Udemy logo

active directory interview questionsMore and more companies are realizing the power of cloud services and networks. With the release of Office 365, Cloud services, and employees working away from the office, collaboration is crucial. Ensuring the networks that connect employees and allow access to the documents and projects within an organization is therefore critical to allow organizations to function efficiently. This means that the demand for good network technicians and system administrators who understand Active Directory is increasing.

If you love ensuring smooth, efficient operation of a network, have the networking skills you need to qualify for a networking position, then here are some Active Directory interview questions that may help you to secure your dream job as a network administrator by preparing you for your interview. If you want to improve your interview skills then Job Interview Skills Training Course will help you master the interview skills you need.

1. Define Active Directory

Active Directory is a database that stores data pertaining to the users within a network as well as the objects within the network. Active Directory allows the compilation of networks that connect with AD, as well as the management and administration thereof.

2. What is a domain within Active Directory?

A domain represents the group of network resources that includes computers, printers, applications and other resources. Domains share a directory database. The domain is represented by address of the resources within the database. A domain address generally looks like 125.170.456. A user can log into a domain to gain access to the resources that are listed as part that domain.

3. What is the domain controller?

The server that responds to user requests for access to the domain is called the Domain Controller or DC. The Domain Controller allows a user to gain access to the resources within the domain through the use of a single username and password.

4. Explain what domain trees and forests are

Domains that share common schemas and configurations can be linked to form a contiguous namespace.  Domains within the trees are linked together by creating special relationships between the domains based on trust.

Forests consist of a number of domain trees that are linked together within AD, based on various implicit trust relationships. Forests are generally created where a server setup includes a number of root DNS addresses. Trees within the forest do not share a contiguous namespace.

6. What is LDAP?

LDAP is an acronym for Lightweight Directory Access Protocol and it refers to the protocol used to access, query and modify the data stored within the AD directories. LDAP is an internet standard protocol that runs over TCP/IP.

7. Explain what intrasite and intersite replication is and how KCC facilitates replication

The replication of DC’s inside a single site is called intrasite replication whilst the replication of DC’s on different sites is called Intersite replication. Intrasite replication occurs frequently while Intersite replication occurs mainly to ensure network bandwidth.

KCC is an acronym for the Knowledge Consistency Checker. The KCC is a process that runs on all of the Domain Controllers. The KCC allows for the replication topology of site replication within sites and between sites. Between sites, replication is done through SMTP or RPC whilst Intersite replication is done using procedure calls over IP.

8. Name a few of the tools available in Active Directory and which tool would you use to troubleshoot any replication issues?

Active Directory tools include:

·         Dfsutil.exe

·         Netdiag.exe

·         Repadmin.exe

·         Adsiedit.msc

·         Netdom.exe

·         Replmon.exe

Replmon.exe is a graphical tool designed to visually represent the AD replication. Due to its graphical nature, replmon.exe allows you to easily spot and deal with replication issues.

9. What tool would you use to edit AD?

Adsiedit.msc is a low level editing tool for Active Directory. Adsiedit.msc is a Microsoft Management Console snap-in with a graphical user interface that allows administrators to accomplish simple tasks like adding, editing and deleting objects with a directory service. The Adsiedit.msc uses Application Programming Interfaces to access the Active Directory. Since Adsiedit.msc is a Microsoft Management Console snap-in, it requires access MMC and a connection to an Active Directory environment to function correctly.

11. How would you manage trust relationships from the command prompt?

Netdom.exe is another program within Active Directory that allows administrators to manage the Active Directory. Netdom.exe is a command line application that allows administrators to manage trust relationship within Active Directory from the command prompt. Netdom.exe allows for batch management of trusts. It allows administrators to join computers to domains. The application also allows administrators to verify trusts and secure Active Directory channels.

10. Where is the AD database held and how would you create a backup of the database?

The database is stored within the windows NTDS directory. You could create a backup of the database by creating a backup of the System State data using the default NTBACKUP tool provided by windows or by Symantec’s Netbackup. The System State Backup will create a backup of the local registry, the Boot files, the COM+, the NTDS.DIT file as well as the SYSVOL folder.

11. What is SYSVOL, and why is it important?

SYSVOL is a folder that exists on all domain controllers. It is the repository for all of the active directory files. It stores all the important elements of the Active Directory group policy. The File Replication Service or FRS allows the replication of the SYSVOL folder among domain controllers. Logon scripts and policies are delivered to each domain user via SYSVOL.

SYSVOL stores all of the security related information of the AD.

12. Briefly explain how Active Directory authentication works

When a user logs into the network, the user provides a username and password. The computer sends this username and password to the KDC which contains the master list of unique long term keys for each user. The KDC creates a session key and a ticket granting ticket. This data is sent to the user’s computer. The user’s computer runs the data through a one-way hashing function that converts the data into the user’s master key, which in turn enables the computer to communicate with the KDC, to access the resources of the domain.

For more training on Active Directory, Administering Windows Server 2012 will teach you how to work with Domain Controllers as well as other AD skills you may need.

Page Last Updated: January 2014

Top courses in Active Directory

Active Directory students also learn

Empower your team. Lead the industry.

Get a subscription to a library of online courses and digital learning tools for your organization with Udemy Business.

Request a demo