Daniel Petri’s MCSE & System Administrator Interview Questions – Part 6 – Windows Server 2008/R2 Active Directory

by Daniel Petri - June 28, 2010

This is a part 6 of my MCSE and System Administrator job interview sample questions See previous parts at:

Like previous parts, this article set is targeted at both the interviewer (who needs a pool of valid questions they can ask) and to the candidate (who wants a pool of sample questions they can prepare for). Needless to say, both MUST know what they're talking about. Also, although I consider these questions as a thorough verbal test for the candidate's knowledge, in most cases, when he or she passes this phase, I will also ask them to perform an actual hands-on lab based on my written exercises. I might also include these in a future part of this session.

I have deliberately left out the answers to these questions. I want YOU to research them and take the time to actually learn these topics, if you don't know them already.

Most sub topics start off with relatively easy questions where the candidate is supposed to demonstrate their knowledge on that topic. A few sentences will be enough to show their (lack of) knowledge on the topic.

As always, your comments and feedback are more than welcome. Use the "Comment" form below to send them in. If you're using this interview question sample in your own environment please drop me a line telling me how it works for you.

For a Windows Server 2003 version, see my MCSE and System Administrator Job Interview Questions - Part 2 - Windows Server 2003 Active Directory article.

Please note that you are encouraged to use both versions. Start by going through the Windows Server 2003 version, pick the questions you think will be suited for both versions, and move on from there.

Note that because of the nature of this topic, there may be some questions that will appear twice, once on the Windows Server 2003 version, and once here.

Technical Interview Questions - Windows Server 2008/R2 Active Directory

  • What is Active Directory?
  • What is LDAP?
  • Where is the AD database held? What other folders are related to AD?
  • Talk about all the AD-related roles in Windows Server 2008/R2.
  • What are the new Domain and Forest Functional Levels in Windows Server 2008/R2?
  • What is the SYSVOL folder?
  • What are the AD naming contexts (partitions)s and replication issues for each NC?
  • What are application partitions?
  • What applications or services use AD application partitions? Name a couple.
  • How do you create a new application partition?
  • What are the requirements for installing AD on a new server?
  • What can you do to promote a server to DC if you're in a remote location with slow WAN link?
  • ...
  • How do you view replication properties for AD partitions and DCs?
  • What is the Global Catalog?
  • How do you view all the GCs in the forest?
  • Why not make all DCs in a large forest as GCs?
  • Talk about GCs and Universal Groups.
  • Describe the time synchronization mechanism in AD.
  • What is ADSIEDIT? What is NETDOM? What is REPADMIN?
  • What is DCDIAG? When would you use it?
  • ...
  • What are sites? What are they used for?
  • What's the difference between a site link's schedule and interval?
  • What is the KCC?
  • What is the ISTG? Who has that role by default?
  • Talk about sites and GCs.
  • Talk about sites and Exchange Server 2007/2010.
  • ...
  • What is GPO?
  • Describe the way GPO is applied throughout the domain.
  • What can you do to prevent inheritance from above?
  • How can you override blocking of inheritance?
  • Name some of the major changes in GPO in Windows Server 2008.
  • What are ADM files? What replaced them in Windows Server 2008?
  • What's the GPO repository? How do you use it?
  • What are GPO Preferences?
  • Which client OSs can use GPO Preferences?
  • What are GPO Templates?
  • What are WMI Filters?
  • What is the concept behind GPO Filtering?
  • How can you determine what GPO was and was not applied for a user? Name a few ways to do that.
  • A user claims he did not receive a GPO, yet his user and computer accounts are in the right OU, and everyone else there gets the GPO. What will you look for?
  • You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that?
  • ...
  • What are the major changes in AD in Windows Server 2008?
  • What are the major changes in AD in Windows Server 2008 R2?
  • What is the AD Recycle Bin? How do you use it?
  • What is tombstone lifetime attribute?
  • What are AD Snapshots? How do you use them?
  • What is Offline Domain Join? How do you use it?
  • What are Fine-Grained Passwords? How do you use them?
  • Talk about Restartable Active Directory Domain Services in Windows Server 2008/R2. What is this feature good for?
  • What are the changes in auditing in Windows Server 2008/R2?
  • ...
  • How can you forcibly remove AD from a server, and what do you do later?
  • Can I get user passwords from the AD database?
  • What tool would I use to try to grab security related packets from the wire?
  • Talk about PowerShell and AD.
  • ...
  • How do you backup AD?
  • How do you restore AD?
  • Talk about Windows Backup and AD backups.
  • How do you change the DS Restore admin password?
  • Why can't you restore a DC that was backed up 7 months ago?
  • What's NTDSUTIL? When do you use it?
  • ...
  • What are RODCs?
  • What are the major benefits of using RODCs?
  • How do you install an RODC?
  • Talk about RODCs and passwords.
  • What is Read Only DNS?
  • What happens when a remote site with an RODC loses connectivity to the main site?
  • ...
  • Talk about Server Core and AD.
  • How do you promote a Server Core to DC?
  • ...
  • What are the FSMO roles? Who has them by default? What happens when each one fails?
  • How can you tell who holds each FSMO role? Name a 2-3 of methods.
  • What FSMO placement considerations do you know of?
  • You want to look at the RID allocation table for a DC. What do you need to do?
  • What's the difference between transferring a FSMO role and seizing one? Which one should you NOT seize? Why?

Related Articles


Join The Petri Insider - Weekly IT Tutorial and Tips, Whitepaper and Webinars