Active Directory Interview Questions

You might also like

Download as pdf or txt
Download as pdf or txt
You are on page 1of 8


Active Directory

Oz Casey Dedeal
About Author:

I am a Senior Principle Systems Engineer working for ETC Solutions. I work for large enterprise projects
and clients located around Washington DC area and have over 15 years working experience. I write and
post articles about Exchange Server and Active Directory and participate forums when time permits.

I started writing articles about Microsoft Exchange Server, Active Directory and other related technologies
early 2007 and today continue as my personal journey. I have over 1Million actual visits and encouraging
feedback from people all over the world that have read my articles.

In my professional IT journey, I have taught over 6 years Information technology classes around mostly
Washington DC area, including all major Microsoft MCSE classes, Exchange Server, Active Directory, and
Networking classes. I am still long time student of Information technologies myself.

I love blogging and sharing my knowledge with others. I have helped hundreds IT professionals and
influence them to move ahead in the IT field. Some of my students went way further (-: and I am so proud
of each one of them. It feels great knowing I made a difference.

I currently hold multiple IT certifications including,

MCITP (EMA), MCITP (EA), MCITP (SA), MCSE 2003, M+, S+, MCDST, Inet+, Net+, A, Unix+ Security+,
Server +, Project +, ITILV3

Please visit my Blog.

 (Blog)
 (Blog)
 MVP Profile ( Microsoft Exchange Server, North America)

As professional courtesy, please provide fair feedback

Visit my Blog
Getting to Know Your Basics
This basic guidelines, questions and answers will provide you information which should assist with your
interview. You should study and get much better, deeper knowledge when it comes to Active Directory.


1. Dress up decent on your interview, look clean this always helps , promotes positive energy.
2. Don’t go to interview tired, you need to be fresh.
3. Make multiple copy of your resume and take it with you, when you sit down in the interview
room, hand over your resume to people who don’t have them.
4. Your answers need to be brief and professional if you are calming to be Senior Engineer. When
you are asked to provide more comprehensive information, provide technical details.
5. It is perfectly okay to say “I do not know” I will look it up and get back to you. Do not “BS” Most
likely the person who is asking you the question do know the correct answer.
6. If you are asked to rate your skill set, scale from 1 to 10, 1 being weak, and 10 is strong” rate
yourself always in humble way. Most experience and smart administrators and Engineers will rate
themselves solid 7, instead of 10.
7. At the end of the interview, when you are asked, “Do you have any questions to us” you must
show some interest and ask questions if you want the job.

Managers and Interviewers

Respect to person who is in the interview. Remember you have been there and you never know when you
will be in the same place where you will be asked questions. Speak clean and give chance to person to
talk. Make person comfortable NOT Uncomfortable. Remember we all have families to look after. Some
good people won’t perform great in the interviews, make them comfortable by calling them with their
names and once again, speak clean and slow. It should not be in your interest to show how smart you are
and crash the person in front of you. Look for talent and strong skills in respected way.

Show respect and be professional all the times.

Visit my Blog
Active Directory Questions and Answers.

1. What is an IP Address?
It is 32 Bits binary number (or any brief answer you can come up with)
If you are spending to explain 5 minutes what an IP address is, that is not good at all.
2. What is Subnet Mask?
IT is also 32 Bits Binary number
3. What does subnet mask do?
It divides IP address into two distinct part, Network and Host portion.
4. Provide full subnet mask for /27
/27 means 27 bits turned on,
8 bits = 255
24 bits = 255.255.255
3 bits 128 + 64 + 32 = 224
Therefore, full SB mask for /27 is
If you did not get this STOP. You need to go back and learn basic subnetting.
You cannot screw up with such easy question on the interview, so take your time to study.
(Special Thanks to My body Zack Payton for making me understand many years ago)
5. Now it is rare in the AD Interview but incase, you could be asked /27 how many network and how
many hosts in each network?
Going back to basic, /27
3 bits for network
5 bits for Hots
2X2X2 = 8 Networks
2x2x2x2x2 = 30 Hosts in each Networks (32 -2 = 30) we need one IP for each Network and
another one for Broadcast.
6. What is an Active Directory?
It is a database (Active Directory is a special-purpose database)
7. What is an object
An object is an instance of storage of a class, user is an object, computer account is also an object
8. What is an attribute?
Property of an Object called an attribute, think of user object, and think of all available attributes
associating with user object, name, last name, logon name etc.
9. What is the name of Active Directory Database, when you install Domain Controller, by default
directory database gets created?
Active Directory database is. DIT database, it is NTDS.dit

Visit my Blog
10. NTDS.DIT Database is partitioned database, what are the partitions on it?
1. Domain
2. Configuration
3. Schema
4. Application (if created)
11. What tool can interact with (. DIT) database (the most common)
12. In Which directory partition DNS information is kept?
Domain Partition
13. In Which partition Exchange Server information is kept (tricky question)
All of the partitions.
1. Domain
2. Configuration
3. Schema
14. What is DNS
Domain Name System, Service
15. What port DNS runs on
16. Is it TCP or UDP

Both are protocols

17. What is TCP

Transmission Control Protocol
18. What is UDP
User Datagram Protocol
19. What is the difference in between TCP /UDP Protocols?
TCP is connection oriented, whereas UDP is connectionless
20. How many Bytes TCP Header?
Size of TCP Header (without any options) - 20 Bytes
21. How many Bytes UDP Header?
Size of UDP header - 8 bytes
22. Size of Total empty TCP datagram
Total size of empty TCP datagram - 24 + 20 + 20 = 64 bytes
 Size of Ethernet frame - 24 Bytes
 Size of IPv4 Header (without any options) - 20 bytes
 Size of TCP Header (without any options) - 20 Bytes

Visit my Blog
23. Size of Total empty UDP datagram
Total size of empty UDP datagram - 24 + 20 + 8 = 52 bytes

 Size of UDP header - 8 bytes

 Size of Ethernet frame - 24 Bytes
 Size of IPv4 Header (without any options) - 20 bytes

24. Considering single Forest with 12 domains, how many FSMO role in total exist?
Total FSMO roles in this scenario = 38

 12 X 3 = 36 (PDC, RID, Infrastructure) Master

 2 For each Forest (Domain Naming Master and Schema Master per Forest)
 Total = 38

25. What is FSMO?

Flexible Single Master Operations How many FSMO role exist?
26. What is the least important FSMO role, considering day to day operations which one of FSMO
role absence would be least significant impact and Why?
Perhaps Schema Master if you assume you don’t extend your schema every day or RID master
27. What is the most important FSMO role, considering day to day operations which one of FSMO
role absence would be most significant impact and why?
PDC Emulator (explain why)
28. What is the difference in between seizing and moving FSMO roles?
Peaceful operation versus forcing it. Seizing is the operation when FSMO role owner is no longer
accessible and after seizing FSMO roles, you cannot bring the previous FSMO role owner back to
29. What is an A record, when I open A record what do I see inside?
Host name mapping to IPV4 record
30. What is an AAA record, when I open A record what do I see inside?
Host name mapping to IPV6 record
31. What is Glue record, when I open A record what do I see inside?
Simply Host name mapping to IP address (same as A record)
32. What is PTR record, when I open A record what do I see inside?
Pointer record, IP address map to Host name
33. What is CNAME record, when I open A record what do I see inside?
Chomical Name record, Multiple names mapping to same IP address
34. What is Alias record, when I open A record what do I see inside?
Another name for CNAME record, Multiple names mapping to same IP address

Visit my Blog
35. What is a SRV record?
Service record, which provides information about service and port information
36. How many reverse lookup zone, is available with default DNS installation?
None, DNS does not relay on reverse DNS zone to work properly. It is optional to crate reverse
DNS zone, and many administrators will recommend creating one for various reasons (security
37. How many forward lookup zone, is available with default DNS Installation?
Single forward lookup zone gets created with default installation of DNS services on a Domain
38. What is an OU
Organization Unit
39. What are three primary functions of Organizational Units?
Organize Data, Deploy GPO, Delegate permissions (We use AD Groups to assign permissions to
not get confused and be precise with your answer)
40. In which order OU’s are being applied in Active Directory
 Local
 Site
 Domain
 Organization Unit

41. If you have one OU and you have mixed server in it (Windows 2008 and Windows 2012 servers)
How do, I apply GPO to only Windows 2012 Servers. Assuming I cannot create any new OU.
Use WMI filtering and only target specific Windows Server version
42. If you have lost one of the domain controllers how do you clean up Active Directory database for
the lost DC?
Meta Data Cleanup with Ntdsutil.exe is a command-line tool
43. What is KCC and what does it do?
Knowledge Consistence Checker, it builds replication connections in between domain controllers
44. What is LSAS
Lsass.exe (Local Security Authority Subsystem Service) is the process which, on an Active Directory
domain controller, is responsible for providing Active Directory database lookups, authentication,
and replication

Visit my Blog
45. What kind of replication Active Directory uses? is it pull or push?

Active Directory uses pull replication. In pull replication, a destination replica requests information
from a source replica. The request specifies the information that the destination needs, based on
its knowledge of changes already received from the source and from all other domain controllers
in the domain. When the destination receives information from the source, it applies that
information, bringing itself more up-to-date. The destination's next request to the source
excludes the information that has already been received and applied.

The alternative is push replication. In push replication, a source sends information to a destination
unsolicited, in an attempt to bring the destination more up-to-date. Push replication is
problematical because it is difficult for the source to know what information the destination
needs. Perhaps the destination has received the same information from another source. If a
source sends information to a destination, there is no guarantee that the destination is going to
apply it; if the source assumes otherwise, the system is unreliable.

Visit my Blog

You might also like