Active Directory Interview Questions and Answers Part-1

What is Active Directory?

Active Directory (AD) is a directory service developed by Microsoft and used to store objects like User, Computer, printer, Network information, It facilitate to manage your network effectively with multiple Domain Controllers in different location with AD database, able to manage/change AD from any Domain Controllers and this will be replicated to all other DC’s, centralized Administration with multiple geographical location and authenticates users and computers in a Windows domain

What is Domain?

Active Directory Domain Services is Microsoft’s Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed

What is Active Directory Domain Controller (DC)?

Domain Controller is the server which holds the AD database, All AD changes get replicated to other DC and vise vase

Forest consists of multiple Domains trees. The Domain trees in a forest do not form a contiguous name space however share a common schema and global catalog (GC)

What is Schema?

Active directory schema is the set of definitions that define the kinds of object and the type of information about those objects that can be stored in Active Directory

Active directory schema is Collection of object class and there attributes

Object Class = User

Attributes = first name, last name, email, and others

How to check which server holds which role?

Netdom query FSMO

Tel me about the FSMO roles?

Schema Master

Domain Naming Master

Infrastructure Master

RID Master

PDC

Schema Master and Domain Naming Master are forest wide role and only available one on each Forest, Other roles are Domain wide and one for each Domain

AD replication is multi master replication and change can be done in any Domain Controller and will get replicated to others Domain Controllers, except above file roles, this will be flexible single master operations (FSMO), these changes only be done on dedicated Domain Controller so it’s single master replication

Tel me about Active Directory Database and list the Active Directory Database files?

NTDS.DIT

EDB.Log

EDB.Che

Res1.log and Res2.log

All AD changes didn’t write directly to NTDS.DIT database file, first write to EDB.Log and from log file to database, EDB.Che used to track the database update from log file, to know what changes are copied to database file.

NTDS.DIT: NTDS.DIT is the AD database and store all AD objects, Default location is the %system root%\nrds\nrds.dit, Active Directory database engine is the extensible storage engine which us based on the Jet database

EDB.Log: EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB Num.log where num is the increasing number starting from 1, like EDB1.Log

EDB.Che: EDB.Che is the checkpoint file used to trace the data not yet written to database file this indicate the starting point from which data is to be recovered from the log file in case if failure

Res1.log and Res2.log:  Res is reserved transaction log file which provide the transaction log file enough time to shut down if the disk didn’t have enough space

What is Active Directory Partitions?

Active Directory partition is how and where the AD information logically stored.

What are all the Active Directory Partitions?

Schema

Configuration

Domain

Application partition