Register Login
Python Photoshop SAP Java PHP Android C++ Hadoop Oracle Interview Questions Articles Other

Active Directory Interview Questions and Answers

Updated Apr 28, 2025

1. What is Active Directory?

Active Directory (AD) is a directory service developed by Microsoft that runs on Windows Server. It helps network administrators manage and organize users, computers, and other resources within a network. It stores information as objects and allows centralized management of network components such as users, groups, and domains.

2. What methods can be used to activate the Active Directory Recycle Bin?

You can enable the Active Directory Recycle Bin using PowerShell:

  1. Log in to a domain controller.
  2. Load the Active Directory PowerShell module.
  3. Execute the following command:
Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target <YourDomainName>

3. What is the schema in Active Directory?

The Active Directory schema defines all object classes and attributes that the directory service uses. It acts as a blueprint, ensuring consistency and structure across the AD database.

4. How to modify the schema in Active Directory?

  1. Open the Active Directory Schema console.
  2. Right-click Active Directory Schema and select Operations Master.
  3. Check the box to enable schema modifications.
  4. Note: Only the Schema Master Domain Controller can make changes.

5. Why use Active Directory?

Active Directory simplifies the management of network resources by providing centralized control. IT administrators can manage user accounts, security policies, and network resources efficiently across an entire organization.

6. What are the two basic classes of Active Directory objects?

The two basic classes are:

  • Container objects (e.g., domains, organizational units)
  • Leaf objects (e.g., users, computers)

7. What is a forest in Active Directory?

A forest is the highest-level container in Active Directory that holds one or more domain trees. It represents a security boundary and has a shared schema, configuration, and global catalog.

8. What is OU (Organizational Unit) in Active Directory?

An Organizational Unit (OU) is a subdivision within a domain that groups related objects, such as users, groups, and computers. OUs help in delegating administrative control and applying group policies efficiently.

9. What are Active Directory Domain Services (AD DS)?

Active Directory Domain Services (AD DS) are the core services that allow administrators to manage users and resources, authenticate logins, and enforce security policies within a domain.

10. How to add users in Active Directory?

  1. Open Server Manager > Tools > Active Directory Users and Computers.
  2. Expand the domain and select the Users container.
  3. Right-click and choose New > User.
  4. Enter user details like full name and login name.
  5. Set the password and complete the wizard.

11. What is Group Policy in Active Directory?

Group Policy allows network administrators to control user and computer settings in an Active Directory environment. It defines security settings, software installation, desktop configurations, and more.

12. Which default protocol is used in Directory Services?

Active Directory uses the Lightweight Directory Access Protocol (LDAP) as the default protocol to manage and access directory information.

13. How to change the password in Active Directory?

  1. Open Active Directory Users and Computers.
  2. Locate the user account whose password needs to be changed.
  3. Right-click the account and select Reset Password.
  4. Enter and confirm the new password, then click OK.

14. Where are Active Directory logs stored?

Active Directory logs are stored in the Windows Event Viewer under the following logs:

  • Directory Service
  • DNS Server
  • File Replication Service (FRS)

15. What is LDAP in Active Directory?

The Lightweight Directory Access Protocol (LDAP) is an open protocol used to access and maintain distributed directory information services over a network. Active Directory uses LDAP to query and modify its directory services data.

16. What is Active Directory replication?

Active Directory replication ensures that updates to objects (users, groups, etc.) on one domain controller are synchronized across all other domain controllers within a domain or forest.

17. Difference between Local User and Domain User Accounts?

Local User Domain User
Credentials stored on the local computer. Credentials stored on the domain controller.
Login validated by the local computer. Login validated by the domain controller.
Local policies define permissions. Domain-wide policies define permissions.

18. What is a tombstone in Active Directory?

A tombstone is a deleted object retained in Active Directory for a specific period (the tombstone lifetime). Tombstones allow replication of deletions across domain controllers before the object is permanently removed during garbage collection.

19. Explain SYSVOL in Active Directory?

SYSVOL (System Volume) is a shared directory that stores domain public files needed for Active Directory, such as logon scripts and Group Policy templates. SYSVOL is automatically replicated to all domain controllers in a domain using the Distributed File System (DFS) or File Replication Service (FRS).

20. What two actions must be performed before using the Active Directory Recycle Bin?

Before enabling the Active Directory Recycle Bin:

  • The forest functional level must be at least Windows Server 2008 R2.
  • All domain controllers must be running Windows Server 2008 R2 or higher.

To enable it:

  1. Open Active Directory Module for Windows PowerShell as Administrator.
  2. Run the following command: 
    Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target <YourDomainName>

21. What are FSMO roles in Active Directory?

FSMO (Flexible Single Master Operations) roles are special roles assigned to one or more domain controllers to prevent conflicts. The five FSMO roles are:

  • Schema Master
  • Domain Naming Master
  • RID (Relative ID) Master
  • PDC (Primary Domain Controller) Emulator
  • Infrastructure Master

22. What is the Global Catalog (GC) in Active Directory?

The Global Catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a forest. It helps users and applications find directory information across domains quickly.

23. What is the difference between an authoritative and non-authoritative restore in Active Directory?

  • Authoritative Restore: Forces restored objects to overwrite existing data across domain controllers. Used when you want the restored version to be replicated.
  • Non-Authoritative Restore: Simply restores Active Directory to a previous backup state. Changes made after the backup will eventually be replicated again from other domain controllers.

24. What is a Trust Relationship in Active Directory?

A trust relationship in Active Directory enables users in one domain to access resources in another domain. Trusts can be one-way, two-way, transitive, or non-transitive, and are critical in multi-domain or multi-forest environments.

25. What are Sites and Subnets in Active Directory?

Sites in Active Directory represent the physical structure (geographic locations) of your network. Subnets are used to define network segments within these sites. Sites and Subnets help optimize authentication and replication traffic.

Recommended Posts:
×