What is Active Directory (AD) and its key components?
A directory service for managing users, computers, and resources. Key components: Domain Services (AD DS), Domain Controllers, Forests, Domains, Organizational Units (OUs).
What are Group Policy Objects (GPOs)?
Settings that control the working environment of user and computer accounts. Used to enforce security, deploy software, and standardize configurations across a network.
Explain the difference between a workgroup and a domain.
A workgroup is a peer-to-peer network with no central authentication. A domain is a client/server network with a central Active Directory server for authentication and management.
What is DNS and why is it critical for Active Directory?
Domain Name System translates hostnames to IP addresses. AD uses DNS to locate services like Domain Controllers; without DNS, AD cannot function.
What is DHCP?
Dynamic Host Configuration Protocol. It automatically assigns IP addresses, subnet masks, gateways, and DNS servers to client computers on a network.
A user cannot log in. What are your first steps?
Check: Incorrect password, account lockout, DNS issues, Domain Controller availability, network connectivity.
How do you troubleshoot a service that fails to start?
Check the Event Viewer for error messages, verify the service account credentials and permissions, and ensure dependent services are running.
What is Event Viewer and how do you use it?
A tool to view Windows logs. Key logs: System, Application, and Security. Used to diagnose errors, warnings, and audit events.
How do you monitor server performance?
Using Performance Monitor (PerfMon) and Resource Monitor to track metrics like CPU, Memory, Disk, and Network usage.
What is the purpose of Windows Server Update Services (WSUS)?
To manage, distribute, and automate the installation of Microsoft updates within a corporate network, rather than each PC downloading from the internet.
What is NTFS vs. Share Permissions?
NTFS permissions secure files/folders on the disk itself. Share permissions control access over the network. Effective permission is the most restrictive combination of both.
How do you handle patch management?
Test updates in a non-production environment, then deploy them in phases using WSUS or SCCM, following a defined maintenance schedule.
What is PowerShell and give an example of a useful cmdlet.
A task automation and configuration management framework. Example: Get-ADUser to retrieve user information from Active Directory.
What is the difference between a static IP and one from DHCP?
A static IP is manually assigned and permanent. A DHCP-assigned IP is dynamic and can change when the lease expires. Servers typically use static IPs.
What is Failover Clustering?
A feature that groups multiple servers to provide high availability for services and applications. If one server fails, another takes over.
What is the difference between Hyper-V and VMware?
Both are hypervisors for virtualization. Hyper-V is Microsoft's native solution, while VMware is a third-party product (e.g., vSphere/ESXi).
Explain what Azure AD is and how it differs from on-premises AD.
Azure AD is Microsoft's cloud-based identity service. On-prem AD uses a physical domain controller, while Azure AD is managed over the internet and designed for web-based services.
What is the Global Catalog in Active Directory?
A distributed data repository that contains a searchable, partial representation of every object in a forest. It enables finding objects across domains.
How would you recover a deleted file from a server?
Restore from a recent backup. If using Shadow Copies/Previous Versions is configured, you can restore it directly from the file's properties.
What is RDP and how do you secure it?
Remote Desktop Protocol for remote server access. Secure it by using strong passwords, changing the default port, and implementing Network Level Authentication (NLA).
What is the role of a FSMO (Flexible Single Master Operations) role?
Specific tasks in an AD forest that can only be performed by one Domain Controller at a time (e.g., Schema Master, Domain Naming Master).
What is the difference between a site and a domain in AD?
A domain is a logical security boundary. A site is a physical (geographical) concept representing a network segment with high-speed connectivity, used to optimize replication traffic.
