Active Directory (AD) Windows Server & Azure Active Directory (Azure AD)

Imagine you have a big, magical house where you keep all your toys, games, and drawings. This house is your special place, you have the key to it, and only you decide what's inside it and who can come in.

An "On-Premises environment" is a bit like this magical house, but instead of toys and drawings, there are computers, programs, and important information for a company. All of this is located in one place, for example, in a special room at the company's office. The company takes care of these computers by itself, updating them, fixing them when something breaks, and deciding who can use them.

It's a bit like playing games on your own computer at home, instead of playing games online where you use someone else's computers far away. In an on-premises environment, everything is under the company's control - just like in your magical house, where you are in charge of everything.

1. What is Active Directory?

   • It's a Microsoft directory service for managing network resources and identities.

2. What are the types of groups in AD?

   • There are two types: distribution groups and security groups.

3. What is a GPO?

   • Group Policy Object, used for central management of user and computer settings.

4. What are the types of domain controllers?

   • There are two: Primary Domain Controller (PDC) and Additional Domain Controller (ADC).

5. What is an OU in AD?

   • Organizational Unit, used for grouping and managing objects.

6. What is LDAP?

   • Lightweight Directory Access Protocol, a protocol for searching and modifying directory services.

7. What are AD forest functional levels?

   • Windows 2000, Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows Server 2016.

8. What is FSMO?

   • Flexible Single Master Operations, special domain controller roles in AD.

9. What are the FSMO roles?

   • Schema Master, Domain Naming Master, PDC Emulator, RID Master, Infrastructure Master.

10. What is RID in AD?

    • Relative Identifier, part of the SID assigned to each object in AD.

11. How to back up AD?

    • Using built-in Windows tools, such as Windows Server Backup.

12. How to restore AD?

    • Using system restore options or tools like Windows Server Backup.

13. What is replication in AD?

    • The process of synchronizing data between domain controllers.

14. What is the Global Catalog?

    • It's a distributed database containing information about all objects in the forest.

15. What are the types of trusts in AD?

    • One-way, two-way, external, forest, and shortcut trusts.

16. What is sysvol?

    • A shared folder by domain controllers containing login scripts and group policies.

17. How to manage AD remotely?

    • Using tools like RSAT (Remote Server Administration Tools).

18. What are the requirements to promote a server to a domain controller?

    • The server must be a member of an existing domain or forest.

19. How to demote a domain controller?

    • Using the dcpromo tool or Server Manager in newer Windows versions.

20. What is dcpromo?

    • A tool for promoting and demoting domain controllers.

21. What are the differences between AD and Azure AD?

    • AD is an on-premise directory service, while Azure AD is a cloud-based identity management service.

22. What are the main benefits of using AD?

    • Centralized identity and security management, easier resource and user management.

23. What is ADFS?

    • Active Directory Federation Services, a service for federated identity management.

24. How to secure AD?

    • Regular updates, limiting permissions, monitoring and auditing, enforcing password policies.

25. What is security filtering in GPO?

    • Limiting the scope of a GPO to specific users, groups, or computers.

26. How to update the AD schema?

    • By adding new object definitions and attributes using AD schema updates.

27. How to recover deleted objects in AD?

    • Using tools like Active Directory Recycle Bin or Authoritative Restore.

28. What is "tombstoning" in AD?

    • The process of keeping deleted objects for a specific period before they are permanently deleted.

29. What is sIDHistory?

    • An attribute of a user object that stores previous SIDs for user migration.

30. What are the requirements to apply a GPO?

    • The computer or user must be part of a domain and have appropriate permissions.

31. What are typical issues with AD?

    • Replication problems, user login issues, GPO configuration errors.

32. How to monitor AD?

    • Using tools like Windows Event Viewer, performance monitoring, and third-party tools.

33. What is Kerberos?

    • An authentication protocol used in AD for secure login.

34. How to perform an AD migration?

    • By planning the migration, testing the environment, using migration tools.

35. What are best practices for managing AD?

    • Regular backups, limiting permissions, regular security reviews.

36. What is a computer object in AD?

    • An object representing a computer in the network, managed by AD.

37. What is LDAP Injection?

    • A

type of attack where the attacker manipulates LDAP queries.

1. How to manage certificates in AD?

   • Through Certificate Services and Group Policy.

2. What is "delegating control" in AD?

   • The process of granting limited permissions to users or groups.

3. How to configure trusts between domains?

   • Using the New Trust wizard in Active Directory Domains and Trusts.

4. What is "multi-master replication" in AD?

   • A replication model where each domain controller can accept changes.

5. What is an "organizational unit" (OU) in AD?

   • A container in AD used for grouping users, groups, and other objects.

6. How to secure passwords in AD?

   • By using strong password policies, enabling encryption, implementing LAPS.

7. What are the limitations of AD?

   • Scalability limitations, complexity of management, infrastructure requirements.

8. What is a "read-only domain controller" (RODC)?

   • A domain controller that does not store sensitive data on-site.

9. What are the FSMO roles and why are they important?

   • FSMO roles are special domain controller roles critical for the functioning of AD.

10. How to upgrade the domain functional level?

    • By changing the functional level in Active Directory Domains and Trusts.

11. What is a "forest" in AD?

    • The highest level of organization in an AD environment, containing one or more domains.

12. How to manage DNS with AD?

    • By configuring DNS settings within the AD environment and ensuring proper DNS server settings.

13. What is the impact of AD on network security?

    • AD plays a crucial role in network security by managing user access, enforcing policies, and integrating with security tools.