Active Directory (AD) is a critical component of many IT infrastructures, providing a centralized and standardized system for network management and security. As a cornerstone of Windows Server environments, AD is essential for managing domains, users, and access rights, and it plays a crucial role in maintaining organizational security and efficiency. This article provides comprehensive list of Active Directory interview questions and answers for fresher, designed to help you secure your next job.
Whether you’re an experienced system administrator or new to the field, these questions will provide valuable insights and prepare you to tackle any AD-related interview confidently.
Active Directory (AD) interview questions and answers for fresher
1. What is Active Directory?
2. What are the key features of Active Directory?
3. What is a domain in Active Directory?
4. What is a tree in Active Directory?
5. What is a forest in Active Directory?
6. What is an Organizational Unit (OU)?
7. What is the difference between a domain, tree, and forest?
8. What is the Global Catalog (GC)?
9. What is a Domain Controller (DC)?
10. What is DNS, and how is it related to Active Directory?
11. What is a distinguished name (DN)?
12. What is a User Principal Name (UPN)?
13. What is Group Policy in Active Directory?
14. What is the purpose of the SYSVOL folder?
15. What are FSMO roles in Active Directory?
16. What is the difference between an LDAP and an AD?
17. What is the Knowledge Consistency Checker (KCC)?
18. What is the difference between a local user account and a domain user account?
19. What is the purpose of replication in Active Directory?
20. What is the default protocol used by Active Directory?
21. What is the purpose of the RID Master?
22. What is the PDC Emulator role?
23. What is an Active Directory Trust?
24. What is the difference between Transitive and Non-Transitive Trusts?
25. What is a RODC (Read-Only Domain Controller)?
26. What is Kerberos, and how does it work with Active Directory?
27. What are the different types of groups in Active Directory?
28. What is the purpose of NTDS.DIT?
29. What are the main components of Active Directory?
30. What is the difference between a workgroup and a domain?
31. What is a Group Policy Object (GPO)?
32. What is the difference between a security group and a distribution group?
33. What is a trust relationship?
34. What is the difference between a child domain and a tree domain?
35. What is the NETLOGON share?
36. What is Kerberos?
37. What is NTLM authentication?
38. What is a Flexible Single Master Operation (FSMO) role?
39. What is the purpose of the Schema Master role?
40. What is the difference between a domain local group and a global group?
41.What is a site in Active Directory?
42.What is Active Directory replication?
43. What is the Active Directory Recycle Bin?
44. What is ADSI (Active Directory Service Interfaces)?
45. What is the purpose of the Global Catalog in a multi-domain environment?
46. What is a read-only domain controller (RODC)?
47. What is the Active Directory schema?
1. What is Active Directory?
Answer:
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is used to store information about network resources (e.g., computers, users, services) and makes this information available to users and administrators.
2. What are the key features of Active Directory?
Answer: The key features include:
- Centralized resource and user management
- Scalability
- Security (authentication and authorization)
- Group Policy management
- Extensibility (can be integrated with other services)
3. What is a domain in Active Directory?
Answer:
A domain is a logical group of network objects (like users, computers, and devices) that share the same Active Directory database.
4. What is a tree in Active Directory?
Answer:
A tree is a collection of one or more domains that share a contiguous namespace and are linked in a hierarchical trust relationship.
5. What is a forest in Active Directory?
Answer:
A forest is a collection of one or more Active Directory trees. Trees in a forest share a common schema but do not necessarily share the same namespace.
6. What is an Organizational Unit (OU)?
Answer:
An Organizational Unit (OU) is a container within Active Directory that can hold users, groups, computers, and other OUs. It helps in organizing and managing objects within a domain.
7. What is the difference between a domain, tree, and forest?
Answer:
- Domain: A collection of objects within a network.
- Tree: A collection of domains in a hierarchy that share a contiguous namespace.
- Forest: A collection of trees that share a common schema but may have different namespaces.
8. What is the Global Catalog (GC)?
Answer:
The Global Catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multi-domain forest. It helps users and applications locate objects within any domain.
9. What is a Domain Controller (DC)?
Answer:
A Domain Controller is a server that responds to authentication requests and enforces security policies for a domain. It holds the AD database and provides centralized user authentication and management.
10. What is DNS, and how is it related to Active Directory?
Answer:
DNS (Domain Name System) is used for translating domain names into IP addresses. In Active Directory, DNS is essential because AD relies on DNS for locating domain controllers and services within the network.
11. What is a distinguished name (DN)?
Answer:
A Distinguished Name (DN) is the unique name that identifies an object in Active Directory. It includes the object’s location in the directory hierarchy (e.g., CN=John Smith,OU=Users,DC=example,DC=com
).
12. What is a User Principal Name (UPN)?
Answer:
A User Principal Name (UPN) is the name of a system user in an email address format (e.g., [email protected]
). It is used during login and uniquely identifies a user in a domain.
13. What is Group Policy in Active Directory?
Answer:
Group Policy is a feature that allows administrators to control the working environment of user accounts and computer accounts. It is used to configure security settings, software installation, script execution, etc.
14. What is the purpose of the SYSVOL folder?
Answer:
SYSVOL is a shared folder on Domain Controllers that stores group policies, login scripts, and other files required for Active Directory operations. It is replicated across all Domain Controllers.
15. What are FSMO roles in Active Directory?
Answer:
FSMO (Flexible Single Master Operation) roles are specialized tasks handled by specific domain controllers to ensure the smooth operation of AD. The five roles are:
- Schema Master
- Domain Naming Master
- Infrastructure Master
- RID Master
- PDC Emulator
16. What is the difference between an LDAP and an AD?
Answer:
LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and maintaining directory information services over an IP network. Active Directory is a directory service that uses LDAP as one of its protocols.
17. What is the Knowledge Consistency Checker (KCC)?
Answer:
The Knowledge Consistency Checker (KCC) is a process that runs on all domain controllers and helps in the replication of data between them. It dynamically creates and maintains replication topology.
18. What is the difference between a local user account and a domain user account?
Answer:
- Local user account: Created on a local computer and can access only that computer.
- Domain user account: Created in Active Directory and can be used to log in to any computer within the domain.
19. What is the purpose of replication in Active Directory?
Answer:
Replication ensures that changes made to one domain controller (e.g., adding users or changing passwords) are propagated to all other domain controllers within the domain or forest.
20. What is the default protocol used by Active Directory?
Answer:
Active Directory primarily uses LDAP (Lightweight Directory Access Protocol) as its default protocol for directory queries.
21. What is the purpose of the RID Master?
Answer:
The RID Master is responsible for assigning unique Relative Identifiers (RIDs) to objects within a domain. It ensures no two objects have the same SID (Security Identifier).
22. What is the PDC Emulator role?
Answer:
The PDC Emulator acts as a primary domain controller for legacy systems and serves as the authoritative time server within the domain. It also manages account lockouts and password changes.
23. What is an Active Directory Trust?
Answer:
A trust is a relationship between two domains that allows users in one domain to access resources in another domain. Trusts can be one-way or two-way and can be transitive or non-transitive.
24. What is the difference between Transitive and Non-Transitive Trusts?
Answer:
- Transitive Trust: Automatically extends trust relationships to other domains. For example, if Domain A trusts Domain B, and Domain B trusts Domain C, then Domain A trusts Domain C.
- Non-Transitive Trust: Trust relationships are limited to the two domains that are explicitly set up to trust each other.
25. What is a RODC (Read-Only Domain Controller)?
Answer:
A Read-Only Domain Controller is a type of domain controller that hosts a read-only copy of the Active Directory database. It is typically used in remote locations where security is a concern, and changes to AD should not be made locally.
26. What is Kerberos, and how does it work with Active Directory?
Answer:
Kerberos is a network authentication protocol used within AD to verify the identity of users and devices. It uses tickets to allow secure authentication across the network.
27. What are the different types of groups in Active Directory?
Answer:
- Security groups: Used to assign permissions to resources.
- Distribution groups: Used for email distribution lists but not for security purposes.
28. What is the purpose of NTDS.DIT?
Answer:
NTDS.DIT is the Active Directory database file that stores all directory information, such as users, groups, and computers.
29. What are the main components of Active Directory?
- Domain Controllers
- Organizational Units (OUs)
- Objects (users, groups, computers)
- Group Policy Objects (GPOs)
- Sites
- Domains
- Forests
- Global Catalog
30. What is the difference between a workgroup and a domain?
Answer:
A workgroup is a small collection of computers on a network where each computer manages its own security and resources locally.
A domain is a collection of computers that share a central database (Active Directory) for security and administration, managed by domain controllers.
31. What is a Group Policy Object (GPO)?
Answer:
A Group Policy Object is a collection of settings that define what a system will look like and how it will behave for a defined group of users. GPOs are used to manage user and computer accounts in Active Directory.
32. What is the difference between a security group and a distribution group?
Answer:
- Security groups are used to assign permissions to shared resources.
- Distribution groups are used for email distribution lists and cannot be used to assign permissions.
33. What is a trust relationship?
Answer:
A trust relationship is a link between two domains that allows users in one domain to access resources in another domain, subject to access controls.
34. What is the difference between a child domain and a tree domain?
Answer:
- A child domain is directly beneath its parent domain in the same namespace.
- A tree domain uses a different namespace but is still part of the same forest.
35. What is the NETLOGON share?
Answer:
The NETLOGON share contains logon scripts and policy files that are essential for user authentication.
36. What is Kerberos?
Answer:
Kerberos is the default authentication protocol used by Active Directory. It provides strong authentication for client/server applications using secret-key cryptography.
37. What is NTLM authentication?
Answer:
NTLM (NT LAN Manager) is an older authentication protocol still supported in Active Directory for backwards compatibility with older systems.
38. What is a Flexible Single Master Operation (FSMO) role?
Answer:
FSMO roles are specialized domain controller tasks in Active Directory. There are five FSMO roles: Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master.
39. What is the purpose of the Schema Master role?
Answer:
The Schema Master is responsible for making and distributing changes to the Active Directory schema, which defines all object types and their attributes in the directory.
40. What is the difference between a domain local group and a global group?
Answer:
- Domain local groups can contain user accounts and global groups from any domain in the forest and are typically used to grant permissions to resources.
- Global groups can only contain user accounts or other global groups from the same domain and are typically used to group users by job function or organizational role.
41. What is a site in Active Directory?
Answer:
A site in Active Directory represents a physical location with a fast, reliable network. Sites are used to control replication traffic and help clients find nearby resources.
42. What is Active Directory replication?
Answer:
Replication is the process by which changes made to one domain controller are synchronized with all other domain controllers in the domain or forest.
43. What is the Active Directory Recycle Bin?
Answer:
The Active Directory Recycle Bin is a feature that allows administrators to recover deleted objects without restoring from backups.
44. What is ADSI (Active Directory Service Interfaces)?
Answer:
ADSI is a set of COM interfaces used to access the features of directory services from different network providers in a distributed computing environment.
45. What is the purpose of the Global Catalog in a multi-domain environment?
Answer:
The Global Catalog allows users to find objects from any domain in the forest without having to know which domain contains the object.
46. What is a read-only domain controller (RODC)?
Answer:
An RODC is a domain controller that hosts read-only partitions of the Active Directory database. It’s often used in branch offices or locations where security is a concern.
47. What is the Active Directory schema?
Answer:
The Active Directory schema is a set of definitions that defines the kinds of objects and the types of information about those objects that can be stored in Active Directory.
Remember, while these answers provide a good starting point, it’s always beneficial to understand the concepts deeply and be able to explain them in your own words during an interview.
Learn More: Carrer Guidance
1. Data Analyst Interview Questions for fresher
2. Data Analyst Interview Questions for Experienced
3. Redux Interview Question and Answers for experienced
4. Spring Boot Interview Questions and Answers
5. Tableau interview questions and answers
6. LWC interview questions and answers