If you know about telephone directories that they used back in the good old days, you are halfway to understanding the Active Directory. Like we used to search for telephone numbers of people or places from the telephone directories, we use Active Directory similarly. No, we do not find numbers or people through the active directory. It is a directory service for Windows server domain by Microsoft. At first, Active Directory managed only the massive centralized domain systems. It was their sole job. As Microsoft kept on developing it further, it now handles a lot. Almost any function that includes identification based on the directory records is now under the active directory.
Now let us know more about it through the interview questions and answers.
Frequently Asked Active Directory Interview Questions
What is the first thing that comes to your mind when you hear Active Directory?
Answer: This index stores the information and data on Microsoft-based servers and domains. Everything from managing to administering the network information comes under Active Directory. The data is usually about a network.
Who is the developer of Active Directory?
Answer: Microsoft is the developer of Active Directory.
Which protocol does the active directory use by default?
Answer: Lightweight Directory Access Protocol, abbreviated as LDAP, gets used by the active directory as a default protocol.
When was the active directory first launched?
Answer: The first time Microsoft launched it was with the server of Windows 2000. The year of release was 1999.
In the Active Directory, what do you bean by Forest?
Answer: In Active Directory, Forest represents a group of domains of AD that have a schema in common.
Have you ever heard of SysKOL? If yes, then tell us about your understanding of the term.
Answer: The main job of SysVOL is to keep a record of a domain’s public file’s server’s copy. They get stimulated by the area controllers of the domains. SysVOL can sometimes get written as SysFOL but, it is the same thing.
Answer: A verification protocol used in networks is called Kerberos. It uses secret-key cryptography to assure security and verification of clients’ applications.
Can you describe the Knowledge Consistency Checker?
Answer: Knowledge Consistency Checker, often abbreviated as KCC, is responsible for replicating the topologies. It duplicates the topology between controllers and domains.
Can you name Active Directory’s components?
Answer: It includes two components or structures, physical and logical. The physical part of AD got the sites and Domain services on its side. At the same time, the other one got Forests, Domains, OU, and Trees.
What are the services provided by the Active Directory?
Answer: The AD serves the users in many ways:
- Certificate Services
- Domain Services
- Federation Services
- Rights Management Services
- Lightweight Directory Services
What do you mean by domain?
Answer: The collection of all the users in a network is said to be a domain.
Name the folders related to the Active Directory.
Answer: Several files control the structure of the Active directory:
- res 1.log
Do you know where we keep the data of the AD?
Answer: Our Active Directory data always gets saved in %systemroot%/ntds as a Database.
Explain the Schema of Active Directory.
Answer: If you want the definition of any object class, you will get a formal one in the active directory schema. The details of Forest attributes that can ever exist are there in ADS.
Can you name a few ports that the AD uses?
Answer: A few ports used by the active directory are:
- RPC endpoint mapper
- NetBIOS Session Service
- LDAP over SSL
- WINS Replication
- NetBIOS name service
- WINS Resolution
How do we create a backup for the Active Directory?
Answer: We can use PowerShell, Wbadmin.exe, or Windows Server Backup to keep a backup for the AD.
Do you know the names of the containers of the Active Directory?
Answer: First comes the Trees, followed by Site, Users, Organizational Unit, Domain, and Foreign Security Unit. All of these are the containers in the AD.
Name the types of admin groups in the AD.
Answer: There are two types of admin groups in the Active Directory:
- Enterprise Admin
- Domain Admin Group
Can you make a difference between Domain and Enterprise groups in the AD?
Answer: In the Domain Admin Group, the control of the domain is in the hands of the members. Meanwhile, in the Enterprise Admin Group, the rights are limited to the Forests.
What do you understand by the tombstone lifetime?
Answer: The time for which the deleted data is still present in the Active Directory.
Do you have any idea what lingering objects mean?
Answer: The objects that exist longer than the Tombstone Lifetime interval are called lingering objects. If the controller does not replicate the objects, they turn out as LO.
What do you understand by Organizational Units?
Answer: It is a factor that affects security, competence, administration, and policy. An organizational unit is a designing unit.
Name a few management tools of the Active Directory.
Answer: The management tools consist of:
- Active Directory Users and Computers
- ADSI Edit
- AD Domains and Trust
- Local Users and Groups
- SysInternals ADExplorer
- Active Directory Administrative Center.
Describe Active Directory Recycle Bin.
Answer: It is an object of AD which allows us to retrieve data we accidentally deleted within a time interval.
Can you give us the port number for LDAP used in the Active Directory?
Answer: The port number 389 LDAP is used and preferred in the AD.
What do you mean by Infrastructure Master?
Answer: The one responsible for all the updates is Infrastructure Master. It includes customer, global catalog, and group update.
In which way does the AD store the data?
Answer: The data we store in the Active Directory takes a form of a hierarchy. There are structures and logic to design this hierarchy in the AD.
What do you mean by a domain tree?
Answer: A set of multiple domains stored in a hierarchical manner is known as a domain tree. Each domain of a domain tree has a common schema and form a contagious namespace.
What is a domain controller?
Answer: The controller of an Active Directory Domain Service server is called a domain controller.
Except for LDAP, what does the AD uses?
Answer: There are two other objects used by the Active Directory: DNS (Domain Name System) and Kerberos (Microsoft’s Version).