Active Directory Job Interview Questions and Answers

What is Active Directory?

A directory is a hierarchical structure that stores information about objects on the network. A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators. For example, AD DS stores information about user accounts, such as names, passwords, phone numbers, and so on, and enables other authorized users on the same network to access this information.

Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information.

This data store, also known as the directory, contains information about Active Directory objects. These objects typically include shared resources such as servers, volumes, printers, and the network user and computer accounts. For more information about the Active Directory data store, see Directory data store.

Security is integrated with Active Directory through logon authentication and access control to objects in the directory. With a single network logon, administrators can manage directory data and organization throughout their network, and authorized network users can access resources anywhere on the network. Policy-based administration eases the management of even the most complex network. For more information about Active Directory security

Active Directory also includes:

  • A set of rules, the schema, that defines the classes of objects and attributes contained in the directory, the constraints and limits on instances of these objects, and the format of their names. For more information about the schema, see Schema.
  • global catalog that contains information about every object in the directory. This allows users and administrators to find directory information regardless of which domain in the directory actually contains the data. For more information about the global catalog, see Global catalog.
  • query and index mechanism, so that objects and their properties can be published and found by network users or applications. For more information about querying the directory, see Searching in Active Directory Domain Services.
  • replication service that distributes directory data across a network. All domain controllers in a domain participate in replication and contain a complete copy of all directory information for their domain. Any change to directory data is replicated to all domain controllers in the domain. For more information about Active Directory replication.

What is the default protocol used in directory services?

LDAP and Kerberos are the default protocols used in directory devices. These are the directory access protocol, used to exchange directory information from the server to clients or from server to server.

What is KDC in Active Directory?

KDC is a Kerberos key distribution center which provides temporary session keys to the intended users within an Active Directory domain. It operates on each controller domain as a part of Active Directory Domain Services (AD DS).

How is Kerberos used in Active Directory?

Kerberos is a network authentication control protocol which is designed to provide a strong security control mechanism to users by using secret-key cryptography.

Steps need to be performed in order to use Kerberos in Active directory.

  • Enter the first name of the user
  • Log in with the name
  • Enter the password and confirm your password
  • Verify require per authentication checkbox

What is SCM in Active Directory?

SCM is a Security Control Mechanism, as it securely authenticates the user against any domain in Active directory. Additionally, it establishes users identity by performing LDAP search on active directory.

What type of database does Active Directory use?

Active Directory uses Extensible Storage Engines type of database.

What is OU in Active Directory?

In the active directory, OU is an Organisational Unit which is a subset of Active Directory. In OU users can able to store users, groups and organizational units. In order to mirror the organizational function, OU is created.

How to check ou in active directory?

Users can check OU in Active Directory by taking account of permission from the administrator. Likewise, users can also check the organizational structure by login into the Active Directory account.

How to find my CN in Active Directory?

Users can find CN in active Directory by performing the following steps –

  • Open windows command prompt/control panel
  • Run the query dsquery user – name
  • CN will be displayed on the screen

What is Samaccountname in Active Directory?

Samaccountname is an attribute which is used to support clients and servers from the previous version of windows.

What do you mean by organizational units?

The Organizational Unit is a serious design factor impacting policy, security, competence and the charge of administration. Organizational Units are a kind of LDAP (X.500) pot. It can be a reflection of as a sub-domain element with comparable properties to domains.

What do you mean by Active Directory Recycle Bin?

Active Directory Recycle bin is a characteristic of Windows Server 2008 AD. It helps to re-establish by chance deleted Active Directory objects without using a backed-up AD database, rebooting area controller.

What is the purpose of replication in AD?

The reason for replication is to share out the data stored within the index throughout the organization for amplified availability, performance, and data defense. Systems administrators can tune duplication to occur based on their physical network communications and other constraints.

What is the Mixed Mode in AD?

Allows domain controllers operation both Windows 2000 and previous versions of Windows NT to co-exist in the area. In mixed mode, the domain features from preceding versions of Windows NT Server are still enabled, while some Windows 2000 features are disabled. Windows 2000 Server domains are installed in mixed mode by non-payment.  In a mixed way, the field may have Windows NT 4.0 backup domain controllers at hand.

What is stale in AD?

Stale refers to references to objects that have been stimulated so that the local copy of the distant object’s name is out of date.

What is SID in AD?

Security Identifier is an exceptional variable-length identifier used to recognize a trustee or refuge principal.

What is clustering in Active Directory?

No one installs Active Directory in a bunch. There is no need for clustering a field controller.  Active Directory provides total joblessness with two or more servers.

What is RID Master?

RID master refers for Relative Identifier for conveying exceptional IDs to the object shaped in AD.

What is child DC?

Child DC is a sub-area controller under the root domain controller which share a namespace.

What is the port no of Kerbrose?

The port no is 88.

What is the port number of Global catalog?

The port number of the global catalog is 3268.

What is the port no of LDAP in AD?

The port no of LDAP is 389.

Click here to read more Interview Questions and Answers

If I try to look schema, how can I do that?

List schmmgmt.dll using this command:

c:\windows\system32>regsvr32 schmmgmt.dll

Open mmc –> add snapin –> add Active directory schema

name it as schema.msc

Open administrative tool –> schema.msc

Click here to read more Blogs

Click here to read more Q&A

About Author


After years of Technical Work, I feel like an expert when it comes to Develop wordpress website. Check out How to Create a Wordpress Website in 5 Mins, and Earn Money Online Follow me on Facebook for all the latest updates.

Leave a Comment