Interview Question on AD

A guy happened to ask me this question a couple of months back in an Interview -

" How is Active Directory Dependant on DNS ? "

The interview was for the position of a Systems Analyst. I have'nt completed 294 yet and have'nt even started it back then. Curious about how you guys would answer the question.
MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3

Comments

  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
  • Nishesh.PrasadNishesh.Prasad Member Posts: 185
    Thanks Astorr. I should have mentioned that i have already gone through the Technet article. I just wanted to know as to how would you guys put it together in the interview call if you knw what i mean.
    MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Only with understanding the material and the idea itself are you going to be able to give the coherent answer that the interviewer is looking for. If we were to give you a canned response to that question, I think it would be doing both yourself and the interviewer a disservice, as the goal is for them to understand your level of comprehension of the material and for you to showcase that knowledge.

    After all if repeating a canned response leads you into another question along the same path of questioning that you can't answer (but that you should be able to based on your previous answer) they are going to think that you are trying to pull the wool over their eyes.

    I believe it's always best to respond with something like "I don't know the answer to that, but I can tell you how I would find it out", and then go on to explain how you would do it. That way you turn a negative into a positive by showing them that you know how to admit when you don't know something, and how you are capable of researching the answer yourself (for example by searching TechNet).

    My 2¢.
  • elaverick1981elaverick1981 Member Posts: 161
    astorrs wrote: »
    After all if repeating a canned response leads you into another question along the same path of questioning that you can't answer (but that you should be able to based on your previous answer) they are going to think that you are trying to pull the wool over their eyes.

    I believe it's always best to respond with something like "I don't know the answer to that, but I can tell you how I would find it out", and then go on to explain how you would do it. That way you turn a negative into a positive by showing them that you know how to admit when you don't know something, and how you are capable of researching the answer yourself (for example by searching TechNet).

    I'd have to agree with Astorrs, a canned answer sticks out a mile away. The only thing worse is trying to bluster and bluff your way through an answer which I've heard a good few people do in various situations. Being able to admit you don't know everything can be quite highly valued provided you can show you know how to improve.

    As a general guideline to answering that sort of question however I'd start by offering a brief overview of the subject, deliniating the 3 main aspects of AD and DNS integration and then asking the interviewer if they'd like you to expand on any of the points you've mentioned. Prevents you from rambling and also lets the interviewer choose how much information you give them.
  • Nishesh.PrasadNishesh.Prasad Member Posts: 185
    Well i am being highly misunderstood here. All i wanted to know as to what ideas would any other person have towards answering this question. My purpose is not to 'copy' anyone's answer here ... the Technet is always available even if i have a mild intention of doing so and having said that the interview was conducted a couple of months back. I asked coz i thought getting other peoples perspective on this would'nt harm. I guess i should shut up.
    MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3
  • royalroyal Member Posts: 3,353
    I interviewed a candidate and asked how AD is dependent on DNS and he had no idea. He was interviewing for Notes to Exchange Migrations and AD. An AD consultant not knowing how AD is dependent on DNS or doesn't know how DNS on the internet works = no thanks.

    You don't want me on a technical interview. I will definitely make sure you know your ****.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • trackittrackit Member Posts: 224
    i think you where a little harsh to Nishesh.Prasad :) imo there is nothing wrong in his question. Its not like he is texting you from an interview looking for an answer :) Im sure the first thing he did when he got back was reading through some technical articles about AD and DNS stuff. He just wanted to know how would you have answered, thats it.

    I would answered something like this:

    "AD stores some information (location of some services that computers must access) in DNS (SRV records) and also AD uses DNS for name resolution."

    Of course im not saying that this is comprehensive answer or even that this is 100% correct answer ot anything like that. This is just how i would have answered and thats what Nishesh.Prasad wanted to know in the first place :)
  • mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    Thought I might just add that when I read this question, I realised I had no idea how AD is dependent on DNS. It sure wasn't covered in any study material I used for 294.
    I checked the links provided, asked the senior techs at work and googled a bit. I can now say that I have a much greater understanding of how an Active Directory network functions and could even answer this at an interview without sweating.
    Thanks guys!
  • rwwest7rwwest7 Member Posts: 300
    If you're an MCSA and don't know why AD depends on DNS, then that raises questions about how you obtained your MCSA Cert. I'm pretty sure it's covered way before 70-294.
  • undomielundomiel Member Posts: 2,818
    It wouldn't raise questions for me. There really isn't that much focus in the study materials or questions on how AD is supported by DNS. It goes over way more how DNS actually works. I couldn't really answer the question until I sat down and had researched it on my own time previously. I also know of a number of administrators I've worked with who could not answer the question whatsoever. So no, it wouldn't really call anything to question. Let's keep things friendly around here.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • skrpuneskrpune Member Posts: 1,409
    plus, it doesn't actually look like mikedisd2 has an MCSA yet - from the cert list, he's close (270 + 290, and has done 294) but no cigar yet. (I'm not picking on ya, mikedisd2, just trying to clarify! icon_wink.gif )
    Currently Studying For: Nothing (cert-wise, anyway)
    Next Up: Security+, 291?

    Enrolled in Masters program: CS 2011 expected completion
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    rwwest7 wrote: »
    If you're an MCSA and don't know why AD depends on DNS, then that raises questions about how you obtained your MCSA Cert. I'm pretty sure it's covered way before 70-294.

    The question was How is Active Directory Dependant on DNS , not why AD depends on DNS. Big difference.

    MCSA = 1 client exam, 70-290, 70-291 and 1 elective. Depending on your elective, one may never have had to answer that question before.

    There is so much to AD/DNS so I think the OP asked how to answer that question in an interview. It's easy to answer it sitting at a keyboard with google pulled up. A bit different sitting in front of an interviewer when you are probably nervous to start with.
    All things are possible, only believe.
  • bighornsheepbighornsheep Member Posts: 1,506
    sprkymrk wrote: »
    The question was How is Active Directory Dependant on DNS ...

    MCSA = 1 client exam, 70-290, 70-291 and 1 elective. Depending on your elective, one may never have had to answer that question before.

    I don't agree with this...anybody who's build a domain controller even in a single forest/domain environment will need to have configured the simplest DNS architecture.

    I'm not an MCSE and I don't work with servers anymore, but I think this question is extremely important; it's not even funny how many sysadmins I've seen who struggle with dcpromo because they don't understand how AD & DNS work together. The first reaction is... "those network guys must have screwed up the network"
    Jack of all trades, master of none
  • rwwest7rwwest7 Member Posts: 300
    I apoligize. I went back through my MCSA study books, and it doesn't actually say word for word "how" AD is dependant on DNS. All it says is "AD depends on the DNS method of name resolution for its most basic functioning", then I guess the book leaves it up to you to wonder why.
  • elaverick1981elaverick1981 Member Posts: 161
    Just for anyone flicking through this topic and wondering exactly how DNS and AD integrate then you might like to have a look at this - How DNS Support for Active Directory Works: Active Directory

    Which for anyone interested came from the MCM Pre-reading lists which I've just seen published here - The Master Blog : I'm wide awake and feel like I could read for weeks...


    EDIT: Doh, just noticed that's the document Astorrs pointed to right at the start of the thread. Ah well the reading list is good anyway :)
  • undomielundomiel Member Posts: 2,818
    Oh good find on that reading list elaverick. I've read about half that list at one point or another so I guess I'm half way to almost being ready to be a master. :D Everyone working on their MCSE and/or MCITP:EA should have read a fair number of those I believe.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I don't agree with this...anybody who's build a domain controller even in a single forest/domain environment will need to have configured the simplest DNS architecture.

    Uhh sorry, but setting up a simple AD forest/domain doesn't tell you how it all works together. Yes, you know it's important to get it right, but following the NEXT, NEXT, NEXT prompts of DCPROMO will get you a working domain without you realizing what goes on behind the scenes 95% of the time.

    Seriously, check out astorrs link and tell me how much of that you learn when you ran dcpromo in your test lab.
    I'm not an MCSE and I don't work with servers anymore, but I think this question is extremely important; it's not even funny how many sysadmins I've seen who struggle with dcpromo because they don't understand how AD & DNS work together. The first reaction is... "those network guys must have screwed up the network"

    A sysadmin struggles with dcpromo? Really, you've seen a lot? If a guy can't do a simple dcpromo there has got to be a lot more basic issues going on than not being able to answer the question the OP started this topic with.

    Let's not confuse the 70-291 topic of "Implementing, Managing, and Maintaining Name Resolution", because that really has little to do with the question.
    All things are possible, only believe.
  • bighornsheepbighornsheep Member Posts: 1,506
    sprkymrk wrote: »
    A sysadmin struggles with dcpromo? Really, you've seen a lot? If a guy can't do a simple dcpromo there has got to be a lot more basic issues going on than not being able to answer the question the OP started this topic with.

    My point is exactly this, I'm assuming the interviewer is interested in hiring a systems analyst/admin who can troubleshoot active directory issues as it relates to DNS resolution.

    I gave the example of dcpromo because I've seen too many people trying to do dcpromo on the first dc or additional dc with their dns pointed to 4.2.2.2 or some other external DNS servers.

    Anyway, I don't mean to argue the technicality of AD and DNS or how MCSA or the 291 exam relates; I'm supporting the fact that it was a valid question.

    icon_study.gif
    Jack of all trades, master of none
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I gave the example of dcpromo because I've seen too many people trying to do dcpromo on the first dc or additional dc with their dns pointed to 4.2.2.2 or some other external DNS servers.

    Yes, that's a common mistake by newbies, but it shouldn't be common at all to system administrators, which is why I questioned the example. I can't say I know ANY system admins that would make that mistake. Although, yes, you see it here on the forums a lot by people setting up their first test labs.

    Anyway, I don't mean to argue the technicality of AD and DNS or how MCSA or the 291 exam relates; I'm supporting the fact that it was a valid question.

    And I also fully agree that it's a very good question to ask at an interview, I never said it wasn't. I just challened a reply that stated an MCSA may have achieved his certified status by questionable means if he was not able to answer the question. Seriously, it's a tough question. They didn't ask "How do you setup a DC?" or "What is a stub zone?". They asked a wide open tough question on HOW Active Directory depends on DNS. There's a heckuva lot that goes into answering that if you really want to answer it intelligently. icon_cool.gif
    All things are possible, only believe.
  • bighornsheepbighornsheep Member Posts: 1,506
    sprkymrk wrote: »
    I can't say I know ANY system admins that would make that mistake.

    I'll refer about 15 of them to you which you can add to your company's do-not-hire list..... icon_lol.gif
    Jack of all trades, master of none
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I'll refer about 15 of them to you which you can add to your company's do-not-hire list..... icon_lol.gif

    Ouch! icon_lol.gif
    All things are possible, only believe.
  • rwwest7rwwest7 Member Posts: 300
    I think the OP should've at least told us what his response to the question was. I took his original post as telling us he basically had no response. Maybe he's just wondering if his answer is what cost him the job.

    But I still stand by my statement that an MCSA should at least be able to respond with domain controller locating and FQDN vs NetBIOS.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    rwwest7 wrote: »
    I think the OP should've at least told us what his response to the question was. I took his original post as telling us he basically had no response. Maybe he's just wondering if his answer is what cost him the job.


    Well, seeing as how this was a resurrected post from January, the OP probably hasn't been watching for replies. icon_lol.gif
    All things are possible, only believe.
  • rwwest7rwwest7 Member Posts: 300
    Doh! I thought it looked familiar.
  • ElwoodBluesElwoodBlues Member Posts: 117
    I just became a MCSA and can describe the basic principals; probably not to the degree some may desire. However, the MCSA courses are "management" courses, not design. Therefore, many may not have the exposure to know an engineer's expected response to a question of this nature.

    just my nickle.
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    royal wrote: »
    I interviewed a candidate and asked how AD is dependent on DNS and he had no idea. He was interviewing for Notes to Exchange Migrations and AD. An AD consultant not knowing how AD is dependent on DNS or doesn't know how DNS on the internet works = no thanks.

    You don't want me on a technical interview. I will definitely make sure you know your ****.

    I asked a candidate to replace me at my last job, "On which name resolution technology is Active Directory dependent?"

    He said (and this is something Royal should appreciate the most), "What's name resolution?"

    When I explained what it was, as if he hadn't already killed his chances, he said, "OHHHHH... WINS!!!"

    My reaction was simply saying, "I'm done!"

    Needless to say he didn't get the job.
    Good luck to all!
  • jojopramosjojopramos Member Posts: 415
    "Ohhhhh WINS" LOL hahahahahahaha... But seriously, my answer for this is just as simple as that AD uses DNS as its domain naming and location service.
  • Nishesh.PrasadNishesh.Prasad Member Posts: 185
    ookay !

    The last time i had a look there were 5 posts. I happened to bump in today ... 27 posts ! Looks like a lot happened here. I kinda' gave up on this thread after the initial posts that were put in ... but looks like it turned out to be pretty nice eventually.

    well ... Mr 'Trackit' ... u read my mind ! Thank You. :D:D

    Mr 'rwwest7' .. MCSA 2003 ... and pretty sure that the material covers it all. Looks like you found your answer yourself when you had probably digged in through the material. Does that raise a question about how you acquired your Cert ? :) Friend .... even after you're done with The 294 and go by the 'Cert Material' ... you would still Struggle to come up with an answer close to your own satisfaction. DCPromo ... and a couple of Next buttons with an AD-Integrated DNS = Life is Good. Configure standalone DNS servers in a multidomain environment .. a couple of DCs .. failing to register the SRVs .. you get a reality touch. Have done that in the past .. and i know it ... and that is what MY answer was to the guy on the other Side - SRVs [DC Locator] .. locating GCATs .. DNS Zone Delegation in a multidomain environment .. and so on n so forth ! BUT ... They expected my answer to also have the blueprint of how AD stores DNS Objects within Directory Partitions .. and i have a very little knowledge about it... needless to say i could'nt explain it. So all i expected when i started the Topic is wether any of you guys would actually include that part initially in your answer ? But the whole point got a bit skewed. I could have mentioned everything in the first post .. but what good would that have been ? If i am wrong .. i apologise.


    Mr 'Royal' .. you look like you know your **** pretty well. I would really appreciate if you could give us a few of the 'must-knows' of this sort since you have interviewed people in the past. It would'nt harm. :D


    I have been away for long now ... trying to cover up 294 ... and hold on to my Job in these trying times. It was amazing to see that the question actually caught quite a few people napping ... including me in the Interview.


    Did I get the Job - NO. icon_sad.gif
    MCITP: EA 2008| VCP4| MCSE 2003 | CCNA | MCSA 2003: Security | MCDST | Security+ | ITILV3
  • masterUniversemasterUniverse Member Posts: 9 ■□□□□□□□□□
    In case if you didn't know, this link is very helpful, it is an interview questionnaire with answer for active directory. Although I couldn't find the question given here but there are a lot of other question they may ask. Also on this site, they have for exchange interviewer since most of the time, you will see active directory/exchange
    Interview Based Question AD DNS FSMO GPO
  • sys228sys228 Member Posts: 7 ■□□□□□□□□□
    Thanks. Thats a fantastic resource. I've stored it safely for future interviews!
Sign In or Register to comment.