A comprehensive guide to help individuals prepare for an Active Directory job interview. This article covers a wide range of Active Directory interview questions and provides answers to each question. The questions are divided into several categories including:
- Active Directory Fundamentals
- Active Directory Domain Services
- Group Policy
- Active Directory Federation Services
- and more
The answers provided are clear, concise, and informative. They give a good understanding of the topic and will help you gain a deeper understanding of Active Directory.
Very frequently during the technical job interview process, you might be asked questions about Active Directory. This is why we put together this video to provide you answers to questions like:
What is Active Directory?
How can you configure a domain controller to run Active Directory on Windows Server?
How can you configure to run DNS on an Active Directory domain controller?
Where is the Active Directory database located?
Let’s go ahead and get started.
A lot of times you might be asked the question during the interview process, “What is Active Directory?” Active Directory is the directory service that contains a database designed and created by Microsoft. Initially, it was only used for centralized domain management, but over the years it became an umbrella title for the broad range of directory-based services.
In addition to storing user accounts, computers, printers, and all other connected devices’ information in Active Directory, it also became a place for centralized security and network configuration management. Active Directory stores all information organized in organizational units. Each organizational unit contains user groups, computers, and other devices’ information. Organizational units are stored hierarchically and allow easy management by network administrators.
Let me tell you a little bit about myself. My name is Vadim Mikhalenka, and I have an MBA and a master’s degree in computer science. Most of my career, I worked as a consultant, helping companies implement solutions. I learned a lot of technologies throughout my career, but more importantly, I developed a methodology on how to learn new skills, which I would like to share with you as part of my videos.
I also work as an educator at a community college, helping people to learn technology and find jobs. I started online training for everyone to share my knowledge and help people reach their goals faster. Please consider subscribing to this channel. The skills you learn here will be helpful for you now and also in the future.
A lot of times you might be asked the question, “Where is the Active Directory database located on Windows Server?” To make Active Directory services possible, multiple files are involved, but all of these files are located in the system root NTDS folder, which is typically C:\Windows\NTDS. To navigate to this folder, you need to log in with an administrative account to the Windows Server, go to drive C, navigate to Windows, find the NTDS folder, and open the database files. Keep in mind that sometimes your extensions to the files may not be visible. To enable extensions, you need to click View in the file explorer, select Options, navigate to View, and choose the right set of options for you to see everything you would like to see.
Let me give you a couple of reasons why you might consider subscribing to online training for everyone. State-of-the-art skills, tips, tricks, and techniques we share with you here on online training for everyone will help you today and in the future. We use scientifically proven methodology to create videos that will help you learn faster and retain more material.
When you click the subscribe button now, you will become connected and will be the first one to receive automatic notifications when a new video is released.
A lot of times during the interview process, you might be asked to describe DNS. DNS stands for Domain Name System and this is the system that looks up between domain names and IP addresses. It uses port 53 for TCP protocol and is also available on UDP.
If you type “google.com” in your internet browser, the computer doesn’t know what “google.com” is and it asks the DNS server to do the lookup. The DNS system makes it possible for us to type “google.com” and instead get connected to IP address “172.58.192.174”. By the way, you can make a cool experiment and type this IP address right in your browser, and when you hit enter, you will get right into “google.com”. But I bet you might realize that it’s much easier by just typing “google.com”.
The DNS architecture on the internet is very sophisticated and it consists of four different layers: DNS Recurser, Root Server, TLD Namespaces, as well as Authoritative Name Server. Microsoft Windows Server provides a DNS app to help manage DNS in Windows Active Directory architecture. Inside the DNS app, you can configure forward lookup zones, reverse lookup zones, trust points, conditional forwarders, and a lot of other things.
The query to translate website name into IP address is only one type of query the DNS provides. In addition to this query, the DNS allows for recursive queries, iterative queries, and non-recursive queries. DNS is an extremely fascinating topic. If you’re interested in DNS, I recommend you type into Google “additional queries for DNS security”, “DNS zones”, “DNS root server”, “primary and secondary DNS”, as well as “reverse DNS”.
If you like the content, please give this video a big thumbs up. This tells us that you need more content like this and we’ll make sure that you get it in the future.
A lot of times during the interview process, you might be asked the question “how do you install Windows Server?” Even though there are multiple ways you can utilize to install Windows Server, including attended and unattended installations, one of the most common and easiest ways is to install using virtualization software. For example, you can pick among multiple different choices available for virtualization software like VMware Workstation Pro, VirtualBox from Oracle, or Microsoft’s Virtual Machine. Download a trial version from Microsoft and install Windows Server in the virtual environment.
To download the Windows Server trial in Google, all you need to do is type the keyword in Google and it will take you to the right place. We’re trying to download and install on the desktop, this is considered on-premises option, and we need to click the “Download Free Trial” option that’s relevant to that option. Depending upon what you’re trying to accomplish, you can download the Windows Server installer in three different formats: ISO files, mimicking a DVD file, so it’s an equivalent of you getting a virtual DVD; Azure will give you the file for the Azure environment; and the HD option will give you the file for Hyper-V.
Keep in mind that there are also other options available for Windows Server. We’ve selected the basic options for Windows Server 2019, but there is also Windows Server 2019 Essentials, Hyper-V, as well as the Admin Center application that complements Windows Server installation. Because I will be installing Windows Server on VMware Workstation Pro, I will choose the ISO option and download the ISO image.
If you do not own the license to VMware Workstation Pro, you can in a very similar way by typing keywords “VMware Workstation Pro trial”, find the link to the trial, and download the latest version of VMware Workstation Pro. At the time of this recording, the latest version is version 16, but I will be using version 15.5 because this is what I have a license for.
You can complete the Windows Server installation in four steps. The fourth step is optional but definitely recommended. You start the installation by downloading trials. If you do not have a virtualization environment trial, you can try VMware Workstation Pro or use other software that’s available to you. You can also download the Microsoft Windows Server trial.
For the purposes of this demo, I downloaded the ISO file in step 2. You need to configure the virtual machine to configure the virtual machine. You need to go step-by-step through the virtual machine creation process wizard. To start the process, you click on the “Create New Virtual Machine” button. Most of the time, I choose the custom option because it allows me the most control.
On this screen, you need to choose the compatibility options of the virtual machine that you are creating. Because I’m using the most recent version of VMware Workstation 15.5, I’m okay choosing the latest compatibility. But if you are concerned and only have access to previous versions of VMware, you choose the option here that is the best for you.
On this screen, I typically choose “I will install the operating system later” because it allows the best control, and I will be able to adjust and change settings if necessary before starting the installation. Here, you choose the version of the operating system that you’re trying to install. In addition to Windows, VMware Workstation Pro can also install Linux, as well as VMware ESX or other operating systems.
If you choose the version that you’re trying to install, VMware will try to pre-select and download the template with remaining settings. Because there is no option of Windows Server 2019, the closest option will be Windows Server 2016 and this is what I will choose here.
For this installation on this screen, you can give your virtual machine a name and choose where the virtualization files will be located. During the Windows Server installation, you need to make one of four choices. You have two server editions, Standard and Data Center, and you have two server forms, Desktop Experience and Server Core. I will be installing the Standard Edition with Desktop Experience.
To be able to quickly identify my virtual machine, I’m giving it the name that most describes what’s in this virtual machine: “Windows Server Standard 2019 with Desktop Experience”. On the firmware screen, I choose UEFI. UEFI is the more modern replacement of BIOS. When you choose UEFI, one of the biggest benefits is that it provides secure boot and also allows you to boot from large hard drives (drives with sizes 2.2 terabytes or larger), with a theoretical limit of 9.4 zettabytes. I will not choose UEFI secure boot, but you can choose your option based on your needs.
In the Processor Configuration screen, I will choose two processors and one core per processor, with the two total cores available to my virtual machine. On the Memory screen, I will choose 2 gigabytes of RAM. Keep in mind that this option can be changed later (for example, if you feel that your virtual server needs more memory).
I will choose Network Address Translation to allow my virtual machine to connect to the Internet. I will go with the LSI Logic SAS, which is the recommended option by VMware, because it will provide the fastest throughput for my virtual machine. For the disk type, I will go with Non-Volatile Memory Express, which is the fastest option in today’s world and is recommended by VMware.
Since this is going to be a new installation of Windows Server, I will choose the option to “Create New Virtual Disk”. I will choose the size of 256 gigabytes and also choose the option of storing the virtual disk in a single file, because this is the fastest option. I will also include the size of the drive into the file name, so I will be able to quickly identify the size in the file system.
In the last step, I can quickly validate the settings to make sure I selected all the options correctly, and customize the hardware if necessary. To install Windows Server on VMware Workstation Pro, we need to insert an ISO file into the virtual DVD. To do that, we double-click on the CD/DVD SATA, and there is room to insert the ISO image file, where you would need to point to the ISO file that you’ve downloaded.
Once you select the file, VMware Workstation accepts the new path and you need to click “OK.” The next step is to power on this virtual machine and follow the installation process. Windows Server installation is done in the form of a wizard, and most of the common choices are pre-selected for you by Microsoft. On this screen, I would recommend you click “Next” unless you’re planning to make any changes.
Here, you need to click the “Install Now” button. I’m not planning to enter a product key, so I will select “I do not have a product key” option. On this screen, you need to select the configuration that you’re trying to install. Windows Server comes in two editions: Standard Edition and Data Center Edition. Each of the editions comes in two forms: an edition with the desktop experience, where you have a GUI interface to manage your Windows Server, or Server Core, where you manage your server from the command line.
For my installation, I am going to select Windows Server 2019 Standard Edition with Desktop Experience. On this screen, I am going to accept license terms and click “Next.” I am doing a custom brand new installation, so I am going to choose the custom option and select the option “Install Windows only.” This option shows us the virtual hard drive that we’ve created, and this will be the destination for Windows Server installation. I’m going to select this hard drive and click “Next.”
This process triggers the installation, and Windows is going to complete the installation step by step. Unlike a desktop Windows installation, Windows Server installation keeps the administrator account enabled. In the new step of the wizard, you need to configure a password for your administrative account. Once you configure the password by entering it twice, you click the “Finish” button to log in to your Windows Server installation.
You need to press the Ctrl + Alt + Delete button, but because this is a virtual environment, pressing Ctrl + Alt + Delete will do it on the host machine. So instead, you click on the VM and use the “Send Ctrl + Alt + Delete” command to the virtual machine. Once the password is entered, you push the Enter button, and it gets you in.
When you log in to the Windows Server environment and VMware Workstation Pro for the first time, you see that the screen is small, and you also see that you do not have a network connection. The main reason for that is because the Windows installation wizard doesn’t recognize VMware, and you need to install the latest VMware tools and drivers. VMware provides a default way to do it by showing the installation toolbar at the bottom of VMware Workstation. If you click the “Install Tools” button, it’s going to insert the VMware Tools ISO file into the DVD drive of the virtual workstation.
I’m going to click the “Install Tools” button and navigate to the file explorer inside Windows Server. As you can see, the virtual DVD was inserted into the virtual DVD drive. You can access it by clicking “This PC” and navigating to the DVD drive.
Once there, you can trigger the installation process for VMware Tools. If you just follow the wizard and use typical installation options, you will install all the latest drivers for VMware Workstation Pro. This would allow you to run the application full-screen and get the network connection. Typically, at the end of the process, it is a good idea to reboot the server to make sure all the driver installations took effect.
When we were just starting our mission, we wanted to pick the name that would best describe our values. This is the main reason why we picked “How to Analyze Data.net.” Because the core of our mission is covering questions “how” and “why” in every video that we make, make sure you consider this when you’re making your own decision whether to subscribe to the channel or not.
You might be asked the question during the interview process: “How do you configure Active Directory Domain Controller on Windows Server?” You can promote Windows Server to Domain Controller in 5 easy steps. As a first step, you need to select Active Directory Domain Services as well as DNS Server. During the installation process, you need to select and configure new forest, as well as you also will be prompted and you will be required to configure a password for directory service restore mode.
Once all the setup is complete, you would need to use installed Active Directory tools for Active Directory management to promote Windows Server into a Domain Controller. You need to navigate to the Server Manager. In the upper right corner of the Server Manager, you need to click the “Manage” button and select “Add Roles and Features.” You need to click next on the first step of the wizard, select “Role-based or Feature-based Installation.”
In the next step, select the server, which in my case, I only have one server in this configuration, and click next. Select Active Directory Domain Services, which will give you a lot of other options that needs to be installed automatically selected for you by Windows Installer. So I am going to select “Add Features” here on the screen. You also need to select the DNS Server option, which will come with an additional set of sub-options. I am going to click “Add Features” and move to the next step.
This message indicates that I do not have a static IP configured for this server, which in my case, I’m only doing this for training purposes, so which is going to be okay. It might be the same for you or it might be different. I’m going to click “Continue” and click “Next.” I’m not going to select any additional new features as part of this promotion. I’m going to click “Next.”
This is the confirmation of what we are about to do. We are about to promote Windows Server into an Active Directory Server. I am going to click “Next.” This is an additional description of what Windows Domain Controller with DNS will be doing. I am going to click “Next.” I am going to select this option to restart the destination server automatically if it is required. I’m going to click a confirmation “Yes” here. And as a last step here, I’m going to click “Install.”
Once installation is complete, you need to click the “Close” button and go through the reboot process. After the first reboot, the server still wasn’t promoted to the main controller. You need to complete some additional steps to finish the installation of Active Directory. You navigate to AD DS in the Server Manager, and you see that configuration required for Active Directory Domain Services. When you click “More,” it shows you the remaining steps.
I am going to select “Promote the server to the main controller.” In this step, you need to select “Add a new forest” and put some thoughts and consideration into how you are going to name your domain. Because I’m only doing it for demonstration purposes, I am going to select the generic name “ad.local,” but your selection on this step might be very different. You need to do more research because it is hard to change this particular configuration.
I’m going to click “Next.” In this step, I am going with the default choices provided by Windows Server. The only thing I need to enter here is the Directory Services Restore Mode password. I’m going to click “Next.”
I am going to leave the “Create DNS delegation” option unchecked and click “Next.” I am going to confirm the name “ad” for the NetBIOS domain name and click “Next.” I’m going to leave the default folders selected by Windows Server and click “Next.” Confirm all the settings that I have selected and click “Next.”
This last step triggers the installation and actual reconfiguration of the server into an Active Directory Domain Controller. Windows Server provided me with some warnings, which I am going to ignore because this is a test environment. I am going to click “Install” to trigger reconfiguration and promotion of the server into the Windows Server Domain Controller.
After reboot, when you log in to the Windows Server, you need to select the option of “AD Administrator,” which will indicate that you are signing into the Active Directory. Windows Server added tools to manage the Active Directory. To access them, you need to click the “Start” button, navigate to “Windows Administrative Tools,” and select the right tool based on what you’re trying to accomplish. I’m going to select “Active Directory Users and Computers” because it provides full visibility to the domain that was just created.
Please make sure to check out available downloads in the description section of this video. A lot of times, you might be asked the question during the interview process on how Windows Server is used by organizations. Windows Server can play different roles based on organizational needs. It can be a web server using IIS (Internet Information Server) technology from Microsoft. It can help companies deploy Windows on workstations using Windows Deployment Services. It can play the role of an Active Directory Domain Controller, be a DHCP server, DNS server, provide virtualization using Hyper-V technology, be a print and document service, as well as a file server.
There are multiple ways to see all the available roles Windows Server can play. Right now, I’m inside Server Manager, and I can see available roles by navigating to “Manage,” “Add Roles and Features.” I go through the wizard, and as one of the steps in the wizard, Windows Server allows me to see the full list of roles available.
A lot of times you might be asked the question, “What are the available editions of Windows Server?” There are two editions of the latest version of Windows Server that are available: Standard Edition and Data Center Edition. There are also two server forms: Server Core and Server Desktop Experience. For example, this is Windows Server Standard Edition with Desktop Experience.
To find out what edition you’re using, you click on the Start button, type “system”, select “System Information,” and you can see that this is Microsoft Server 2019 Standard Edition. In contrast, Windows Server Core will only allow you to access the server through the Command Prompt, either using default commands for Windows Server through Command Prompt or using PowerShell.
During Windows Server installation, the user is presented with a screen where they have multiple choices for each edition. For example, for Standard Edition, you can select Server Core (the first choice) or you can select Standard Desktop Experience. In a similar way, you can make selections for the Data Center Edition.
The latest version of Windows Server at the time of this video is Windows Server 2019. It has two editions: Standard Edition and Data Center Edition. Microsoft continues to improve the server versions and they continue to add additional functionality. The latest release Microsoft is currently testing is 20H2, and if you’d like to learn more, you can type “Google Windows 20H2” and a lot of information is available.
A lot of times you might be asked the question, “How do you patch Windows Server with the latest security patches and updates?” You might also be asked why this is important. Over the years, Microsoft has almost automated the patching process, and it happens semi-automatically. As an administrator, you can postpone and delay it a little bit, but you cannot stop it unless you use tricks and hacks in the registry. To check the current status of updates and patches on Windows Server, you click the Start button, type “check for updates”, and select “Windows Update Settings” or “Check for Updates” depending on what you’re trying to accomplish.
There are three main reasons why installing the latest updates on Windows Server is important: (1) updates patch security holes and make your installation of Windows more secure. Hackers take advantage of Windows updates, and if you don’t patch, they can access and compromise your system remotely through the network. (2) Installing the latest updates improves user experience and fixes software bugs to improve compatibility. This is typically not as important as patching security holes, but it does provide some productivity improvements and access to the latest features to enhance your Windows Server experience.
Please consider subscribing to this channel. The skills you learn here will be helpful for you now and also in the future. You also have the opportunity to help other people by answering their questions and helping them solve their challenges. If you like the content, please give this video a big thumbs up. This tells us that you need more content like this. Thanks for watching, and I’ll see you in my next video.
The text above was derived (in part or whole) from the video transcript and formatted for your reading enjoyment.
We do not claim the text to be an accurate representation of the video. You are encouraged to watch and listen to the video for a complete and accurate representation.
Video url: https://www.youtube.com/watch?v=TlQWpJzJoG8
Channel url: https://www.youtube.com/@OnlineTrainingforEveryone
Channel name: Online Training for Everyone