Question forty four. What Are The Advantages Of Active Directory Sites?
Answer :
Active Directory Sites and Services let you specify site information. Active Directory makes use of this facts to determine how pleasant to use to be had network sources.
Question forty five. Define Edb.Chk?
Answer :
This is the checkpoint record used to tune the records no longer yet written to database report. This shows the place to begin from which statistics is to be recovered from the log document, in case of failure.
Question forty six. Define Edb.Log?
Answer :
This is the transaction log file (10 MB). When EDB.LOG is full, it's miles renamed to EDBnnnn.Log. Where nnnn is the increasing variety starting from 1.
Question forty seven. How To View All The Gcs In The Forest?
Answer :
repadmin.Exe /options * and use IS_GC for modern area options.
Nltest /dsgetdc:corp /GC
Question 48. How To Seize Fsmo Roles?
Answer :
ntdsutil - kind roles - connections - connect servername - q - kind seize position - at the fsmo upkeep prompt - kind seize rid master
Question 49. How To Transfer Fsmo Roles?
Answer :
ntdsutil - kind roles - connections - join servername - q - kind switch role - on the fsmo renovation set off - kind trasfer rid grasp
Question 50. What Is The Kcc (understanding Consistency Checker)?
Answer :
The KCC generates and maintains the replication topology for replication inside web sites and between websites. KCC runs each 15 minutes.
Question 51. What Is Schema Information In Active Directory?
Answer :
Definitional information about items and attributes that one CAN save in the AD. Replicates to all DCs. Static in nature.
Question 52. What Is Online Defragmentation In Active Directory?
Answer :
Online Defragmentation method that runs as a part of the rubbish series system. The best benefit to this technique is that the server does no longer want to be taken offline for it to run. However, this approach does no longer reduce the Active Directory database document (Ntds.Dit).
Question 53. What Is Ads Database Garbage Collection Process?
Answer :
Garbage Collection is a manner this is designed to free area in the Active Directory database. This procedure runs independently on every DC with a default lifetime c programming language of 12 hours.
Question 54. Define Res1.Log And Res2.Log?
Answer :
This is reserved transaction log files of 20 MB (10 MB every) which offers the transaction log files enough room to shutdown if the opposite areas are being used.
Question 55. What Is Domain Information In Active Directory?
Answer :
Object records for a site. Replicates to all DCs inside a site. The object component turns into a part of GC. The attribute values only replicates in the area.
Question 56. What Is Lightweight Directory Access Protocol?
Answer :
LDAP is the directory carrier protocol that is used to query and update AD. LDAP naming paths are used to get admission to AD items and consist of the following:
Distinguished names
Relative Distinguished names
Question 57. How Will You Verify Whether The Ad Installation Is Proper With Srv Resource Records?
Answer :
Verify SRV Resource Records: After AD is set up, the DC will sign in SRV records in DNS while it restarts. We can check this the use of DNS MMC or nslookup command.
Question fifty eight. What Is Ntds.Dit?
Answer :
This is the AD database and shops all AD objects. Default area is SystemRootp.CntdsNTDS.DIT.
Active Directory's database engine is the Extensible Storage Engine that is primarily based on the Jet database and might grow up to 16 TB.
Question 59. What Is Ntds.Dit Schema Table?
Answer :
The sorts of items that can be created within the Active Directory, relationships between them, and the attributes on every type of object. This desk is fairly static and lots smaller than the information table.
Question 60. Mention What Is The Difference Between Domain Admin Groups And Enterprise Admins Group In Ad?
Answer :
Enterprise Admin Group :
Members of this institution have whole control of all domains inside the wooded area By default, this group belongs to the directors group on all domain controllers in the woodland As such this group has complete manage of the wooded area, add customers with caution
Domain Admin Group :
Members of this organization have whole manage of the domain By default, this organization is a member of the directors group on all area controllers, workstations and member servers at the time they are related to the area As such the group has full manage inside the domain, upload customers with warning
