Active Directory is a crucial component of any organization, and professionals in roles such as System Engineers and Technical Support Engineers must have a comprehensive understanding of its various aspects to effectively perform their daily responsibilities. If you're preparing for a technical interview, it's essential to familiarize yourself with the most commonly asked Active Directory interview questions and answers
What is Active Directory and how does it work? Active Directory is a centralized database that stores information about users,
computers, groups, and other resources in a network. It allows administrators
to manage these resources through a hierarchical structure of domains and
organizational units (OUs).
What is a domain in Active Directory? A
domain is a logical grouping of resources, such as users, computers, and OUs,
that share a common security and administrative boundary. It can be thought of
as a container for these resources.
What is a forest in Active Directory? A
forest is a collection of domains that share a common schema and trust
relationships. It is the highest level of the Active Directory hierarchy and
represents an organization or collection of organizations.
What is a global catalog in Active Directory? A
global catalog is a distributed database that contains information about every
object in the forest. It is used to speed up searches and queries across
domains and enables users to find resources anywhere in the forest.
What is the difference between a user account and a
computer account in Active Directory? A user account represents a person who is authorized to access network
resources, while a computer account represents a computer that is a member
of the domain and can also access network resources.
What is Group Policy and how does it work? Group Policy is a feature of Active Directory that allows administrators to
define and enforce policies for users and computers in the domain. These policies
can control a wide range of settings, such as security, software installation,
and user preferences.
What is Kerberos authentication and how does it work
in Active Directory? Kerberos is a network authentication protocol that allows users to securely
authenticate to network resources. In Active Directory, it is the default
authentication method and uses tickets to authenticate users and computers.
What is DNS and how does it relate to Active
is a protocol for resolving domain names to IP addresses. It is used in Active
Directory to locate domain controllers and other resources in the network.
What is the difference between a domain and a
domain is a centralized directory service that allows administrators to manage
resources in a network, while a workgroup is a decentralized grouping of
computers that are not managed by a central directory service.
How do you create a new user account in Active
create a new user account in Active Directory, an administrator would typically
use the Active Directory Users and Computers console or PowerShell commandlets.
How do you troubleshoot Active Directory replication
issues? Troubleshooting Active Directory replication issues typically involves using
diagnostic tools such as repadmin and dcdiag to identify and resolve
What is a site in Active Directory and how does it
relate to replication? A
site is a logical grouping of network resources that share a common network
connectivity and bandwidth. In Active Directory, it is used to control
replication traffic between domain controllers and ensure that replication
How do you recover a deleted object in Active
recover a deleted object in Active Directory, an administrator can use the
Active Directory Recycle Bin feature, which allows deleted objects to be
restored for a specified period of time.
How do you secure Active Directory? Securing Active Directory involves a wide range of measures, including
implementing strong password policies, restricting administrative access,
enabling auditing and logging, and using firewalls and other security
What is an LDAP query and how does it work in Active
LDAP query is a method of searching the Active Directory database for objects
that match certain criteria
What is a trust relationship in Active Directory and
how does it work? A
trust relationship allows users in one domain to access resources in another
domain. It establishes a secure communication channel between the domains and
can be configured to be one-way or two-way.
How do you troubleshoot authentication issues in
Active Directory? Troubleshooting authentication issues in Active Directory typically involves
examining logs and diagnostic data to identify the source of the problem.
Common issues may include incorrect passwords, expired user accounts, or
problems with the Kerberos authentication protocol.
What is the difference between a primary and
secondary DNS server in Active Directory? A primary DNS server is the initial source of
information for DNS queries, while a secondary DNS server is a backup that
can be used if the primary server is unavailable. In Active Directory, it
is important to have multiple DNS servers to ensure high availability and
How do you manage Active Directory permissions? Managing Active Directory permissions involves assigning appropriate levels of
access to users and groups based on their roles and responsibilities. This can
be done through the Active Directory Users and Computers console or PowerShell
What is the role of Active Directory in a hybrid
cloud environment? Active
Directory can play a key role in a hybrid cloud environment by providing a
single source of authentication and authorization for on-premises and
cloud-based resources. This can enable users to seamlessly access resources in
both environments while maintaining security and compliance.