Top 125 Active Directory Interview Questions & Answers 2023

Active Directory is a part of Microsoft Windows and developed by Microsoft itself. The Active Directory is important software that is a database. This database is used by almost anyone, whether it’s an organization, business, students, or any other group of individuals. It stores information such as user information, computer information, and other network information. So naturally, this makes it an important software or a tool that is used by almost everyone.
So it would be very pleasant to work for the Active Directory or Microsoft itself. Since you are here, you must be looking for a job as well. The thing is all you need to get the job is to clear the interview. And to clear the interview, you may want to practice the frequently asked Active Directory Interview questions.
But the question is where do you find the best Active Directory interview questions? Well here! Why else you would be here, right? You have come to the right place because we happen to have the frequently asked Active Directory interview questions that might come in handy for you.
Without wasting so much of your time, let’s move ahead and take a look at the following most commonly asked Active Directory interview questions.
Active Directory Interview Questions

Active Directory Interview Questions

Q1.Tell me about Infrastructure master?
The Infrastructure Master is used to maintain references to objects in other domains, known as phantoms.The Infrastructure Master is responsible for fixing up stale references from objects in its domain to objects in other domains. The Infrastructure Master FSMO role owner is used to continually maintain the phantoms whenever the objects they refer to are changed or moved in the object’s domain.
Q2.What is Active Directory Recycle Bin?
Active Directory Recycle bin is a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backedup AD database, rebooting domain controller or restarting any services
Q3.Trying to look at the Schema, how can I do that ?
register schmmgmt.dll using this command
c:\windows\system32>regsvr32 schmmgmt.dll
Open mmc –> add snapin –> add Active directory schema
name it as schema.msc
Open administrative tool –> schema.msc
Q4.Mention which is the default protocol used in directory services?
The default protocol used in directory services is LDAP (Lightweight Directory Access Protocol).
Q5.What is LDAP?
LDAP is the directory service protocol that is used to query and update AD. LDAP naming
paths are used to access AD objects and include the following:
Distinguished names
Relative Distinguished names
Q6.What is the purpose of replication in AD ?
The purpose of replication is to distribute the data stored within the directory throughout the organization for increased availability, performance, and data protection. Systems administrators can tune replication to occur based on their physical network infrastructure and other constraints.
Q7.What is RODC? Why do we configure RODC?
Read only domain controller (RODC) is a feature of Windows Server 2008 Operating System. RODC is a read only copy of Active Directory database and it can be deployed in a remote branch office where physical security cannot be guaranteed. RODC provides more improved security and faster log on time for the branch office
Q8.What is the port no of Kerbrose ?
Q9.What is Mixed Mode?
Allows domain controllers running both Windows 2000 and earlier versions of Windows NT to co-exist in the domain. In mixed mode, the domain features from previous versions of Windows NT Server are still enabled, while some Windows 2000 features are disabled. Windows 2000 Server domains are installed in mixed mode by default. In mixed mode the domain may have Windows NT 4.0 backup domain controllers present. Nested groups are not supported in mixed mode.
Q10.Mention what is Kerberos?
Kerberos is an authentication protocol for network. It is built to offer strong authentication for server/client applications by using secret-key cryptography.
Q11.What is stale ?
Stale means references to objects that have been moved or renamed so that the local copy of the remote object’s name is out of date .
Q12.How do you check currently forest and domain functional levels? Say both GUI and Command line.
To find out forest and domain functional levels in GUI mode, open ADUC, right click on the domain name and take properties. Both domain and forest functional levels will be listed there. TO find out forest and domain functional levels, you can use DSQUERY command.
Q13.What is the port no of Global catalog ?

Active Directory Interview Questions And Answers

Q14.Explain the term FOREST in AD?
Forest is used to define an assembly of AD domains that share a single schema for the AD. All DC’s in the forest share this schema and is replicated in a hierarchical fashion among them.
Q15.Minimum Requirement for Installing AD?
Windows Server, Advanced Server, Datacenter Server
Minimum Disk space of 200MB for AD and 50MB for log files
NTFS partition
TCP/IP Installed and Configured to use DNS
Administrative privilege for creating a domain in existing network
Q16.What is SID ?
Security Identifier (SID) is a unique, variable-length identifier used to identify a trustee or security principal.
Q17.Mention what is Active Directory?
An active directory is a directory structure used on Micro-soft Windows based servers and computers to store data and information about networks and domains.
Q18.What is Native Mode?
When all the domain controllers in a given domain are running Windows 2000 Server. This mode allows organizations to take advantage of new Active Directory features such as Universal groups, nested group membership, and inter-domain group membership.
Q19.What is Organizational Units ?
The Organizational Unit (OU)is a critical design factor impacting security, policy, efficiency, and the cost of administration. Organizational Units are a type of LDAP (X.500) container. It can be thought of as a sub-domain element with similar properties to domains. They are components internal to domains. OUs are part of the LDAP name space and not the DNS namespace.
Q20.Do we use clustering in Active Directory? Why?
No one installs Active Directory in a cluster. There is no need of clustering a domain controller. Because Active Directory provides total redundancy with two or more servers
Q21.Explain Knowledge Consistency Checker (KCC)
KCC can be expanded as Knowledge Consistency Checker. It is a protocol process running on all domain controllers, and it generates and maintains the replication topology for replication within sites and between sites.
Q22.What is the port no of LDAP ?
Q23.What are the tools used to check and troubleshoot replication of Active Directory?
We can use command line tools such as repadmin and dcdiag. GUI toolREPLMON can also be used for replication monitoring and troubleshooting.
Q24.Explain Active Directory Schema ?
Windows 2000 and Windows Server 2003 Active Directory uses a database set of rules called “Schema”. The Schema is defines as the formal definition of all object classes, and the attributes that make up those object classes, that can be stored in the directory. As mentioned earlier, the Active Directory database includes a default Schema, which defines many object classes, such as users, groups, computers, domains, organizational units, and so on.
These objects are also known as “Classes”. The Active Directory Schema can be dynamically extensible, meaning that you can modify the schema by defining new object types and their attributes and by defining new attributes for existing objects. You can do this either with the Schema Manager snap-in tool included with Windows 2000/2003 Server, or programmatically.
Q25.What is sites ? What are they used for ?
One or more well-connected (highly reliable and fast) TCP/IP subnets.
A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.
A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets.
Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.
Sites can be linked to other Sites. Site-linked objects may be assigned a cost value that represents the speed, reliability, availability, or other real property of a physical resource. Site Links may also be assigned a schedule.
Q26.What is Domains in Active Directory?
In Windows 2000, a domain defines both an administrative boundary and a security boundary for a collection of objects that are relevant to a specific group of users on a network. A domain is an administrative boundary because administrative privileges do not extend to other domains. It is a security boundary because each domain has a security policy that extends to all security accounts within the domain. Active Directory stores information about objects in one or more domains.
Domains can be organized into parent-child relationships to form a hierarchy. A parent domain is the domain directly superior in the hierarchy to one or more subordinate, or child, domains. A child domain also can be the parent of one or more child domains, as shown below.

Top Active Directory Interview Questions

Q27.Explain what is SYSVOL?
The SysVOL folder keeps the server’s copy of the domain’s public files. The contents such as users, group policy, etc. of the sysvol folders are replicated to all domain controllers in the domain.
Q28.How Will You Verify Whether The Ad Installation Is Proper With Srv Resource Records?
Verify SRV Resource Records: After AD is installed, the DC will register SRV records in DNS when it restarts. We can check this using DNS MMC or nslookup command.
Q29.What Is Ntds.dit?
This is the AD database and stores all AD objects. Default location is SystemRoot%ntdsNTDS.DIT.
Active Directory’s database engine is the Extensible Storage Engine which is based on the Jet database and can grow up to 16 TB.
Q30.What Is Ntds.dit Schema Table?
The types of objects that can be created in the Active Directory, relationships between them, and the attributes on each type of object. This table is fairly static and much smaller than the data table.
Q31.What Is The Kcc (knowledge Consistency Checker)?
The KCC generates and maintains the replication topology for replication within sites and between sites. KCC runs every 15 minutes.
Q32.What Is Schema Information In Active Directory?
Definitional details about objects and attributes that one CAN store in the AD. Replicates to all DCs. Static in nature.
Q33.What Is Online Defragmentation In Active Directory?
Online Defragmentation method that runs as part of the garbage collection process. The only advantage to this method is that the server does not need to be taken offline for it to run. However, this method does not shrink the Active Directory database file (Ntds.dit).
Q34.What Are The Advantages Of Active Directory Sites?
Active Directory Sites and Services allow you to specify site information. Active Directory uses this information to determine how best to use available network resources.
Q35.Define Edb.chk?
This is the checkpoint file used to track the data not yet written to database file. This indicates the starting point from which data is to be recovered from the log file, in case of failure.
Q36.Define Edb.log?
This is the transaction log file (10 MB). When EDB.LOG is full, it is renamed to EDBnnnn.log. Where nnnn is the increasing number starting from 1.
Q37.How To View All The Gcs In The Forest?
repadmin.exe /options * and use IS_GC for current domain options.
nltest /dsgetdc:corp /GC
Q38.How To Seize Fsmo Roles?
ntdsutil – type roles – connections – connect servername – q – type seize role – at the fsmo maintenance prompt – type seize rid master
Q39.How To Transfer Fsmo Roles?
ntdsutil – type roles – connections – connect servername – q – type transfer role – at the fsmo maintenance prompt – type trasfer rid master
Q40.What Is Ads Database Garbage Collection Process?
Garbage Collection is a process that is designed to free space within the Active Directory database. This process runs independently on every DC with a default lifetime interval of 12 hours.

Best Active Directory Interview Questions And Answers

Q41.Define Res1.log And Res2.log?
This is reserved transaction log files of 20 MB (10 MB each) which provides the transaction log files enough room to shutdown if the other spaces are being used.
Q42.What Is Domain Information In Active Directory?
Object information for a domain. Replicates to all DCs within a domain. The object portion becomes part of GC. The attribute values only replicates within the domain.
Q43.Define The Schema Master Failure?
Temporary loss of the schema operations master will be visible only if we are trying to modify the schema or install an application that modifies the schema during installation. A DC whose schema master role has been seized must never be brought back online.
Q44.What Is Replmon?
Replmon is the first tool you should use when troubleshooting Active Directory replication issues
Q45.How To Find Fsmo Roles?
Netdom query fsmo OR Replmon.exe
Q46.Define Lsdou?
It’s group policy inheritance model, where the policies are applied to Local machines, Sites, Domains and Organizational Units
Q47.Define Attribute Value?
An object’s attribute is set concurrently to one value at one master, and another value at a second master.
Q48.What Is Netdom?
NETDOM is a command-line tool that allows management of Windows domains and trust relationships
Q49.Do You Know How Kerberos V5 Works?
The Kerberos V5 authentication mechanism issues tickets (A set of identification data for a security principle, issued by a DC for purposes of user authentication. Two forms of tickets in Windows 2000 are ticket-granting tickets (TGTs) and service tickets) for accessing network services. These tickets contain encrypted data, including an encrypted password, which confirms the user’s identity to the requested service.
Q50.What Is Adsiedit?
ADSI Edit is an LDAP editor for managing objects in Active Directory. This Active Directory tool lets you view objects and attributes that are not exposed in the Active Directory Management Console.
Q51.What Is Kerberos V5 Authentication Process?
Kerberos V5 is the primary security protocol for authentication within a domain. The Kerberos V5 protocol verifies both the identity of the user and network services. This dual verification is known as mutual authentication.
Q52.Describe The Infrastructure Fsmo Role?
When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference.
Q53.Mention What Is The Difference Between Domain Admin Groups And Enterprise Admins Group In Ad?
Enterprise Admin Group :
Members of this group have complete control of all domains in the forest By default, this group belongs to the administrators group on all domain controllers in the forest As such this group has full control of the forest, add users with caution


So these are some of the best Active Directory interview questions that you can find. These questions have been picked with the assistance of some experts and professionals. Make sure you practice these questions before you go for your interview so that you would be able to answer the questions and impress your interviewer. Best of luck with your interview and we hope our article was helpful for you.

Leave a Comment