Active Directory Questions and Answers.

   Active Directory Questions and Answers. 

1. What is an IP Address? It is 32 Bits binary number (or any brief answer you can come up with) If you are spending to explain 5 minutes what an IP address is, that is not good at all.

2. What is Subnet Mask? IT is also 32 Bits Binary number

3. What does subnet mask do? It divides IP address into two distinct part, Network and Host portion.

4. Provide full subnet mask for /27 255.255.255.224 /27 means 27 bits turned on, 8 bits = 255 24 bits = 255.255.255 3 bits 128 + 64 + 32 = 224 Therefore, full SB mask for /27 is 255.255.255.224 If you did not get this STOP. You need to go back and learn basic subnetting. You cannot screw up with such easy question on the interview, so take your time to study. (Special Thanks to My body Zack Payton for making me understand many years ago)

5. Now it is rare in the AD Interview but incase, you could be asked /27 how many network and how many hosts in each network? Going back to basic, /27 255.255.255.0 3 bits for network 5 bits for Hots 2X2X2 = 8 Networks 2x2x2x2x2 = 30 Hosts in each Networks (32 -2 = 30) we need one IP for each Network and another one for Broadcast.


6. What is an Active Directory? It is a database (Active Directory is a special-purpose database)

7. What is an object An object is an instance of storage of a class, user is an object, computer account is also an object etc.

8. What is an attribute? Property of an Object called an attribute, think of user object, and think of all available attributes associating with user object, name, last name, logon name etc.

9. What is the name of Active Directory Database, when you install Domain Controller, by default directory database gets created? Active Directory database is. DIT database, it is NTDS.dit


10. NTDS.DIT Database is partitioned database, what are the partitions on it? 1. Domain 2. Configuration 3. Schema 4. Application (if created)

11. What tool can interact with (. DIT) database (the most common) adsiedit.msc

12. In Which directory partition DNS information is kept? Domain Partition

13. In Which partition Exchange Server information is kept (tricky question) All of the partitions. 1. Domain 2. Configuration 3. Schema

14. What is DNS Domain Name System, Service

15. What port DNS runs on 53

16. Is it TCP or UDP Both are protocols

17. What is TCP Transmission Control Protocol 18. What is UDP User Datagram Protocol

19. What is the difference in between TCP /UDP Protocols? TCP is connection oriented, whereas UDP is connectionless

20. How many Bytes TCP Header? Size of TCP Header (without any options) - 20 Bytes


21. How many Bytes UDP Header? Size of UDP header - 8 bytes

22. Size of Total empty TCP datagram Total size of empty TCP datagram - 24 + 20 + 20 = 64 bytes  Size of Ethernet frame - 24 Bytes  Size of IPv4 Header (without any options) - 20 bytes  Size of TCP Header (without any options) - 20 Bytes 5 | P a g e Visit my Blog

23. Size of Total empty UDP datagram Total size of empty UDP datagram - 24 + 20 + 8 = 52 bytes  Size of UDP header - 8 bytes  Size of Ethernet frame - 24 Bytes  Size of IPv4 Header (without any options) - 20 bytes

24. Considering single Forest with 12 domains, how many FSMO role in total exist? Total FSMO roles in this scenario = 38  12 X 3 = 36 (PDC, RID, Infrastructure) Master  2 For each Forest (Domain Naming Master and Schema Master per Forest)  Total = 38

25. What is FSMO? Flexible Single Master Operations How many FSMO role exist?

26. What is the least important FSMO role, considering day to day operations which one of FSMO role absence would be least significant impact and Why? Perhaps Schema Master if you assume you don’t extend your schema every day or RID master

27. What is the most important FSMO role, considering day to day operations which one of FSMO role absence would be most significant impact and why? PDC Emulator (explain why)

28. What is the difference in between seizing and moving FSMO roles? Peaceful operation versus forcing it. Seizing is the operation when FSMO role owner is no longer accessible and after seizing FSMO roles, you cannot bring the previous FSMO role owner back to network.

29. What is an A record, when I open A record what do I see inside? Host name mapping to IPV4 record

30. What is an AAA record, when I open A record what do I see inside? Host name mapping to IPV6 record

31. What is Glue record, when I open A record what do I see inside? Simply Host name mapping to IP address (same as A record)

32. What is PTR record, when I open A record what do I see inside? Pointer record, IP address map to Host name

33. What is CNAME record, when I open A record what do I see inside? Chomical Name record, Multiple names mapping to same IP address

34. What is Alias record, when I open A record what do I see inside? Another name for CNAME record, Multiple names mapping to same IP address


35. What is a SRV record? Service record, which provides information about service and port information

36. How many reverse lookup zone, is available with default DNS installation? None, DNS does not relay on reverse DNS zone to work properly. It is optional to crate reverse DNS zone, and many administrators will recommend creating one for various reasons (security etc.)

37. How many forward lookup zone, is available with default DNS Installation? Single forward lookup zone gets created with default installation of DNS services on a Domain Controller. 38. What is an OU Organization Unit

39. What are three primary functions of Organizational Units? Organize Data, Deploy GPO, Delegate permissions (We use AD Groups to assign permissions to not get confused and be precise with your answer)

40. In which order OU’s are being applied in Active Directory  Local  Site  Domain  Organization Unit

41. If you have one OU and you have mixed server in it (Windows 2008 and Windows 2012 servers) How do, I apply GPO to only Windows 2012 Servers. Assuming I cannot create any new OU. Use WMI filtering and only target specific Windows Server version

42. If you have lost one of the domain controllers how do you clean up Active Directory database for the lost DC? Meta Data Cleanup with Ntdsutil.exe is a command-line tool

43. What is KCC and what does it do? Knowledge Consistence Checker, it builds replication connections in between domain controllers

44. What is LSAS Lsass.exe (Local Security Authority Subsystem Service) is the process which, on an Active Directory domain controller, is responsible for providing Active Directory database lookups, authentication, and replication


45. What kind of replication Active Directory uses? is it pull or push? Active Directory uses pull replication. In pull replication, a destination replica requests information from a source replica. The request specifies the information that the destination needs, based on its knowledge of changes already received from the source and from all other domain controllers in the domain. When the destination receives information from the source, it applies that information, bringing itself more up-to-date. The destination's next request to the source excludes the information that has already been received and applied. The alternative is push replication. In push replication, a source sends information to a destination unsolicited, in an attempt to bring the destination more up-to-date. Push replication is problematical because it is difficult for the source to know what information the destination needs. Perhaps the destination has received the same information from another source. If a source sends information to a destination, there is no guarantee that the destination is going to apply it; if the source assumes otherwise, the system is unreliable.