Scribd
Upload
27 views

Active Directory (AD)

Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who's allowed to do what.

Uploaded by

it.romalinda
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
27 views

Active Directory (AD)

Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who's allowed to do what.

Uploaded by

it.romalinda
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

3/5/2017 Active Directory (AD) Real Time Interview Questions and Answers – windowstricks.

in

windowstricks.in
it's all about windows technology

Active Directory (AD) Real Time Interview Questions and Answers


I would like to share some of the Windows Active Directory Interview Questions and answers, will
start with basic questions and continue with L1, L2, L3 level questions

Also Read: Windows Server Administrator Interview Questions and Answers

What is Active Directory?

Active Directory (AD) is a directory service developed by Microsoft and used to store objects like User,
Computer, printer, Network information, It facilitate to manage your network e�ectively with multiple
Domain Controllers in di�erent location with AD database, able to manage/change AD from any Domain
Controllers and this will be replicated to all other DC’s, centralized Administration with multiple
geographical location and authenticates users and computers in a Windows domain

What is LDAP and how the LDAP been used on Active Directory(AD)?

http://www.windowstricks.in/ldap-and-ldap-query

What is Tree?

Tree is a hierarchical arrangement of windows Domain that share a contiguous name space

What is Domain?
http://www.windowstricks.in/active­directory­real­time­interview­questions­and­answers 1/6
3/5/2017 Active Directory (AD) Real Time Interview Questions and Answers – windowstricks.in

Active Directory Domain Services is Microsoft’s Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other
related services can be deployed

What is Active Directory Domain Controller (DC)?

Domain Controller is the server which holds the AD database, All AD changes get replicated to other DC and vise vase

What is Forest?

Forest consists of multiple Domains trees. The Domain trees in a forest do not form a contiguous name space however share a common schema and global catalog
(GC)

What is Schema?

Active directory schema is the set of de￘�nitions that de￘�ne the kinds of object and the type of information about those objects that can be stored in Active Directory

Active directory schema is Collection of object class and there attributes

Object Class = User

Attributes = ￘�rst name, last name, email, and others

Can we restore a schema partition?

http://www.windowstricks.in/2014/01/can-i-restore-schema-partition.html

Tel me about the FSMO roles?

Schema Master

Domain Naming Master

Infrastructure Master

http://www.windowstricks.in/active­directory­real­time­interview­questions­and­answers 2/6
3/5/2017 Active Directory (AD) Real Time Interview Questions and Answers – windowstricks.in

RID Master

PDC

Schema Master and Domain Naming Master are forest wide role and only available one on each Forest, Other roles are Domain wide and one for each Domain

AD replication is multi master replication and change can be done in any Domain Controller and will get replicated to others Domain Controllers, except above
￘�le roles, this will be ꆼexible single master operations (FSMO), these changes only be done on dedicated Domain Controller so it’s single master replication

How to check which server holds which role?

Netdom query FSMO

Which FSMO role is the most important? And why?

Interesting question which role is most


important out of 5 FSMO roles or if one
role fails that will impact the end-user
immediately

Most armature administrators pick the


Schema master role, not sure why maybe they though Schema is very critical to run the Active Directory

Correct answer is PDC, now the next question why? Will explain role by role what happens when a FSMO role holder fails to ￘�nd the answer

Schema Master – Schema Master needed to update the Schema, we don’t update the schema daily right, when will update the Schema? While the time of operating
system migration, installing new Exchange version and any other application which requires extending the schema

So if are Schema Master Server is not available, we can’t able to update the schema and no way this will going to a�ect the Active Directory operation and the end-
user

Schema Master needs to be online and ready to make a schema change, we can plan and have more time to bring back the Schema Master Server

http://www.windowstricks.in/active­directory­real­time­interview­questions­and­answers 3/6
3/5/2017 Active Directory (AD) Real Time Interview Questions and Answers – windowstricks.in

Domain Naming Master – Domain Naming Master required to creating a new Domain and creating an application partition, Like Schema Master we don’t cerate
Domain and application partition frequently

So if are Domain Naming Master Server is not available, we can’t able to create a new Domain and application partition, it may not a�ect the user, user event didn’t
aware Domain Naming Master Server is down

Infrastructure Master – Infrastructure Master updates the cross domain updates, what really updates between Domains? Whenever user login to Domain the TGT
has been created with the list of access user got through group membership (user group membership details) it also contain the user membership details from
trusted domain, Infrastructure Master keep this information up-to-date, it update reference information every 2 days by comparing its data with the Global Catalog
(that’s why we don’t keep Infrastructure Master and GC in same server)

In a single Domain and single Forest environment there is no impact if the Infrastructure Master server is down

In a Multi Domain and Forest environment, there will be impact and we have enough time to ￘�x the issue before it a�ect the end-user

RID Master –Every DC is initially issued 500 RID’s from RID Master Server. RID’s are used to create a new object on Active Directory, all new objects are created with
Security ID (SID) and RID is the last part of a SID. The RID uniquely identi￘�es a security principal relative to the local or domain security authority that issued the SID

When it gets down to 250 (50%) it requests a second pool of RID’s from the RID master. If RID Master Server is not available the RID pools unable to be issued to
DC’s and DC’s are only able to create a new object depends on the available RID’s, every DC has anywhere between 250 and 750 RIDs available, so no immediate
impact

PDC – PDC required for Time sync, user login, password changes and Trust, now you know why the PDC is important FSMO role holder to get back online, PDC role
will impact the end-user immediately and we need to recover ASAP

The PDC emulator Primary Domain Controller for backwards compatibility and it’s responsible for time synchronizing within a domain, also the password master. Any
password change is replicated to the PDC emulator ASAP. If a logon request fails due to a bad password the logon request is passed to the PDC emulator to check the
password before rejecting the login request.

Tel me about Active Directory Database and list the Active Directory Database ￘�les?

NTDS.DIT

http://www.windowstricks.in/active­directory­real­time­interview­questions­and­answers 4/6
3/5/2017 Active Directory (AD) Real Time Interview Questions and Answers – windowstricks.in

EDB.Log

EDB.Che

Res1.log and Res2.log

All AD changes didn’t write directly to NTDS.DIT database ￘�le, ￘�rst write to EDB.Log and from log ￘�le to database, EDB.Che used to track the database update from
log ￘�le, to know what changes are copied to database ￘�le.

NTDS.DIT: NTDS.DIT is the AD database and store all AD objects, Default location is the %system root%\nrds\nrds.dit, Active Directory database engine is the
extensible storage engine which us based on the Jet database

EDB.Log: EDB.Log is the transaction log ￘�le when EDB.Log is full, it is renamed to EDB Num.log where num is the increasing number starting from 1, like EDB1.Log

EDB.Che: EDB.Che is the checkpoint ￘�le used to trace the data not yet written to database ￘�le this indicate the starting point from which data is to be recovered
from the log ￘�le in case if failure

Res1.log and Res2.log: Res is reserved transaction log ￘�le which provide the transaction log ￘�le enough time to shutdown if the disk didn’t have enough space

What RAID con￘�guration can be used in Domain Controllers?

http://www.windowstricks.in/2010/07/recommended-raid-con￘�guration-and-disk.html

Can we keep OS, log ￘�les, SYSVOL, AD database on same logical Disk?

http://www.windowstricks.in/2010/07/recommended-raid-con￘�guration-and-disk.html

Continue reading → page 1 2 3 4

INTERVIEW QUESTIONS HOME

http://www.windowstricks.in/active­directory­real­time­interview­questions­and­answers 5/6
3/5/2017 Active Directory (AD) Real Time Interview Questions and Answers – windowstricks.in

One thought on “Active Directory (AD) Real Time Interview Questions and Answers”

usman
January 4, 2017

I like work in ad

Copyright © 2017· www.windowstricks.in.All Rights Reserved

http://www.windowstricks.in/active­directory­real­time­interview­questions­and­answers 6/6

You might also like