Active Directory Interview Questions and Answers.

1. Explain three main features of Active Directory?

Ans:- Active Directory enables single sign on to access resources on the network such as
desktops, shared files, printers etc. Active Directory provides advanced security for the entire
network and network resources.

Active Directory is more scalable and flexible for

administration.
2. What do you mean by Active Directory functional levels? How does it help an

organizations network functionality?

Ans:- Functional levels help the coexistence of Active Directory versions such as, Windows
NT, Windows 2000 Server, Windows Server 2003 and Windows Server 2008. The functional
level of a domain or forest controls which advanced features are available in the domain
or forest. Although lowest functional levels help to coexist with legacy Active Directory, it
will disable some of the new features of Active Directory. But if you are setting up a new
Active Directory environment wbbbbith latest version of Windows Server and AD, you can
set to the highest funcbjvc

jhwwwwwyey5 tional level, thus all the new AD functionality

will be enabled.

3. What are the Domain and Forest functional levels of Windows Server 2003 AD?

Ans:-Windows Server 2003 Domain Functional Levels: Windows 2000 mixed (Default),
Windows 2000 native, Windows Server 2003 interim, and Windows Server 2003.
Forest Functional Levels: Windows 2000 (default), Windows Server 2003 interim,
Windows Server.

4. What are the Domain and Forest functional levels of Windows Server 2008 AD?

Ans:- Windows Server 2008 Domain Functional Levels: Windows 2000 Native, Windows
Server

2003,

Windows

Server

2008,

Windows

Server

2008

R2.

Forest Functional Levels: Windows 2000, Windows Server 2008, Windows Server 2008
R2.

5. How to add additional Domain Controller in a remote site with slower WAN link?

Ans:- It is possible to take a backup copy of existing Domain Controller, and restore it in
Windows Server machine in the remote locations with slower WAN link.

6. How do we install Active Directory in Windows 7 Computer?

Ans:- Active Directory is designed for Server Operating System, and it cannot be
installed on Windows 7.
7. What are the prerequisites to install Active Directory in a Server?

Ans:- Windows Server Operating System. Free hard disk space with NTFS partition.
Administrator's privilege on the computer. Network connection with IP address, Subnet
Mask, Gateway and DNS address. A DNS server, that can be installed along with first
Domain Controller. Windows Server intallation CD or i386 folder.

8. What is FSMO role? (Or what are Single Master Operations / Flexible Single

Master Operations / Operations Master Role / SMO / OMR?)

Ans:- Flexible Single-Master Operation (FSMO) roles,manage an feature of the domain or
forest, to prevent conflicts, which are handled by Single domain controllers in domain or
forest. The tasks which are not suited to multi-master replication, There are 5 FSMO roles,
and Schema Master and Domain naming master roles are handled by a single domain
controller in a forest, and PDC, RID master and Infrastructure master roles are handled by
a single domain controller in each domain.

9. Explain Infrastructure Master Role. What will be the impact if DC with

Infrastructure Master Role goes down?

Ans:- Infrastructure master role is a domain-specific role and its purpose is to ensure that
cross-domain object references are correctly handled. For example, if you add a user
from one domain to a security group from a different domain, the Infrastructure Master
makes sure this is done properly.Intrastrcuture master does not have any functions to do
in a single domain environment. If the Domain controller with Infrastructure master role
goes down in a single domain environment, there will be no impact at all. Whereas, in a
complex environment with multiple domains, it may impact creation and modification of
groups and group authentication.

10. What are the two forest specific FSMO roles?

Ans:- Schema Master role and Domain Naming Master role.

11. Which FSMO role directly impacting the consistency of Group Policy?

Ans:- PDC Emulator

12. I want to promote a new additional Domain Controller in an existing domain.

Ans:- You should be a member of Enterprise Admins group or the Domain Admins group. Also
you should be member of local Administrators group of the member server which you are
going to promote as additional Domain Controller.

13. Which are the groups I should be a member of?

Ans:- Use netdom query /domain:YourDomain FSMO command. It will list all the FSMO role
handling domain controllers.

14. Tell me one easiest way to check all the 5 FSMO roles.
15. Can I configure two RID masters in a domain?
16. Can I configure two Infrastructure Master Role in a forest? If yes, please

explain.
17. What will be the impact on the network if Domain Controller with PDC

Emulator crashes?
18. What are the physical components of Active Directory?
19. What are the logical components of Active Directory?
20. What are the Active Directory Partitions? (Or what are Active Directory Naming

Contexts? Or what is AD NC?)

21. What is group nesting?
22. Explain Group Types and Group Scopes?
23. What is the feature of Domain Local Group?
24. How will you take Active Directory backup?
25. What are the Active Directory Restore types?
26. How is Authoritative Restore different from non-Authoritative Restore?
27. Explain me, how to restore Active Directory using command line?
28. Tell me few switches of NTDSUTIL command.
29. What is a tombstone? What is the tombstone lifetime period?
30. What do you understand by Garbage Collection? Explain.

31. What is Lost and Found Container?

32. Where can I locate Lost and Found Container?
33. Is Lost and Found Container included in Windows Server 2008 AD?
34. Have you ever installed Active Directory in a production environment?
35. Do we use clustering in Active Directory? Why?
36. What is Active Directory Recycle Bin?
37. What is RODC? Why do we configure RODC?
38. How do you check currently forest and domain functional levels? Say both GUI

and Command line.

39. Explain Knowledge Consistency Checker (KCC)
40. What are the tools used to check and troubleshoot replication of Active

Directory?
41. What is SYSVOL folder used for?
42. What is the use of Kerberos in Active Directory? Which port is used for Kerberos

communication?
43. Which version of Kerberos is used for Windows 2000/2003 and 2008 Active

Directory?
44. Please name few port numbers related to Active Directory.
45. What is an FQDN?
46. Tell me few DS commands and its usage.
47. Explain Active Directory tree and forest.

48. What are Intersite and Intrasite replication?

49. What is shortcut trust?
50. What is selective Authentication?
51. Give me brief explanation of different types of Active Directory trusts.
52. Have you heard of ADAC?
53. What is the use of ADSIEDIT? How do we install it in Windows Server 2003 AD?
54. I am unable to create a Universal Security group in my Active Directory? What

will be the possible reason?

55. What is ADMT? What is it used for?
56. What do you mean by Lingering Objects in AD? How to remove Lingering

Objects?
57. Explain Global Catalog. What kind of AD infrastructure makes most use of

Global Catalog?
58. Global Catalog and Infrastructure master roles cannot be configure in same

Domain Controller. Why?

59. How do you check all the GCs in the forest?
60. How many objects can be created in Active Directory? (both 2003 and 2008)
61. Can you explain the process between a user providing his Domain credential to

his workstation and the desktop being loaded? Or how the AD authentication
works?
62. What is LDAP?

63. Which is default location of Active Directory? What are the main files related to

AD?
64. In a large forest environment, why we dont configure all Domain Controllers as

GCs?
65. What is NETDOM command line tool used for?
66. What is role seizure? Who do we perform role seizure?
67. What is ISTG? What is role of ISTG in Active Directory?
68. Is it possible to find idle users who did not log in for last few months?
69. Tell me the order of GPO as it applied.
70. What are the uses of CSVDE and LDIFDE?
71. What are the differences between a user object and contact object?
72. What do you mean by Bridge Head server?
73. What is urgent replication?
74. Please explain Realm trust.
75. Explain object class and object attribute.
76. My organization wants to add new object attribute to the user object. How do

you achieve it?

77. What do you understand about GUID?
78. What is the command used for Domain Controller decommissioning?
79. Have you ever planned and implemented Active Directory infrastructure

anywhere? Tell me few considerations we have to take during the AD planning.

80. Name few differences from Windows Server 2003 AD and Windows Server 2008

AD.
81. Which domain and forest functional level I will select if I am installing Windows

Server 2008 AD in an Existing environment where we have Windows Server 2003

Domain Controllers?
82. What are the replication intervals for Intersite and intrasite replication? Is

there any change in 2003 and 2008?

83. I want to transfer RID master role to a new Domain Controller. What are the

steps I need to follow?

84. Tell me few uses of NTDSUTIL commands?
85. Name few services that directly impact the functionality of Domain Controller.
86. You said there are 5 FSMO roles. Please explain what will be the impact on the

AD infra if each FSMO roles fails?

87. What is Active Directory defragmentation? How do you do AD defragmentation?

And why do we do it?

88. Tell me Different between online and offline defragmentation.
89. How do you uninstall active directory? What are the precautions we have to

take before removing active directory?

90. A user is unable to log into his desktop which is connected to a domain. What

are the troubleshooting steps you will consider?

91. A Domain Controller called ABC is failing replication with XYZ. How do you

troubleshoot the issue?

92. A user account is frequently being locked out. How do you investigate this

issue? What will be the possible solution suggest the user?

93. Imagine you are trying to add a Windows 7 computer to Active Directory

domain. But its showing an error Unable to find Domain Controller. How will
you handle this issue?
94. What are the services required for Active Directory replication?
95. What is Active Directory application partition? What are the uses of it?
96. Many users of a network are facing latency while trying to log into their

workstations. How do you investigate this problem?

97. Now, some questions related to Windows Server 2008 Active Directory. What do

you mean by IDA? What are the new components of Windows 2K8 Active
Directory?
98. I want to edit the Active Directory Schema. How can I bring Schema editor into

my MMC?
99. Name few Active Directory Built in groups
100.

What are the differences between Enterprise Administrators and Domain

Administrators groups?
I have to create 1000 user objects in my Active Directory domain. Who can I achieve
that with least administrative effort? Tell me few tools that I can use.