Active Directory Architecture and Management Questions

Comprehensive coverage of Microsoft Active Directory and directory services design, deployment, operation, and troubleshooting. Topics include the logical and physical structure of Active Directory such as forests, trees, domains, organizational units, naming contexts, domain controllers, global catalog servers, and site topology. Candidates should understand directory data models and object types and attributes, including user accounts, computer accounts, security groups and distribution groups, group scopes and nesting, membership management, and access control lists and permission models on directory objects. Expect questions on authentication and authorization flows including Kerberos based authentication, Lightweight Directory Access Protocol binds and queries, domain joining, trust relationships between domains and forests, and the impact of domain controller roles including flexible single master operation roles and read only domain controllers. Coverage also includes replication topology and behavior, site awareness and site link design, replication scheduling and conflict resolution, and techniques for troubleshooting replication and connectivity issues. Candidates should be able to explain group policy concepts for centralized configuration and security enforcement, delegation and administrative models, common management consoles and automation and scripting for administration, backup and recovery considerations, and how to design Active Directory deployments for scale, resilience, and integration with broader identity and access management and single sign on solutions.

EasyTechnical

34 practiced

Explain Group Policy basics: what a Group Policy Object (GPO) is, the order in which policies are applied (local, site, domain, OU), how inheritance and blocking work, and how to use gpupdate and gpresult to troubleshoot policy application on a client.

HardTechnical

32 practiced

An application vendor requests extending the AD schema by adding a new attribute and object class. Describe the complete change control process you would follow: design review, lab testing, impact analysis, obtaining the schema master role for changes, applying the change (ldifde or schema management tools), replication and roll-back planning, and governance to approve/record schema modifications.

EasyTechnical

34 practiced

Define the difference between security groups and distribution groups in Active Directory. Explain how each is used in permissions management, email distribution (Exchange), and give an example where converting a distribution group to a security group could introduce security risks.

HardTechnical

26 practiced

Write a PowerShell function (using the ActiveDirectory module) that accepts an HR CSV with columns: employeeID, sAMAccountName, givenName, sn, title, managerID. The function should: 1) create missing user objects disabled, 2) update attributes for existing users, 3) disable accounts missing from HR, and 4) append idempotent audit entries to a log. Consider scale (100k users), transaction safety, and throttling so AD controllers are not overloaded. Provide core code and explain design choices.

EasyTechnical

30 practiced

Describe the role of the Global Catalog (GC) in Active Directory. Explain what data it stores versus full domain partitions, how the Partial Attribute Set (PAS) affects queries, when a GC is needed for authentication and universal group membership, and how GC placement impacts logon traffic across sites.

Unlock Full Question Bank

Get access to hundreds of Active Directory Architecture and Management interview questions and detailed answers.

Join thousands of developers preparing for their dream job.