Questions asked during the interview of Active Directory
Getting the job interview is a must and it is not as simple making tea or not difficult as rocket science. If you are preparing for the Active Directory expert then, you must continue reading. We are going to discuss concepts of Active Directory in the form of Questions that may be asked for the interview. There is always nervous feel during the interview and that does not depend on the lack of confidence or experience.
The proper planning should be made while going to the interview we should be punctual, keep yourself calm. Every planning should be made before going for the interview. Time is so valuable and you should not be late at the Venue. If you are unable to answer the questions frankly tell to an interviewer instead of giving the wrong answer. If you know the answer and you want time to gather the answer you can take your time. Always have eye contact with the interviewer it will help to be confident.
There is a need for understanding the concepts and nature of questions so you can easily give answers and make your impression perfect. So, without wasting time let’s start.
What is Active Directory?
This may be your first question and you the answer because your study is related to this field. But still, we should know the answer in proper and simple but in productive language.
Active Directory is a directory service used in Windows-based servers and computers to store database-like user information, computer information, network information and also domains.
Which services are available in Active Directory Services?
Multiple services are available in Active Directory Services.
- Domain Service: It is also known as Active Directory Domain Services (AD DS) which stores the information of users and devices does the verifications and informs about the access rights.
- Lightweight Directory Service: It is also known as Active Directory Lightweight Directory Services (AD LDS). It provides storage for the Directory Data and Directory Service. Multiple AD LDS can run on the same server.
- Certificate Service: It is also known as Active Directory Certificate Services (AD CS). It creates, validates, revokes key certificates for internal uses. They are also used for the encryption of the files, Emails, Network traffics, Transport Layer Security.
- Federation Services: It is also known as Active Directory Federation Services (AD FS). In FS that is Federation Services, users can use several web-based services like blogs, forums, emails and network resources in only one set. Then the same set can be used in a different network also.
Tell something about Forest?
Forest is the collection of the domains which shares only one plan for all Active Directory. It shares the single database, single global address list, and security boundary. User or administrator cannot access another forest because by default user and administrator is in one forest.
How to determine user account have local administrative access?
By using local group administrators command on every workstation by doing this it will mention one by one all the members of the administrator’s group. You can run the command on every machine.
Also, you can use restricted group features from the group policy and allow only those members you want.
What are domains in Active Directory?
A domain cannot be beneficial in the form of administrative to others because it has boundary and that boundary is called as the administrative boundary.
There is also a security boundary and its security policies are for all security accounts but within that domain. These boundaries are used for the collection of objects. A domain can be defined as the collection of objects which is relevant for the specific group users on the network due to both boundaries.
Define the term Organizational Unit?
Organizational Unit (OU) are logical constructs of the Active Directory, so for OU there is no need to support or maintain domain. They do not have the namespace. Organizational Units can have other Organizational Units and they provide hierarchy to the domain, so Microsoft recommends to use OU’s instead domain.
When the OU’s are created the administrative authority is represented to any user or group.
What is LDAP?
LDAP stands for Lightweight Directory Access Protocol it interacts with the directory service.
It is an application protocol directory service used for the querying and modifying items that are available in directory service providers. The naming path of LDAP has used to access active directory objects.
Requirements for installing the Active Directory?
The minimum requirements for the installation of Active Directory are:
1) Windows Server, Advanced Server.
2) 200MB space for AD and 50MB for log files
3) NTFS partition
4) TCP/IP installed
5) DNS configured for use.
6) Administrative privileges to create the domain.
These is the requirements for installing Active Directory (AD).
Types of groups available in Active Directory?
There are two types of groups in Active Directory:
1) Security groups
2) Distribution groups
1) Security groups: To access the resource’s permissions are required and that permissions are granted by the security groups. Security groups can assign user rights so that what the member can do in that group.
2) Distribution groups: In this group, we can access resources without any permission. This group is used for sending emails to users in the group there is no need to grant security permissions.
It is recommended to use the Distribution groups whenever there is a need to use groups of Active Directory.
What is REPLMON?
The REPLMON is the tool used in the replication problems.
It is a Graphical User Interface (GUI) tool used to view Active Directory replication, monitor status, topology view in graphical format, force synchronization to the administrators. It is easy to see the replication issues than using the command line.
It is recommended to use this tool while facing the replication issues in the Active Directory. This was the definition and information given by the Microsoft.
What is ADSIEDIT?
It is a Graphical User Interface (GUI) tool which is the low-level editor for the Active Directory. It is used by the Network Administrators for administrative tasks like adding, deleting, and moving objects to directory service. The attributes of the objects are added or deleted by using this tool. To access Active Directory it uses ADSI application programming interface that is API. To use this tool there is a requirement of the files:
Installing Active Directory on new server
1) NTFS partition.
2) Administrator’s username and password
3) The correct version of Operating System
4) A network connection to hub or another computer
5) DNS server
6) NIC configured
7) Domain name
8) Windows 2000 or Windows 2003 Server CD or i386 folder.
How to take backup of the Active Directory (AD)?
Follow the simple steps to take the backup of the AD:
Step 1: Go to Start
Step 2: Then Program
Step 3: Accessories
Step 4: System tools
Step 5: Backup
This are the simple steps. There is another method to take the backup:
Open run window then ntbackup and take systemstate backup then the screen of backup will flash and then take the backup of System State it will take all the necessary information about the system including Active Directory (AD) backup also.
How to make the use of Registry keys to remove the user form group?
You can use the command-line utility called as demand with -delmbr switch to remove the group member from the command-line utility. Freeware utilities are available on www.joeware.net. Also, there are tools ADFind and ADMod mostly used for searching and updating Active Directory (AD).
How to restore the modes of Active Directory (AD)?
The nonauthoritative restore is default method for restoring the modes of Active Directory (AD).
To restore the mode using the nonauthoritative restore, firstly start domain controller after that you restore the domain controller from backup, replication partners use the standard replication protocols to update Active Directory and restored information on the domain controller.
What is TOMBSTONE lifetime?
The time period in which the deleted object is retained in the Active Directory. The deleted objects from the Active Directory are stored in the special type of object called the TOMBSTONE. If the time period is not set in the forest the windows will store 60 -days.
What are the components of Active Directory (AD)?
The components of the Active Directory (AD) are:
- Logical Structure: Trees, Forest, Domains and OU
- Physical Structures: Domain controller and Sites
How to verify SYSVOL?
Firstly verify the folder structure is created:
3) Staging area
If SYSVOL is not created properly then data is stored in the form of scripts, GPO and it will not replicate between DC’s.
Types of Active Directory data:
There are three types of Active Directory data:
1) Schema information
2) Configuration information
3) Domain information
New features in Active Directory (AD) of Windows Server 2012
Windows Server 2012 comes with many improved features:
1) dc promo with the wizard: It is also known as the Domain Controller Promoter which it allows you to view the installation steps and gives the detailed results during the installation process.
2) Enhanced Administrative Center: There is a lot of development in the earlier version of the active directory and it is well designed in Windows 2012.
3) Recycle bin through GUI: In the earlier version, it was not possible to enable the active directory to recycle bin through GUI in Administrative Center but in Windows server 12 it is possible.
4) Fine-grained password policies (FGPP): It allows you to create the password policies in the same domain and also implementing Fine-grained password policies (FGPP) is easier than earlier versions.
5) Windows Power Shell History Viewer: It is possible to view the Windows Power Shell commands when you execute the actions in the Active Directory Administrative Center UI.
These were the few new and revolutionary features available in the Windows Server 12. These were the important features in the Active Directory.
What are Domain Trees in Active Directory (AD)?
The hierarchical arrangement of the domains that shares the contiguous namespace is called as the tree. The first domain in the tree is called the root domain and the remaining other domains attached to the root domains are called the child domains. If there is a continuous attachment of the domain after the root domain then it is called the parent of the child domain. Every child has a two-way and transitive trust relationship with the parent domain.
The trust relationship allows the single log- on process to the user to all the domains in the tree and the forest. But the user does not have permissions to access in the domains because tree domain is security domain so there is a requirement to grant the permissions to access and the permissions are required for every domain.
What are Active Directory (AD) Sites?
Sites consist of multiple subnets connected with powerful links. There is the employment of the Wide area networks to handle the servicing requests and reducing the replication traffic. The network of physical structure is mapped by the sites and logical structure of the organization is mapped to the domains. Active Directory Sites allow you to specify the information on the sites. Then this information is used by the Active Directory to the best use of network resources. Sites may have one subnet.
What are the roles of the global catalog key directory?
If any user logs on to the network, then the global catalog provides the universal group membership information to the domain controller. If you have only one domain controller in the domain, then domain controller and global server are the same servers. If there are multiple domain controllers in the networks then the global catalog is hosted on the domain controller. If a global catalog is not available when the user initiates the network then the user can able to log on to the local computer.
What is RID Master?
The RID Master is a Relative Identifier used for assigning ID’s to the object created in the Active Directory (AD).