Active Directory Interview Question and Answers

 ACTIVE DIRECTORY

Foundational Concepts

1.What is Active Directory?

·       "Active Directory is a directory service developed by Microsoft.

·       It provides a centralized platform for managing user identities, access control, and other directory services within an organization's network.

·       Through this Active Directory we can manage users accounts, computers, Printers and other resources within a network that offers centralised authentication and authorisation for managing all these duties.

·       A structured data store is used by AD to effectively manage domain resources and arrange information about network objects.

2.What are the key components of Active Directory?

• "Key components include:

• Domain: A logical grouping of computers and users that share a common security database.

• Domain Controller: A server that stores and replicates the Active Directory database.

• Organizational Unit (OU): A container within a domain used to organize users, computers, and other objects for easier management.

• Group Policy Objects (GPOs): Policies that define security settings, software installations, and other configurations for users and computers."

• Forest: A collection of one or more domains that share a common schema.

• Tree: A collection of one or more domains in a contiguous namespace.

• Global Catalog: A distributed data repository that provides a searchable catalog of all objects in the forest.

 

3.Explain the concept of a Domain Controller and its role in Active Directory?

• "A Domain Controller is a server that stores and replicates the Active Directory database. It authenticates user logins, enforces security policies, and provides directory services to clients within the domain."

4.How to create user accounts in Active directory step by step?

1. Open Active Directory Users and Computers (ADUC)

• On a domain-joined computer, open the Server Manager.
• Navigate to Tools > Active Directory Users and Computers.

2. Locate the Desired Organizational Unit (OU)

• In the ADUC console, navigate to the appropriate OU where you want to create the user account. For example, you might place users in an "Employees" OU.

3. Create a New User

• Right-click on the desired OU and select New > User.
• The "New Object - User" wizard will appear.

4. Enter User Information

• First Name: Enter the user's first name.
• Last Name: Enter the user's last name.
• User logon name: Enter the user's username (e.g., "Divya"). This will be their login name for the domain.
• Note: Use a consistent naming convention for user logon names (e.g., firstname.lastname or initials_lastname).
• Full name: Enter the user's full name.
• Click Next.

5. Set Password

• Password: Enter a strong password for the user.
• Confirm Password: Re-enter the password for verification.
• User Must Change Password at Next Logon: This option forces the user to change the password upon their first login. It's generally recommended for enhanced security.
• Password Never Expires: This option disables password expiration. Use with caution and only when necessary.
• Click Next.

6. Options (Optional)

• Account:
• Account is disabled: Disables the user account.
• Account is locked out: Locks the user account.
• User cannot change password: Prevents the user from changing their own password.
• Dial-in: Configure dial-in permissions if applicable.
• Computer: Specify any computer restrictions for the user.
• Profile: Configure user profiles (e.g., roaming profiles).

7. Finish

• Click Finish to create the user account.

8. (Optional) Add the User to Groups

  To grant the user access to specific resources, add them to appropriate groups (e.g., "Domain Users," "Marketing Group").

9. Verify Account Creation

• Locate the newly created user account in the Active Directory Users and Computers console.
• Verify that the account was created successfully and that all settings are as expected.

Important Notes:

• Security: Always use strong passwords and follow best practices for password management.
• Least Privilege: Grant users only the necessary permissions to perform their job duties.
• Documentation: Maintain proper documentation of user accounts and their associated permissions.

        By following these steps, you can efficiently create user accounts in Active Directory and       manage user access within your organization.

5.How to reset password on Active Directory step by step?

Locate the User Account:

• In the ADUC console, browse or search for the user account whose password you want to reset.
• If your organization is large, use the search function to find the user quickly.

Right-Click on the User Account:

• Right-click on the specific user account to open a context menu.

Select the "Reset Password" Option:

• Choose the Reset Password option from the context menu.
• A new window will pop up, allowing you to enter a new password for the user.

Enter and Confirm the New Password:

• Type in the new password and confirm it by typing it again.
• Ensure the new password complies with your organization’s password policy.

Optional: Require User to Change Password at Next Logon:

• Check the box "User must change password at next logon" if you want the user to set a new password when they log in next.

Click OK:

• Click OK to apply the changes.

Verify the Password Reset:

• Ensure the user can log in with the new password.
• You can also check the user's properties in ADUC to confirm the password change.

6. How to unlock user accounts on AD step by step?

Locate the User:

• Open Active Directory Users and Computers (ADUC).
• Navigate to the location of the locked user account 
• Find the user account in the list.

Unlock the Account:

• Right-click on the locked user account.
• In the "Account" tab, check the box for "Account is not locked".
• Click "Apply" and then "OK".

 

7.What is the difference between Active Directory and LDAP?

• Answer: LDAP (Lightweight Directory Access Protocol) is an open standard protocol used for accessing and managing directory information services over an IP network. Active Directory uses LDAP as its primary protocol to query and update directory information. While AD is a directory service that uses LDAP, LDAP itself is just a protocol and can be used with other directory services as well.

8.Can you explain the concept of FSMO roles in Active Directory?

• Answer: FSMO (Flexible Single Master Operations) roles are specialized tasks assigned to one domain controller in each domain or forest to prevent conflicts and ensure consistency. There are five FSMO roles:

• Schema Master: Controls all updates and modifications to the AD schema.

• Domain Naming Master: Manages the addition and removal of domains in the forest.

• PDC Emulator: Acts as a Primary Domain Controller for backward compatibility.

• RID Master: Allocates pools of unique identifiers to domain controllers.

• Infrastructure Master: Maintains references to objects in other domains.

• These questions and answers should help you prepare for an interview focused on Active Directory.
• Shortly I will Post some more Interview Questions and Answers on AD