Active Directory Architecture and Management Questions

Comprehensive coverage of Microsoft Active Directory and directory services design, deployment, operation, and troubleshooting. Topics include the logical and physical structure of Active Directory such as forests, trees, domains, organizational units, naming contexts, domain controllers, global catalog servers, and site topology. Candidates should understand directory data models and object types and attributes, including user accounts, computer accounts, security groups and distribution groups, group scopes and nesting, membership management, and access control lists and permission models on directory objects. Expect questions on authentication and authorization flows including Kerberos based authentication, Lightweight Directory Access Protocol binds and queries, domain joining, trust relationships between domains and forests, and the impact of domain controller roles including flexible single master operation roles and read only domain controllers. Coverage also includes replication topology and behavior, site awareness and site link design, replication scheduling and conflict resolution, and techniques for troubleshooting replication and connectivity issues. Candidates should be able to explain group policy concepts for centralized configuration and security enforcement, delegation and administrative models, common management consoles and automation and scripting for administration, backup and recovery considerations, and how to design Active Directory deployments for scale, resilience, and integration with broader identity and access management and single sign on solutions.

HardSystem Design

24 practiced

Design a global Active Directory architecture for an organization with 50,000 users across 6 regions requiring 24x7 availability and low authentication latency. Specify forest and domain boundaries, domain controller placement (writable vs RODC), Global Catalog placement strategy, site-link topology with replication frequency, FSMO placement, and a high-level disaster recovery approach. State assumptions and justify trade-offs.

HardSystem Design

32 practiced

Design a comprehensive Active Directory backup and disaster recovery plan for a 5-domain forest with an RPO of 1 hour and RTO of 8 hours. Specify backup types and frequency (system state, bare-metal), offsite replication, authoritative vs non-authoritative restore processes, FSMO recovery steps, testing cadence, and procedures to validate AD integrity after recovery.

HardTechnical

32 practiced

An application vendor requests extending the AD schema by adding a new attribute and object class. Describe the complete change control process you would follow: design review, lab testing, impact analysis, obtaining the schema master role for changes, applying the change (ldifde or schema management tools), replication and roll-back planning, and governance to approve/record schema modifications.

MediumTechnical

31 practiced

Users experience intermittent logon delays and you see large SID lists in events. Explain token bloat and Kerberos token-size limits. Show diagnostic steps to confirm that group nesting is causing large tokens, and describe at least three remediation strategies such as group cleanup, converting groups to resource-based access, claims-based auth, or using AD group expansion alternatives.

HardSystem Design

32 practiced

Design a Group Policy strategy for a global organization of 200,000 users that enforces security baselines while minimizing logon times. Address GPO structure and consolidation, central store for ADMX files, use of filtering vs OU placement, loopback scenarios, slow link detection, GPO caching, and tools/metrics you would use to measure and optimize GPO processing at scale.

Unlock Full Question Bank

Get access to hundreds of Active Directory Architecture and Management interview questions and detailed answers.

Join thousands of developers preparing for their dream job.