Advanced Active Directory Interview Topics for IT Support Professionals
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Its primary function is to manage and organize resources like users, computers, and groups in a network, allowing for centralized administration, authentication, and authorization.
A domain is a logical group of network objects (users, computers, devices) that share the same Active Directory database. Domains provide a way to manage a large number of objects and enforce security policies across them.
Organizational Units (OUs) are containers within a domain that can hold users, groups, computers, and other OUs. They are used to organize and manage objects in a structured manner, allowing for the application of Group Policies and delegation of administrative control.
To create a new user account in Active Directory, you typically:
- Open “Active Directory Users and Computers” (ADUC).
- Right-click the desired OU where the user should be created.
- Select “New” > “User.”
- Enter the required details such as First Name, Last Name, and User Logon Name.
- Set the user’s initial password and configure any additional settings as needed.
- Click “Finish” to create the user account.
A Group Policy Object (GPO) is a collection of settings that control the environment of user accounts and computer accounts. GPOs are used to apply security settings, install software, configure desktop environments, and enforce various other policies across the network.
Advertisement
A user account is associated with an individual user who logs into the network, while a service account is used by applications or services to interact with the operating system. Service accounts typically have more restrictive permissions and are used to run services without requiring a user to be logged in.
To reset a user’s password in Active Directory:
- Open “Active Directory Users and Computers” (ADUC).
- Navigate to the user’s account.
- Right-click on the user’s account and select “Reset Password.”
- Enter the new password and confirm it.
- Optionally, select the checkbox for “User must change password at next logon.”
- Click “OK” to reset the password.
“Active Directory Users and Computers” (ADUC) is a management console that allows administrators to manage and organize users, groups, computers, and OUs within a domain. It is used to create, delete, and modify objects in Active Directory.
A security group is used to assign permissions to resources within the domain, such as file shares and printers, and to control access. A distribution group, on the other hand, is used to create email distribution lists for sending messages to multiple users at once but cannot be used for assigning permissions.
The Global Catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain within a forest. It is used to speed up searches and logon processes in multi-domain environments by allowing users to find resources across the entire forest.
Advertisement
To add a computer to an Active Directory domain:
- Right-click “This PC” and select “Properties.”
- Click “Change settings” under the Computer name, domain, and workgroup settings.
- Click “Change” in the System Properties window.
- Select the “Domain” option, enter the domain name, and click “OK.”
- Enter credentials with permission to join the domain, then click “OK.”
- Restart the computer to apply the changes.
The “Account Lockout Policy” is used to prevent unauthorized access by locking a user account after a specified number of failed login attempts. To unlock a user’s account, an administrator can:
- Open “Active Directory Users and Computers” (ADUC).
- Navigate to the user’s account.
- Right-click on the account and select “Properties.”
- Go to the “Account” tab and check the “Unlock account” checkbox.
- Click “OK” to unlock the account.
To check if a user is a member of a specific group:
- Open “Active Directory Users and Computers” (ADUC).
- Navigate to the user’s account.
- Right-click the user and select “Properties.”
- Go to the “Member Of” tab to view the list of groups the user is a member of.
DNS (Domain Name System) translates domain names into IP addresses. It is crucial in an Active Directory environment because AD relies on DNS to locate domain controllers, services, and other resources within the network.
To move a user account from one OU to another:
- Open “Active Directory Users and Computers” (ADUC).
- Locate and select the user account you want to move.
- Drag and drop the user account into the desired OU, or right-click the account, select “Move,” and choose the new OU.
- Click “OK” to complete the move.
Advertisement
Active Directory Sites and Services is a tool used to manage the replication of data between domain controllers in different geographical locations. It helps to optimize network traffic by defining the topology of domain controllers and their replication schedules.
A Domain Controller (DC) is a server that authenticates and authorizes users and computers within a domain. It stores a copy of the Active Directory database and enforces security policies for the domain.
To find the SID of a user:
- Open “Active Directory Users and Computers” (ADUC).
- Navigate to the user’s account, right-click, and select “Properties.”
- Go to the “Attribute Editor” tab (you might need to enable “Advanced Features” in the “View” menu).
- Find the “objectSid” attribute to view the SID.
A trust relationship is a linkage between two Active Directory domains or forests that allows users in one domain to access resources in another. Trusts can be one-way or two-way and help in managing cross-domain authentication and authorization.
The Active Directory Administrative Center (ADAC) is a management tool that provides a graphical user interface for managing Active Directory objects. It allows administrators to perform tasks such as user and group management, delegate control, and manage Group Policies in a more intuitive way than traditional tools like ADUC.
Advertisement