microsoft
Master the Forest: Top Active Directory Interview Questions & Answers | Lazy Admin Blog
Part 1: The Logical vs. Physical Structure
Understanding how AD is organized is the first step in mastering the service. Interviewers often look for the distinction between how objects are managed (logical) and how traffic flows (physical).
Logical Components
These define the administrative boundaries and hierarchy:
- Forest: The uppermost boundary. It contains one or more trees that share a common schema and global catalog.
- Tree: A collection of domains that share a contiguous namespace (e.g.,
corp.comanddev.corp.com). - Domain: The primary unit of replication and security. All objects in a domain share a common database (
ntds.dit). - Organizational Unit (OU): Containers used to organize objects within a domain. OUs are primarily used to delegate administration and apply Group Policy.
Physical Components
These define how AD exists on hardware and over the network:
- Domain Controllers (DC): The servers that host the AD database and handle authentication.
- Sites: A grouping of IP subnets connected by high-speed links. Sites are used to control replication traffic and ensure users log on to a local DC rather than one across a slow WAN link.
Part 2: The Core “Under the Hood” Mechanics
The Active Directory Database
The database is stored in %systemroot%\ntds as ntds.dit. Key files include:
- edb.log: Transaction logs (changes are written here first).
- res1.log / res2.log: Reserve logs to ensure the system can write to disk if space runs out.
- edb.chk: The checkpoint file that tracks which transactions have been committed to the database.
The Global Catalog (GC)
The GC is a partial, read-only replica of every object in the forest. It allows users to search for resources (like a printer in another domain) without needing to query every single DC in the forest.
SYSVOL Folder
The SYSVOL folder is a shared directory on every DC that stores the domain’s public files, including:
- Login scripts (Netlogon share).
- Group Policy Templates.
- It is kept in sync across all DCs using the File Replication Service (FRS) or DFSR.
Part 3: Protocols and Naming
LDAP (Lightweight Directory Access Protocol)
LDAP is the language used to talk to Active Directory. It follows the X.500 standard and uses TCP/IP.
- Distinguished Name (DN): The full path to an object (e.g.,
CN=JohnDoe,OU=Sales,DC=corp,DC=com). - Relative Distinguished Name (RDN): Just the object’s name (e.g.,
JohnDoe). - UPN (User Principal Name): The “email-style” login name (e.g.,
johndoe@corp.com).
Part 4: Essential Admin Tools
| Tool | Purpose |
| ADSIEdit | A low-level “registry editor” for Active Directory objects and attributes. |
| LDP | A tool for performing LDAP searches and operations manually. |
| Repadmin | The go-to command-line tool for diagnosing replication health. |
| Netdom | Used for managing trust relationships and joining computers to domains via CLI. |
| Dcpromo | (Legacy) The command to promote or demote a Domain Controller. |
Common Interview Scenario: “My Replication is Broken”
Answer: I would start by checking connectivity between sites. Then, I would use repadmin /showrepl to see which naming contexts (Domain, Configuration, or Schema) are failing. I’d also check the DNS SRV records to ensure the DCs can find each other.
#ActiveDirectory #SysAdmin #WindowsServer #ITJobs #TechInterview #Microsoft #Networking #ITOps #LazyAdmin