Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

OR
Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > Computers & Technology > Computers & IT

How Well Do You Know Active Directory Domain Services? Take the Quiz!

Ready for AD DS trivia questions? Challenge yourself with our Active Directory quiz!

Difficulty: Moderate
2-5mins
Learning OutcomesCheat Sheet
Paper art quiz scene with network nodes and server icons for Active Directory Domain Services on a sky blue background

Ready to level up your directory services prowess? Take our Active Directory Domain Services quiz - a hands-on Active Directory Quiz designed to test your AD DS trivia questions and real-world troubleshooting skills. You'll tackle challenging Active Directory quiz questions, gauge your AD DS knowledge test, and see how you fare on an Active Directory domain test that mirrors real IT scenarios. Whether you're an aspiring system administrator or a seasoned pro fine-tuning your expertise, this is your chance to learn key concepts and best practices. Dive into our Active Directory Quiz or explore Windows Server Active Directory Configuration tips, then hit "Start" to begin the challenge - and discover how much you really know!

What is the primary purpose of Active Directory Domain Services (AD DS)?
Centralized authentication and authorization
File storage and sharing
Database hosting services
Web server operations
AD DS is designed to store information about network objects and provide centralized authentication and authorization services for users and resources. It facilitates secure login and access control across the domain. It also provides directory-enabled management and policy administration. Microsoft Docs
What is a domain controller in an AD DS environment?
A server that hosts AD DS and processes authentication requests
A client workstation that accesses shared files
A DNS proxy for external queries
A DHCP server for IP address assignment
A domain controller holds a writable copy of the Active Directory database and is responsible for processing authentication and directory lookup requests. It replicates directory changes to other domain controllers. It ensures security and enforces directory policies. Microsoft Docs
Which container in AD DS is used to organize objects like users, groups, and computers?
Organizational Unit (OU)
Domain
Forest
Schema
Organizational Units are containers within a domain that help administrators group objects for delegation and policy application. They enable granular delegation of administration and easier management. OUs can be nested to reflect organizational structure. Microsoft Docs
Which protocol and port are used by default for LDAP queries in AD DS?
LDAP over TCP port 389
LDAPS over TCP port 636
HTTP over TCP port 80
Kerberos over UDP port 88
By default, AD DS listens for LDAP queries on TCP port 389. Secure LDAP (LDAPS) uses TCP port 636. These ports facilitate directory lookups and queries. Microsoft Docs
What is the Global Catalog in AD DS?
A read-only, partial replica of all objects in the forest
A backup copy of the domain controller database
A DNS zone for the entire forest
A special group policy container
The Global Catalog holds a partial attribute set of every object in the forest, allowing forest-wide searches without contacting every domain. It is replicated to designated Global Catalog servers. Clients use it for logon and address book queries. Microsoft Docs
What folder on a domain controller stores logon scripts and Group Policy templates?
SYSVOL
NTDS
Netlogon
%SystemRoot%
SYSVOL is a shared folder on domain controllers that stores logon scripts, group policy templates, and other files for replication. The Netlogon share resides within SYSVOL for scripts execution. It replicates across domain controllers using the File Replication Service or DFSR. Microsoft Docs
Which authentication protocol does AD DS use by default for domain logons?
Kerberos
NTLMv1
LDAP
SAML
Kerberos is the default network authentication protocol for Windows domains and AD DS environments. It provides mutual authentication and delegation. NTLM may be used for legacy support only. Microsoft Docs
What is the minimum domain functional level required to introduce a Windows Server 2016 domain controller?
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2016
To add a Windows Server 2016 domain controller, the domain functional level must be at least Windows Server 2008. This ensures compatibility of directory features. Raising functional levels unlocks more advanced capabilities. Microsoft Docs
Which FSMO role is responsible for assigning unique RID pools to domain controllers?
RID Master
PDC Emulator
Schema Master
Infrastructure Master
The RID Master FSMO role allocates pools of relative identifiers to each domain controller, ensuring unique security identifiers. Without this role, DCs cannot create new security principals. It is critical for account creation. Microsoft Docs
What PowerShell cmdlet can you use to raise the forest functional level?
Set-ADForestMode
Set-ADForest
Raise-ADForestDomainMode
Set-ADFunctionalLevel
The Set-ADForestMode cmdlet is used to raise or view the forest functional level in AD DS. You specify the -Identity parameter and the desired mode. It requires the ActiveDirectory module. Microsoft Docs
In a multi-domain forest, which server should be running the Global Catalog role to facilitate forest-wide searches?
At least one Global Catalog server per site
Only the schema master
Any member server
Only the infrastructure master
Deploying at least one Global Catalog server in each site ensures clients can perform forest-wide searches locally. The GC holds a partial attribute set of all objects in the forest. This reduces cross-site traffic and logon latency. Microsoft Docs
Which tool can you use to perform metadata cleanup after a failed domain controller demotion?
ntdsutil
dcdiag
repadmin
adprep
The ntdsutil utility provides a metadata cleanup option to remove references to a decommissioned or failed domain controller. It helps avoid lingering objects and replication issues. This operation must be run on a writable domain controller. Microsoft Docs
How can you create a Read-Only Domain Controller (RODC) in a branch office?
Use the Active Directory Domain Services Installation Wizard and select Read-only domain controller
Install AD LDS with read-only option
Use repadmin to create an RODC
Promote it as a normal DC and convert it later
During promotion, the AD DS Deployment Wizard offers an option to deploy a Read-Only Domain Controller. RODCs hold a read-only copy of the directory and help secure branch offices. They require password replication policies. Microsoft Docs
What DNS record type is required for AD DS domain controllers to register to facilitate site-aware client logon?
SRV record
A record
CNAME record
NS record
Domain controllers register service (SRV) records in DNS to advertise LDAP and Kerberos services. Clients query these SRV records to find the nearest DC for logon and directory access. Site-aware SRV records include site names. Microsoft Docs
What is the default replication interval for domain controllers within the same AD DS site?
180 seconds
5 minutes
15 minutes
3 hours
By default, intra-site replication occurs every 180 seconds between domain controllers. This frequent schedule ensures timely directory synchronization. The interval can be modified in site link settings. Microsoft Docs
Which Group Policy feature allows user settings to be applied based on the computer's organizational unit instead of the user's OU?
Loopback processing
Block inheritance
Security filtering
WMI filtering
Loopback processing in Group Policy replaces or merges user settings based on the computer's OU rather than the user's OU. It is useful in scenarios like kiosks or classrooms. You configure it under Computer Configuration. Microsoft Docs
What is the role of the Knowledge Consistency Checker (KCC) in AD DS?
It automatically generates and maintains the replication topology
It authenticates domain controllers
It logs directory service events
It manages Group Policy application
The KCC runs on each domain controller to dynamically generate the intra- and inter-site replication topology based on site links. It ensures efficient replication paths. Administrators do not normally need to modify its output. Microsoft Docs
What is the effect of raising the domain functional level to Windows Server 2008 R2?
Enables Active Directory Recycle Bin and fine-grained password policies
Disables compatibility with Windows Server 2003 DCs
Automatically upgrades the AD schema to Windows Server 2012
Migrates FSMO roles to a new DC
Windows Server 2008 R2 domain functional level enables the Active Directory Recycle Bin and fine-grained password policies. It does not remove support for older DCs by default. Schema upgrades and FSMO migrations are separate operations. Microsoft Docs
In AD DS replication, what is a USN rollback and when might it occur?
It occurs when a DC is restored from a snapshot, causing inconsistent Update Sequence Numbers
It happens during normal replication to synchronize USNs
It is a planned rollback by the RID Master
It occurs when the domain functional level is lowered
A USN rollback happens when a domain controller is reverted to a previous state via unsupported snapshot restore, causing its USNs to decrease. This breaks replication consistency. Restoring from proper backups using authoritative restore avoids this. Microsoft Docs
Which partition in AD DS stores forest-wide configuration data, such as site links and replication schedules?
Configuration partition
Schema partition
Domain partition
Application partition
The Configuration partition holds forest-wide topology data, including site definitions, site links, and replication schedules. It is replicated to every domain controller in the forest. Schema and domain partitions serve different scopes. Microsoft Docs
What is the primary difference between AD LDS (Lightweight Directory Services) and AD DS?
AD LDS does not require domains or forests and serves directory-enabled applications
AD LDS only runs on Windows Server Core
AD LDS uses DNS for replication
AD LDS has built-in Group Policy support
AD LDS is a standalone directory service for applications, without domain or forest requirements. It stores application data without relying on AD DS domain structure. It does not support Group Policy or standard domain authentication. Microsoft Docs
What tool would you use to pre-stage computer accounts for RODC installation?
Active Directory Users and Computers
ADSI Edit
ntdsutil
repadmin
Pre-staging an RODC account is done in Active Directory Users and Computers by creating the computer account and specifying that it will host an RODC. This ensures secure password replication policies. ADSI Edit is not normally used for this. Microsoft Docs
How can you enable the Active Directory Recycle Bin feature?
Use Enable-ADOptionalFeature cmdlet with -ForestScope for the Recycle Bin feature
Select the Recycle Bin checkbox in ADUC
Run repadmin /enablebin
Raise the domain functional level to Windows Server 2016
You enable the AD Recycle Bin with the Enable-ADOptionalFeature cmdlet in PowerShell, specifying the feature name and forest scope. This requires the forest functional level to be at least Windows Server 2008 R2. There is no GUI checkbox in ADUC. Microsoft Docs
During an authoritative restore of AD DS, which tool is used to mark restored objects as authoritative?
ntdsutil
wbadmin
repadmin
adrestore
The ntdsutil tool provides the authoritative restore command to mark objects or the entire directory as authoritative after a system state restore. This ensures changes replicate to other DCs. wbadmin is used for backups only. Microsoft Docs
When troubleshooting AD DS performance issues, which database maintenance operation should you schedule during off-peak hours to maintain database integrity and performance?
Offline defragmentation of the NTDS.dit database
Active defragmentation via automatic maintenance
Daily checkpoint backup
Log file truncation
An offline defragmentation using esentutl or ntdsutil compacts the NTDS.dit database and reclaims unused space, but requires the directory service to be stopped. It improves performance and should be scheduled during maintenance windows. Active defragmentation is automatic and continuous. Microsoft Docs
0
{"name":"What is the primary purpose of Active Directory Domain Services (AD DS)?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What is the primary purpose of Active Directory Domain Services (AD DS)?, What is a domain controller in an AD DS environment?, Which container in AD DS is used to organize objects like users, groups, and computers?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Study Outcomes

  1. Understand AD DS Architecture -

    Identify key components such as domain controllers, forests, and domains, and explain their roles within the Active Directory Domain Services environment.

  2. Analyze AD DS Troubleshooting Scenarios -

    Assess real-world issues presented in the quiz and determine root causes and remedies for common directory service errors.

  3. Apply Group Policy Best Practices -

    Demonstrate how to create, link, and manage Group Policy Objects to enforce security and configuration settings across your directory.

  4. Manage Users and Organizational Units -

    Configure and delegate permissions for user accounts and OUs, using hierarchical design principles to streamline administration.

  5. Optimize AD DS Replication Processes -

    Explain how replication works between domain controllers, identify replication issues, and implement strategies to maintain consistency and performance.

  6. Evaluate AD DS Security Measures -

    Implement and assess security controls like delegation, object auditing, and access control lists to protect directory data and resources.

Cheat Sheet

  1. Understanding AD DS Architecture -

    Active Directory Domain Services quiz takers must master the hierarchy of forests, domains, trees, and organizational units (OUs). According to Microsoft Docs, forests act as top-level security boundaries while domains manage object databases. Use the mnemonic "F DOT" (Forest, Domain, OU, Trust) to quickly recall core AD DS components during the quiz.

  2. LDAP and DNS Integration -

    When preparing for your Active Directory domain test, remember that AD DS relies on DNS to locate services via SRV records. Official Windows Server documentation shows that clients query _ldap._tcp.dc._msdcs. to find domain controllers. Study this SRV record format and practice a dig or nslookup example to solidify your understanding.

  3. FSMO Roles and Mnemonics -

    AD DS trivia questions often cover the five Flexible Single Master Operations (FSMO) roles: Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master. A handy mnemonic is "Dr. PINS" (Domain Naming, RID, PDC, Infrastructure, Schema) to recall each role quickly. Review role transfer methods in Microsoft TechNet to understand how and when to seize or transfer them during an AD DS knowledge test scenario.

  4. Group Policy Processing Order -

    Active Directory quiz questions frequently test the GPO application order: Local, Site, Domain, then OU (LSDO). Microsoft's Group Policy documentation states that last-in wins, so an OU GPO can override domain-level settings. Remember the rhyme "Lazy Students Drink Oranges" to lock the processing sequence in your memory.

  5. Replication Topology & Troubleshooting -

    For your AD DS knowledge test, understand multi-master replication and the Knowledge Consistency Checker (KCC) algorithm that auto-generates replication links. Use the repadmin /showrepl command to verify inbound and outbound replication status, as recommended by enterprise deployment guides. Practice diagnosing replication latency by checking USN and invocation ID differences to troubleshoot real-world scenarios.

Make a Quiz (FREE) Copy & Edit This Quiz Create a Quiz with AI

Computers & IT Quizzes

Powered by: Quiz Maker