Active Directory Interview Questions and Answers
Experienced / Expert level questions & answers
Ques 1. What is the purpose of the RID Master in Active Directory?
The RID (Relative Identifier) Master is responsible for allocating unique RIDs to each domain controller in a domain. RIDs are used in the creation of security principals such as user and group accounts.
Example:
When a new user is created, the RID Master assigns a unique identifier to that user within the domain.
Ques 2. Explain the concept of Forest in Active Directory.
A Forest is the highest level of organizational structure in Active Directory and consists of one or more domains. Domains within a forest share a common schema, configuration, and global catalog. A forest is identified by a unique name and represents the security and administrative boundary for the organization.
Example:
A company with multiple subsidiaries might have a forest to represent the entire organization, with each subsidiary as a separate domain.
Ques 3. What is the PDC Emulator role in Active Directory?
The Primary Domain Controller (PDC) Emulator is a role in Active Directory that plays a crucial role in backward compatibility with older Windows NT systems. It acts as the primary time source for the domain and handles certain authentication requests.
Example:
If a user's password is changed, the PDC Emulator ensures that the change is replicated to all other domain controllers.
Ques 4. How does Active Directory support multi-master replication?
Active Directory uses multi-master replication, meaning that changes can be made on any domain controller, and those changes are then replicated to all other domain controllers. This ensures that no single domain controller becomes a bottleneck for changes.
Example:
If a user is added to a group on one domain controller, the change is replicated to all other domain controllers in the domain.
Ques 5. What is the Schema Master role in Active Directory?
The Schema Master is a role in Active Directory responsible for managing changes to the schema. It controls updates and modifications to the schema, which defines the structure and attributes of objects in the directory.
Example:
When a new attribute or object class is added, the Schema Master ensures that the change is replicated to all other domain controllers.
Ques 6. Explain the purpose of the Infrastructure Master role.
The Infrastructure Master is responsible for updating references from objects in its domain to objects in other domains. It ensures that cross-domain object references are kept up to date.
Example:
If a user in one domain is a member of a group in another domain, the Infrastructure Master updates the reference to the user's security identifier (SID).
Ques 7. What is the purpose of the Domain Naming Master role?
The Domain Naming Master is a role in Active Directory responsible for managing the addition and removal of domains in the forest. It ensures that domain names are unique within the forest.
Example:
When a new domain is added to the forest, the Domain Naming Master verifies that the domain name is unique across all domains in the forest.
Ques 8. What is the purpose of the Time Server role in Active Directory?
The Time Server role, or Windows Time service (W32Time), in Active Directory is responsible for synchronizing time across all domain-joined computers. It ensures that time-sensitive operations, such as authentication and replication, occur accurately.
Example:
Synchronized time is crucial for Kerberos authentication and maintaining consistency in distributed environments.
Ques 9. Explain the concept of Fine-Grained Password Policies in Active Directory.
Fine-Grained Password Policies allow administrators to define different password policies for different sets of users within a domain. This provides more flexibility in enforcing password requirements for various user groups.
Example:
Administrators can apply stricter password policies for privileged accounts while allowing less restrictive policies for other user accounts.
Ques 10. What is the purpose of the Read-Only Domain Controller (RODC) in Active Directory?
An RODC is a domain controller that holds a read-only copy of the Active Directory database. It enhances security by allowing organizations to deploy domain controllers in locations where physical security cannot be guaranteed.
Example:
In branch offices with limited physical security, an RODC can be deployed to provide authentication services without risking the exposure of sensitive information.
Ques 11. How does Active Directory handle tombstone objects?
Tombstone objects are deleted objects that are retained in Active Directory for a specific period before being permanently removed. This period is known as the tombstone lifetime. Tombstone objects help ensure proper replication of deletions across all domain controllers.
Example:
When an object is deleted, it becomes a tombstone, and all domain controllers eventually replicate the deletion to maintain consistency.
Ques 12. Explain the purpose of the Active Directory Recycle Bin feature.
The Active Directory Recycle Bin is a feature that allows administrators to restore deleted objects, including user accounts, groups, and OUs, without the need to perform authoritative or non-authoritative restores.
Example:
If an administrator accidentally deletes an important user account, it can be easily recovered using the Active Directory Recycle Bin.
Ques 13. What is the purpose of the Global Catalog in a multi-domain environment?
In a multi-domain environment, the Global Catalog provides a unified view of objects across all domains in the forest. It facilitates searches for objects without the need to contact each domain individually.
Example:
When searching for a user across multiple domains, the Global Catalog allows quick and efficient retrieval of information.
Ques 14. Explain the concept of Forest Functional Levels in Active Directory.
Forest Functional Levels define the set of features and capabilities available in an Active Directory forest. By raising the forest functional level, administrators can enable new features and retire older domain controllers that do not support the selected functional level.
Example:
Raising the forest functional level might enable features like the Active Directory Recycle Bin or advanced authentication mechanisms.
Ques 15. What is the purpose of the Site in Active Directory?
A Site in Active Directory represents a physical location in the network, such as an office or data center. Sites help optimize network traffic and replication by grouping domain controllers based on their physical proximity.
Example:
In a large organization with multiple offices, administrators can define sites to improve the efficiency of replication and authentication.
Ques 16. Explain the role of the Intersite Messaging service in Active Directory.
The Intersite Messaging service, also known as Knowledge Consistency Checker (KCC), is responsible for creating and maintaining the replication topology between sites. It ensures that changes are efficiently replicated between domain controllers in different sites.
Example:
In a multi-site environment, the Intersite Messaging service helps manage the flow of replication traffic between sites.
Ques 17. What is the purpose of the Active Directory Lightweight Directory Services (AD LDS)?
AD LDS is a role in Active Directory that provides a lightweight and flexible directory service. It is often used to store application-specific data, separate from the main Active Directory database, allowing applications to have their own schema and directory structure.
Example:
An organization might use AD LDS to store data for a custom application without affecting the main Active Directory schema.
Most helpful rated by users:
- What is Active Directory?
- Explain the difference between a domain and a workgroup.
- What is LDAP and how does it relate to Active Directory?
- Explain the purpose of the Infrastructure Master role.