Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

OR
Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > Computers & IT

Active Directory Quiz for Admins: Check Your Core Skills

Quick, free active directory test of real admin tasks. Instant results.

Editorial: Review CompletedCreated By: Caren OrenoUpdated Aug 25, 2025
Difficulty: Moderate
2-5mins
Learning OutcomesCheat Sheet
Paper art style illustration of Active Directory network icons and quiz elements on golden yellow background

This Active Directory quiz helps you check your skills with users, groups, OUs, LDAP, and delegation. If you want more practice, try the active directory skills quiz, hone your knowledge with a focused domain controller quiz, or benchmark with an Active Directory test. Get instant feedback when you finish.

What is Active Directory primarily used for in Windows environments?
A solution for antivirus and malware protection
A tool for network traffic analysis
A cloud storage platform for files
A directory service for managing identities and access
Active Directory is a directory service that centralizes authentication and authorization for users and computers in a Windows domain. It stores directory data and manages communication between users and domains. Administrators use AD to organize and secure network resources efficiently.
Which default port does LDAP use for directory service queries?
636
389
3389
3268
LDAP uses port 389 by default for client and server communication in Active Directory. Secure LDAP (LDAPS) uses port 636. Other ports like 3268 are for Global Catalog queries.
What is the default container where new user accounts are created in Active Directory?
Users
Builtin
Domain Controllers
Computers
By default, new user accounts are placed in the "Users" container when created without specifying an OU. This built-in container is present in each domain. Administrators often move objects into OUs for delegation and policy application.
What does an Organizational Unit (OU) allow administrators to do?
Delegate permissions and apply Group Policy
Host application servers
Monitor network traffic
Store backup copies of AD
An OU is a container within AD used to organize users, groups, and computers. Administrators delegate control of an OU to limit scope of administrative privileges. Group Policy Objects can also be linked to OUs for targeted policy application.
What is the role of the Global Catalog server in Active Directory?
It stores Group Policy templates only
It runs DNS services exclusively
It provides a searchable catalog of all objects in the forest
It handles time synchronization across the network
The Global Catalog holds a partial, read-only replica of every object in the forest to facilitate searches across domains. It speeds up logons by providing universal group membership. It does not host DNS exclusively or handle time sync.
What is a User Principal Name (UPN) format in Active Directory?
DOMAIN\username
domain.com/user
username:password@domain
username@domain.com
A UPN is formatted as UserName@DNSDomainName and provides a logon name that resembles an email address. It simplifies logon experiences across forests and trusts. The DOMAIN\username form is the NetBIOS logon name, not a UPN.
Which DNS record type is used by domain controllers to advertise the LDAP service?
SRV record
CNAME record
TXT record
A record
DCs register SRV records in DNS under _ldap._tcp for domain service discovery. Clients query these records to locate appropriate domain controllers. A or CNAME records simply map hostnames to IPs.
Which command-line tool can be used to join a Windows computer to an Active Directory domain?
gpupdate
dsquery
repadmin
netdom join
The Netdom utility includes a "join" command that adds a computer to a domain via command line. dsquery queries directory objects, repadmin manages replication, and gpupdate refreshes Group Policy.
Which default group contains domain administrators with full control over the domain?
Print Operators
Domain Admins
Backup Operators
Account Operators
The "Domain Admins" group is a privileged security group in each domain that has full control over all domain controllers and objects. Other built-in groups have more limited administrative rights.
What is the primary difference between a Global group and a Universal group?
Global can be nested in Universal only, not vice versa
Universal groups can only be created at the forest root, global anywhere
Global group has no replication, while Universal replicates to all DCs
Global group can contain members only from its own domain, while Universal can contain members from any domain in the forest
Global groups scope membership to a single domain and are replicated to domain controllers in that domain. Universal groups can have members from any domain and are replicated to the Global Catalog. This affects replication traffic and group nesting strategies.
Which tool is used to delegate control over an OU in Active Directory?
Group Policy Management Console
Active Directory Users and Computers
ADSI Edit
Event Viewer
ADUC includes a Delegation of Control Wizard that lets administrators grant specific permissions on an OU. GPMC manages Group Policy, ADSI Edit is for low-level edits, and Event Viewer views logs.
Where are Group Policy Objects stored within Active Directory?
In the registry of client machines
In the SYSVOL share on domain controllers
In the NTDS.dit database exclusively
In the Users container
Each GPO is stored as files in the SYSVOL share and as objects in the Active Directory database. Clients pull the file version from SYSVOL and the AD version from NTDS.dit. They are not stored in user containers or client registries.
What is the purpose of Active Directory Sites and Services?
To administer DHCP scopes
To manage user logins
To monitor antivirus status
To manage replication and define network topology
Sites and Services allows admins to define physical network segments, configure replication schedules, and associate subnets with sites. It ensures efficient replication traffic and logon site awareness. It does not directly manage DHCP or antivirus.
What is Active Directory Lightweight Directory Services (AD LDS) primarily used for?
Host web applications
Provide directory services for applications without requiring domains
Replace DNS services
Manage DHCP reservations
AD LDS is a lightweight, standalone directory instance that applications can use to store directory data without deploying full AD DS. It does not require domain controllers or DNS. It is not used for DHCP or web hosting.
Which policy would you configure to enforce password complexity in a domain?
Organizational Unit policy
Local Computer Policy
Default Domain Controllers Policy
Default Domain Policy
Password policies (complexity, length, history) are applied at the domain level via the Default Domain Policy. DCs enforce these settings on all domain accounts. OU and local policies do not override domain password policies.
Which service replicates the contents of the SYSVOL folder between domain controllers?
Hyper-V Replica
NTFS Replicator
Distributed File System Replication (DFSR)
BranchCache
Modern Windows Server uses DFSR to replicate SYSVOL contents reliably and efficiently. Older versions used FRS, but DFSR is the current recommended replication engine. BranchCache and Hyper-V Replica serve different purposes.
What authentication protocol does Active Directory use by default?
Kerberos
SAML
LDAP
NTLM
Kerberos is the default authentication protocol in Active Directory for domain-joined resources. NTLM is used as a fallback for non-Kerberos compatible systems. LDAP is a directory access protocol, and SAML is used in federated identity scenarios.
Which attribute in Active Directory uniquely identifies a security principal?
distinguishedName
sAMAccountName
objectSID
objectGUID
objectSID is the unique security identifier used by Windows to manage permissions. objectGUID is a unique object identifier but not used for security. sAMAccountName is a logon name, and distinguishedName is the full path in the directory.
How many FSMO roles exist in an Active Directory forest and domain?
Four
Five
Three
Six
Active Directory has five FSMO roles: Schema Master and Domain Naming Master at the forest level, and RID Master, PDC Emulator, and Infrastructure Master at the domain level. These roles prevent conflicts in multi-master replication.
Which FSMO role is responsible for processing password changes quickly for backward compatibility?
RID Master
PDC Emulator
Infrastructure Master
Schema Master
The PDC Emulator role handles password changes immediately so that legacy NTLM clients can validate credentials against the updated password. It also manages time synchronization and other compatibility tasks.
Which PowerShell cmdlet can you use to install a Read-Only Domain Controller (RODC)?
Add-WindowsFeature
Install-ADDSDomainController
New-ADUser
Install-ADDSDomain
Install-ADDSDomainController is used in PowerShell to deploy a new domain controller, including an RODC when the ReadOnlyReplica parameter is specified. Install-ADDSDomain is for new domains.
What are Fine-Grained Password Policies implemented with in Active Directory?
Local security policy
Group Policy Objects
Security templates
Password Settings Objects (PSOs)
Fine-Grained Password Policies use PSOs stored in the System container of the domain to apply different password and lockout settings to users or groups. GPOs cannot provide fine-grained control within a single domain.
In an LDAP distinguished name, what is the order from left to right?
OU, CN, DC
DC, CN, OU
DC, OU, CN
CN, OU, DC
Distinguished Names in LDAP start with the relative distinguished name (RDN) like CN (Common Name), followed by parent OUs, and end with DC (Domain Components). The order reflects the object's path from leaf to root.
What is the purpose of the Active Directory metadata cleanup process?
Migrate FSMO roles
Optimize performance
Remove references to decommissioned domain controllers
Backup the AD database
Metadata cleanup removes stale data about a domain controller that was removed improperly, cleaning up lingering objects like NTDS Settings. This prevents replication and authentication issues. It does not migrate roles or back up the database.
How can administrators modify the replication schedule between sites?
Using Sites and Services
Using Group Policy
Using ADSI Edit
Using DNS Manager
Active Directory Sites and Services lets admins configure site links and define replication schedules and costs between sites. Group Policy and ADSI Edit do not control replication. DNS Manager manages DNS zones, not AD replication.
What is the tombstone lifetime in Active Directory by default on Windows Server 2016?
30 days
180 days
365 days
60 days
On Windows Server 2008 and later functional levels, the default tombstone lifetime is 180 days. This setting defines how long deleted objects are retained before permanent removal. It helps ensure replication consistency.
Which tool is used to extend the Active Directory schema?
Using repadmin /add to extend schema
Using GPMC to extend schema
Using adprep /domainprep to extend schema
Using ldifde to import schema modifications
Ldifde is the tool for importing LDIF files that define schema changes into AD. Adprep /forestprep updates schema during OS upgrade but not for custom extensions. Repadmin and GPMC do not modify schema.
What must be configured when establishing a forest trust between two Active Directory forests?
Time synchronization only
Same root domain
DNS resolution between forests
Identical schema versions
Forest trusts require proper DNS resolution so domain controllers can locate each other across forests. While time sync is important, DNS is critical for lookups. Schema versions need not match exactly, and separate forests do not share a root.
How does the Active Directory Recycle Bin affect object restoration?
Preserves only essential attributes
Preserves all attributes and linked objects when restored
Resets all group memberships
Permanently deletes objects on reboot
The AD Recycle Bin restores deleted objects with all attributes intact, including group memberships and linked resources. Without it, a restore from backup is needed, which may lose some data. It does not require a reboot to function.
0
{"name":"What is Active Directory primarily used for in Windows environments?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What is Active Directory primarily used for in Windows environments?, Which default port does LDAP use for directory service queries?, What is the default container where new user accounts are created in Active Directory?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Study Outcomes

  1. Troubleshoot LDAP Connections -

    Identify and resolve common directory service issues by analyzing LDAP communication patterns presented in our LDAP Active Directory quiz.

  2. Delegate OU Control in AD -

    Apply delegation techniques from the Delegating control in Active Directory test to assign granular permissions across organizational units.

  3. Manage OUs via MMC -

    Navigate the Microsoft Management Console scenarios in the MMC OU creation quiz to create, configure, and secure organizational units effectively.

  4. Apply AD Management Best Practices -

    Implement governance and security strategies highlighted in the Active Directory management quiz to optimize directory health and reliability.

  5. Validate User and Group Configurations -

    Examine and correct user and group permission setups within the Active Directory Quiz to ensure proper access control throughout the domain.

Cheat Sheet

  1. Logical vs. Physical AD Structure -

    Active Directory's logical layout includes forests, trees, domains, and OUs, while the physical structure uses sites and domain controllers to optimize replication. A handy mnemonic is "F T D O" (Forests, Trees, Domains, OUs) to recall the logical hierarchy. (Source: Microsoft Learn, "Active Directory logical structure")

  2. LDAP Filter Syntax & Troubleshooting -

    LDAP filters use operators like "&" for AND and "|" for OR, e.g., (&(objectClass=user)(sAMAccountName=jdoe)) to locate specific user accounts. Remember to wrap every attribute filter in parentheses as defined in RFC4511 to avoid query errors. (Source: RFC4511, Microsoft Docs "LDAP Queries")

  3. Delegating Control in OUs -

    The Delegate Control Wizard lets you grant precise permissions - like "Create user objects" - without elevating administrators to full Domain Admin. Embrace the principle of least privilege: "Give only enough power to get the job done!" (Source: Microsoft TechNet "Delegate Control Wizard")

  4. Custom MMC Console for AD Tasks -

    Use MMC snap-ins (e.g., AD Users and Computers) to build task-specific consoles and save them as .msc files for rapid access. Custom views and taskpads streamline repetitive tasks, boosting your management efficiency. (Source: Microsoft Docs "Create a custom MMC console")

  5. Key AD Troubleshooting Tools -

    Core utilities like dcdiag (diagnostics), repadmin (replication checks), and Event Viewer are essential for pinpointing connectivity and replication faults. Recall the sequence D-R-E (Diagnostics, Replication, Event logs) to ensure a systematic approach. (Source: Microsoft Support "Troubleshooting Active Directory")

Make a Quiz (FREE) Copy & Edit This Quiz Create a Quiz with AI

Computers & IT Quizzes

Powered by: Quiz Maker