Active Directory Interview Questions and Answers
Intermediate / 1 to 5 years experienced level questions & answers
Ques 1. Explain the difference between a domain and a workgroup.
A domain is a logical grouping of network objects (computers, users, devices) that share a centralized database and security policies, while a workgroup is a smaller, peer-to-peer network where each computer has its own security database.
Example:
A small office might use a workgroup, while a large enterprise typically employs a domain-based network using Active Directory.
Ques 2. What is LDAP and how does it relate to Active Directory?
LDAP (Lightweight Directory Access Protocol) is a protocol used to access and manage directory information. Active Directory uses LDAP for querying and modifying items like users, groups, and computers within the directory.
Example:
When a user logs in, the system uses LDAP to verify credentials and retrieve user information from Active Directory.
Ques 3. Explain the Global Catalog in Active Directory.
The Global Catalog is a distributed data repository in Active Directory that contains a searchable, partial representation of every object in the forest. It facilitates searches across domains and provides essential information during logon and resource access.
Example:
When searching for a user in a multi-domain environment, the Global Catalog helps locate the user without having to contact each domain separately.
Ques 4. What is Group Policy in Active Directory?
Group Policy is a feature in Active Directory that allows administrators to define and enforce policies for users and computers. These policies can control security settings, software installations, and other configurations.
Example:
Group Policy can be used to enforce password policies or deploy software updates to all computers in a domain.
Ques 5. How does Active Directory contribute to security in a network?
Active Directory enhances network security by providing a centralized authentication and authorization mechanism. It allows administrators to enforce security policies, control access to resources, and manage user permissions in a systematic way.
Example:
By defining Group Policies, administrators can ensure that all computers in the network comply with security standards.
Ques 6. How does Active Directory handle authentication and authorization?
Authentication is the process of verifying the identity of a user, while authorization involves granting or denying access to resources based on the user's permissions. Active Directory uses Kerberos authentication and access control lists (ACLs) for these purposes.
Example:
When a user logs in, Active Directory authenticates the user using Kerberos, then checks the user's permissions to determine access rights.
Ques 7. Explain the concept of Trust in Active Directory.
Trust in Active Directory establishes relationships between domains, allowing users in one domain to access resources in another. Trust can be one-way or two-way, and it defines the level of access and permissions granted between domains.
Example:
A company with multiple domains might establish a two-way trust to allow seamless resource access between the domains.
Ques 8. What is the purpose of the Kerberos protocol in Active Directory?
Kerberos is a network authentication protocol used by Active Directory to provide secure authentication for users and services. It uses tickets to verify the identity of users and services in a network environment.
Example:
When a user logs in, Active Directory issues a Kerberos ticket that can be used to access various network resources without requiring the user to re-enter credentials.
Ques 9. How does Active Directory support Group Nesting?
Group Nesting in Active Directory allows groups to be members of other groups. This feature simplifies the management of permissions by allowing administrators to assign permissions to a group rather than individual users.
Example:
Instead of assigning permissions to each user individually, administrators can add users to groups, and groups to other groups, to streamline access control.
Ques 10. What is the purpose of the Netlogon service in Active Directory?
The Netlogon service in Active Directory is responsible for various authentication and replication tasks. It registers domain controllers in DNS, replicates domain information between domain controllers, and handles secure channel communications.
Example:
When a user logs in, the Netlogon service ensures that the logon request is processed securely and that domain information is synchronized.
Ques 11. Explain the concept of Organizational Units (OUs) in Active Directory.
Organizational Units (OUs) are containers within domains that allow administrators to organize and apply Group Policies to sets of users, groups, and computers. OUs provide a way to delegate administrative authority within a domain.
Example:
An organization might have separate OUs for different departments, each with its own set of Group Policies and administrative permissions.
Ques 12. How does Active Directory handle DNS integration?
Active Directory relies heavily on DNS for name resolution and service location. It uses DNS to locate domain controllers, discover services, and perform various tasks related to directory services.
Example:
When a client needs to locate a domain controller, it queries DNS to find the necessary information about the domain and its services.
Most helpful rated by users:
- What is Active Directory?
- Explain the difference between a domain and a workgroup.
- What is LDAP and how does it relate to Active Directory?