Would you ask in a Sysadmin interview on how to create forests Trusts?

[-]

JustSomeGuyFromIT@reddit

A forests and forests trusts? I guess you got to point at a bunch of trees and call it a forest then walk up to each, kiss it and say you building trust. IDK never heard of that.

Reply

[-]

Hibbiee@reddit

Well it's better than 'where do you see yourself in 5 years'

Reply

[-]

I wouldn't bother with anything Googleable. Not because they might look it up (they're in an interview!) but because that kind trivia as off-the-top-of-my-head stuff really doesn't matter. Far better is their UNDERSTANDING of what a forest, trust etc. is than "what button do I need to press in THIS version of Windows?" Always been my bugbear with vendor certifications... I don't care whether they know exactly what menu something is in, or what the proprietary term for a technology is, or what editions of Windows support what functions. All of that can be searched for an answered definitively if someone competent ever need to know it. It's just trivia. But do they understand WHY they're doing things, HOW things work... infinitely more important. I get far more out of "Explain how DHCP works" as a general question with a free text response than I ever do out of "How do you do this particular thing in Windows?" My interview technical tests are there to discover who has a working knowledge of IT in general, not who can memorise a book they were given.

Reply

[-]

UMustBeNooHere@reddit

Exactly! I interviewed for a job about 15 years ago that was not a Microsoft shop, and every time they said "so I see you have experience with"x"." Exchange, for example. "Yes, I do." "We don't use that here". I was thinking to myself the whole time, "why the hell am I here?" I got the job. Later I found my boss told me of that - "I can care less about the application/service, what matters is your understanding of the concepts." And he was exactly right. Changed my outlook (heh...we didn't use that there) completely.

Reply

[-]

ledow@reddit

Every job I've had in the last 20+ years has had something similar. "Hey, we use X! Do you have experience with X?" "No, but I have experience with <list alternatives to X> and I understand what that kind of system does, and I'm a very quick learner, and I wouldn't be concerned about having to learn X at all, because I've used so many similar products that I'm sure I can manage it".

Reply

[-]

wabi-sabi411@reddit

Yeah in some sense it’s all the same stuff in many ways if you understand what it’s doing.

Reply

[-]

NewWay8@reddit

This doesn't work as well now. I was looking for a new job in 2022 and I'd list 59 out of 60 skills but 5 of my skills were related to that 60th. I just hadn't used that exact app. But I clearly had the underlying knowledge needed. I wouldn't get calls back unless I listed every skill. Literally, if I left off one - no call. Even if I had experience in 5 underlying areas and the thing they wanted was just a tool that leveraged those methodologies.

Reply

[-]

hurkwurk@reddit

not sure why you are getting downvoted, i think people are misunderstanding that you arent getting past bad filtering, not that you are having shitty interview processes. I had similar issues looking for candidates recently, until my manager looked into the HR process and found exactly what you are talking about, keyword based bullshit that wasnt what we wanted at all. we ended up manually searching through about 300 apps for candidates when they had originally told us there were none.

Reply

[-]

NewWay8@reddit

Exactly, thanks.

Reply

[-]

TU4AR@reddit

That's just bad luck my guy. I hope you have found a place or will find a place.

Reply

[-]

NewWay8@reddit

I found a place but it isn't bad luck. It's just how the job market is now. Places want people who can do 5 senior roles for 65k.

Reply

[-]

NewWay8@reddit

I found a place but it isn't bad luck. It's just how it is now. They want people who can do 5senior roles for 65k.

Reply

[-]

Sarcophilus@reddit

A lot of concepts transfer from solution to solution because they all work within the same frameworks. We switched from xenmobile MDM to Intune MDM and although the interface and integration level for Microsoft apps was different, the core features are mostly the same because you have to work with what the mobile phone offers as MDM controls. It doesn't matter if the radio button to control the setting is round and red or square and blue in the end.

Reply

[-]

UMustBeNooHere@reddit

Yeah, I get that. But Windows Server/Exchange/Office.... You gotta admit, they are the de-facto standard and it's rare (at least for me) to see a shop not run anything MS.

Reply

[-]

Sarcophilus@reddit

Yeah that's true. At least for western hemisphere it's very rare. I can't say for Russia, China, India etc.

Reply

[-]

Flabbergasted98@reddit

On the other side of the coin. it's important to know how a candidate is going to react when you ask them a question they don't know the answer too. Do you know what a forrest is? or a forrest trust? Those are important base level questions that every first year comp sci student should be able to rattle off from memory. how do you create forests Trusts? Well I expect most people to fumble at that question. Are going to make something up? or divert the question, or are they going to tell me they would need time to research and review before making that attempt? when I ask an impossible question in interview, I'm not expecting an answer, I'm trying to guage how much bullshit you're capable of spewing under stress.

Reply

[-]

ledow@reddit

I could point you at 40-year experienced UNIX admins who couldn't care about that question. It's honestly trivia they could pick up in seconds. If you try to trick people into spouting bullshit, what you'll hire are people who are good at bullshitting on their feet and bluffing. That's not what I want in an employee.

Reply

[-]

Flabbergasted98@reddit

Then I'd probably never hire you. ;)

Reply

[-]

Nightshade-79@reddit

I've been part of interview processes about 4 times. I don't want to do it again. But the kinds of questions I ask are scenario based to see how the gears turn up stairs. I don't care if you know exactly that kind of issue (Unless it's something everyone should know in the role), but if you can prove you're going to get to an endpoint in some way shape or form besides "I'd google the issue" or more recently "Ask an LLM" No point in googling/asking if you don't know what you're putting in

Reply

[-]

NewWay8@reddit

Sadly most interviews don't think this way. I always get asked the most obscure stuff I'd never do or need to do because there are farrrrr better methods. Any interview I have ever had has not focused on critical thinking, base knowledge, and being able to do the job day to day. I can script myself out of a tornado and I can do dozens of things extremely well, but none of that matters in interviews. They want to know that obscure shit you'll never do, do once, or has nothing to do with the job description.

Reply

[-]

giga_phantom@reddit

This is the answer.

Reply

[-]

billndotnet@reddit

I had a coworker get frustrated when she was paired with me in interviewing candidates, because I asked questions that probed for understanding and personality fits (like curiosity or goals), while she liked to ask about specific protocol bits. Filtering for curiosity and a head for understanding both systems and the people who have to manage (or design them) is so much more than 'what does this bit do'.

Reply

[-]

rickside40@reddit

Best advice i read in a long time

Reply

[-]

manilove__frogs@reddit

No, but because gotcha, regurgitation, knowledge drop questions are incredibly stupid for job interviews in the first place. Unless your primary goal is to just find someone who is good at job interviews. You should be asking questions that get someone to explain their thought process and skills, and each question you ask should end up with a back and forth conversation that you follow up and poke and prod about.

Reply

[-]

suite3@reddit

What in god's name are we setting up forest trusts for would be my answer to a question about them.

Reply

[-]

theHonkiforium@reddit

Mergers.

Reply

[-]

suite3@reddit

Why does the larger directory not simply *eat* the smaller directory though.

Reply

[-]

theHonkiforium@reddit

Business isn't going to stop to wait for an AD restructure.

Reply

[-]

suite3@reddit

In SMB world the stop isn't that long.

Reply

[-]

theHonkiforium@reddit

We had three mergers in one year. If you think you can just quickly dump users into an existing domain, turn their old stuff off and say "done", then I don't think you've ever actually been through a merger.

Reply

[-]

manilove__frogs@reddit

Not sure if it's industry specific, but I am in Financial Services and for us, M365 is more common. We've had 3 acquisitions in the past 3 years and we just replaced all of their computers, with autopilot, and did tenant migrations into ours.

Reply

[-]

suite3@reddit

Ok I didn't come here to puff my chest up on the internet so you think whatever you want.

Reply

[-]

theHonkiforium@reddit

Me neither. :)

Reply

[-]

DivideByZero666@reddit

Cross forest migration, then stand down the old forest. Did that last year and it was pretty much a seamless migration. Sure you can do it other ways, but this is free and painless if you do it right.

Reply

[-]

miscdebris1123@reddit

r/unexpectedfuturama

Reply

[-]

KimJongEeeeeew@reddit

It may in time, but in the interim there’s value in extending trust for a variety of purposes.

Reply

[-]

spobodys_necial@reddit

Have these set up while we get some business units ready for independence. Standing up new domains for them but we still need to have them work with the old domain until they're ready to be cut loose. Tried doing it without trusts at first but eventually we hit use cases that required it.

Reply

[-]

patmorgan235@reddit

Universities

Reply

[-]

Bijorak@reddit

Parent companies to child companies come to mind. That's what I've used them for.

Reply

[-]

suite3@reddit

Yeah I'm jk, I know it has applications in big business. In medium business I would solve most of those relationships with a third party IDP/SAML etc. solution myself.

Reply

[-]

No_Resolution_9252@reddit

That isn't a replacement or alternative for forest trusts

Reply

[-]

suite3@reddit

No it's not but you can work around a lot of the same problems that way.

Reply

[-]

Shot-Document-2904@reddit

I always informed an candidate before I started an questions that I want to have a conversation about a topic, the deeper and more advanced you go, I'll follow. For example, if you describe DNS as a "phone book" to look up addresses or do you go deeper into conditional forwarding, CNAME records, service records, etc. I've NEVER asked a procedural question. Procedures are for documents.

Reply

[-]

A1ien30y@reddit

Shiiit...I believe you'd get your ass kicked asking something like that.

Reply

[-]

Solkre@reddit

Two domains at the same time.

Reply

[-]

InevitableOk5017@reddit

Happy moonday!

Reply

[-]

sir_mrej@reddit

corporate accounts nina speaking

Reply

[-]

TeensyTinyPanda@reddit

Only if you're okay with the answer "I'd probably look that up."

Reply

[-]

El_Grande_XL@reddit

I don't know man. I am not a lumberjack.

Reply

[-]

davy_crockett_slayer@reddit

I would ask more modern questions. Why would you use pass-through authentication vs password hash sync in a hybrid environment.

Reply

[-]

xtc46@reddit

Only if doing it was a critical function of the role. Otherwise it's too specific. I'd probably ask what a trust us though.

Reply

[-]

Bright_Arm8782@reddit

No, it's the sort of thing you do once or twice a career. Also outdated in the cloud era. This sort of question is IT trivia, I'd throw it in to chatgpt if it came up on the job because I've not looked at AD for 10 years or so. Ask them to explain what happens to a https request that goes out to [google.com](http://google.com) in as much detail as they feel like. I think I could spend 10 minutes or more answering that question.

Reply

[-]

ErikTheEngineer@reddit

Unfortunately, this is what companies are resorting to, just straight-up trivia contests. I remember learning about this back in 2000 when it was way more common to have a huge domain hierarchy because of compute and bandwidth limitations. The MCSE exams seemed to like questions like this because they did test whether you understood the concept of a trust/tree of trees of resources -- and trusts were widespread in the NT 4 era. If you can even get an interview, too many interviews have become a stump-the-chump contest. Companies are copying Google even when they're not gatekeeping $400K+ jobs inside the chocolate factory. I hate when I sit down in those, and the hiring manager brings in "my best guys" for a trivia session with a panel of these people asking you rapid fire questions like this.

Reply

[-]

Jswazy@reddit

I've been a sysadmin for the vast majority of my career of over a decade and I have never once heard these terms working at many companies.

Reply

[-]

FriendComplex8767@reddit

My response would be "carefully, with planning and looking over the documentation first". That's just trivia as far as I'm concerned, I'd be more worried about the day to day operations or something more practical like 'How do you backup a domain controller and reinstate an old backup of one back into the network'.

Reply

[-]

Calyx76@reddit

I have been asked this question during an interview. I responded back with, "why do you need another domain controller for a new location or do you need to update to a newer version of Windows server and AD?" Setting up a new forest isn't something I would have to do on a daily basis, so while I can do it and I have done it before, I would first need to know why. It's quite likely I can just set up another AD server as a secondary controller and then migrate to that one being primary if needed. Which would save time, and also not create confusion about logins for users."

Reply

[-]

Master-IT-All@reddit

My reply would be, it's 2025 why the fuck are you setting up forest trusts?

Reply

[-]

shifty_new_user@reddit

Only after we've finished moving our on-prem AD to Entra and Intune.

Reply

[-]

ludlology@reddit

not unless it’s something they’d need to do in the job. if the person talks a lot of shit about being an AD guru i’d probably ask something like “what’s the difference between a domain and a forest” though and see if they crash out or not

Reply

[-]

theomegachrist@reddit

I have been in IT for 25 years and never worked at an organization that has a forest. When I interview people I don't care if they do not have experience with tech as long as there is plenty of tech overlap with the job,. I look for great knowledge of the tech they do know and I appreciate when they answer that with their process of learning new tech on their own. Everyone googles things, I dont care about people memorizing definitions, I care about their ability to master new things.

Reply

[-]

dmuppet@reddit

Really depends on the job and the scope of the environment. Are they applying for a sysadmin job at a fortune 500 or a startup? I wanna say 90% of ADs are not multi forested. But if it's relevant to the position, yes.

Reply

[-]

iamnewhere_vie@reddit

Some questions you ask during such interviews not because you want to hear the correct answer but you want to see the reaction of the candidate on that question. Did some interviews with candidates and always asked some questions where i was 99% sure they do not know the answer. The interview itself is already a stress situation usually and then getting a question you do not know the answer raise that stress level - it's good to see how a candidate acts in such situation. Troubleshooting unknown issues is a typical requirement in many IT positions and that you can stay calm even under pressure. Domain / Forest Trusts is a topic many IT admins will not face within their first 5-10 years in IT, so it's a good question to create such stress situation for the candidate.

Reply

[-]

milkthefat@reddit

No. I also personally don’t believe in asking trivia questions like this either unless you specifically stated you did some kind of migration in a bullet point on your resume. You better believe though if you tell me something like this on resume or verbally I’ll dig until you “bailout” or you actually know what you’re talking about where I feel confident in you.

Reply

[-]

Mountain-eagle-xray@reddit

I got asked a question like this in an interview, to me, they're saying: we need trusts set up because we dont know how and want you to do that. No thanks. If thats what youre stuck on and need to hire out of, count me out because thats probably the least of the worries.

Reply

[-]

adeo888@reddit

I couldn't tell ya ... I'm a UNIX/Mac sysadmin and we aren't really plagued by microsoft junk. :)

Reply

[-]

the_doughboy@reddit

Anything that you do once a decade is a dumb question to ask.

Reply

[-]

No_Resolution_9252@reddit

No. You would ask it for a high level AD Engineer, not a generalist sysadmin.

Reply

[-]

derango@reddit

No you wouldn’t. You’d ask stuff that actually helps you figure out if they know how to design a proper AD structure and if they know the concepts not what button to push.

Reply

[-]

Doodleschmidt@reddit

I would if it was the 2000s.

Reply

[-]

fuzzylogic_y2k@reddit

Got my MCSE back in win2k. Done this twice since. It's not typical knowledge off the top of my head. The concepts of forests and trusts is, but not the finer points, those get reviewed and verified for best practices before touching them. Better questions would be about domain master roles. Special handling for DR and bubble testing backups. Oh and replication.

Reply

[-]

Zatetics@reddit

I swear I wouldnt get any job these days. I cannot explain a single thing to you in a hypothetical scenario. My brain turns to jelly in an instant. You can watch me do the thing and it'll get done. My hands know more than my head.

Reply

[-]

zoredache@reddit

I have had to create a trust once on a production system once in ~27 years of working as a sysadmin, and it was back around 2004. I would know the right mmc to configure them. I know what a forest is, and what a forest trust is. But I certainly couldn't give directions off the top of my head. I would hope the interviewer would accept something like this as the steps I would follow. - Review appropriate Microsoft documentation - Practice in a test environment. - Verify my backups in all domains/forests - Follow notes for procedure used in testing environment.

Reply

[-]

malikto44@reddit

I'd ask some basic things about trust, like what happens if Alice's domain trust Bob's domain... whose users have access to both domains? Other than that, you could go into forests, trees, and domains, and why one would use them. However, it might be better to ack questions about other things.

Reply

[-]

RaNdomMSPPro@reddit

Tell me about your system admin experience from 2004 please?

Reply

[-]

illicITparameters@reddit

Nah, it doesn’t really do anything for determining true skill. It’s a fairly niche use case unless you’re dealing with parent-child company structures that actually use those instead of keeping it seperate.

Reply

[-]

Fantastic_Sail1881@reddit

Are they a common thing to have to configure? I stopped wrangling windows server when I moved to the Linux production side of house about 20 years ago. If it's common and they will have to do it somewhat regularly sure. If it's done two or three times in 10 years and doesn't require weekly work to support... No

Reply

[-]

uptimefordays@reddit

I’d only ask if I’m hiring for a position in a multi domain forest. If it’s a single domain, it seems like a waste of a question.

Reply

[-]

zrad603@reddit

There's something I've never needed to know since my MCSE.

Reply

[-]

A_Nerdy_Dad@reddit

I've been at this for more than 20 years and while I know what Forrest and trusts are, I always have to double check trust directions (and somehow my brain thinks it makes more sense if the titles of each were reversed). As long as you know what they are, doesn't matter if you have to look it up How many of us are even having to create deeply rooted Forrest and that many trusts anyhow?

Reply

[-]

TuxAndrew@reddit

Depends on the role? It’s a basic question.

Reply

[-]

No_Resolution_9252@reddit

If they are asking it as a trivia question without the nuance of network topology design, DNS design, network, GC placement, infrastructure master placement, etc its an irelevent question at a shop that doesn't know what they are interviewing for

Reply

[-]

TuxAndrew@reddit

Sounds like we need more context from OP?

Reply

[-]

TrippTrappTrinn@reddit

No. That is something most sysadmins would do on average maybe every 10 years, so no need to remember the exact steos.

Reply

[-]

itmgr2024@reddit

It would depend on the role and company. For anything but a company that is very large or doing lots of m&a it’s something you might do once every 5 years. If your job is an active directory engineer it may be relevant. For a general sysadmin you should know what it is and why its used but be upfront about not being an expert at it.

Reply

[-]

QuiteFatty@reddit

My sysadmin interview was more a series of "In this scenario what would you do?" Getting a feel for a person's thinking process on the fly. You learn a lot about the person watching the wheels spin.

Reply

[-]

TerrificVixen5693@reddit

Probably not. Unless they’re your AD / IAM product engineer, that’s just very deep in the weeds for a typical interview. Some higher level questions to gauge their knowledge on it could be asked though.

Reply

[-]

hy2rogenh3@reddit

I think asking about core knowledge regarding the job description is important. However the main characteristics I’m looking for is how one problem solves. I’ve never been asked about forests and trusts. I would expect a candidate to be honest, and if they did not have experience or had overall lack of experience to respond with, “I’ll would reference internal documentation, knowledge, and Microsoft KBs, and ask questions if I was unsure.”

Reply

[-]

qsub@reddit

Create probably not because very rarely do you actually setup forest trustsbut maybe some questions to make sure you understand the concepts around it like how domain local and universal groups work in that configuration. Or if the hiring company does it really frequent that might be why they ask otherwise its a terrible question in my opinion.

Reply

[-]

hitman133295@reddit

How to is easy nowadays. Anyone can google how to. May be ask about the design and architecture

Reply

Reply to Post

89 Comments