Active Directory Domain Services – Flashcards

Unlock all answers in this set

Unlock answers
question
Active Directory Domain Services (AD DS)
answer
Windows Server 2008 service that provides a centralized authenication service for Microsoft Networks.
question
Active Directory Lightweight Directory Services (AD LDS)
answer
Role that provides devlopers the ability to store data for directory-enabled applications without incurring the overhead of extending the Active Directory schema to support their applications.
question
Domain Controller (DC)
answer
A server that stores the Active Directory database and authenicates users with the network during logon.
question
Replication
answer
The process of keeping each domain controller in synch with changes that have been made elsewhere on the network.
question
Outbound replication
answer
Occurs when a domain controller transmits replication information to other domain controllers on the network.
question
Inbound replication
answer
occurs when a domain controller receives updates to the Active Directory database from other domain controllers on the network.
question
Major Benefits of AD Services
answer
Centralized resource and security admin Single logon for access to global resources Fault tolerance and redundancy Simplified resource location
question
Functional Levels
answer
Designed to offer support for AD domain controllers running various supported operating systems by limiting functionality to specific software versions. As legacy DCs are decommissioned, administrators can modify the functional levels to expose new functionality within AD.
question
Server 2008 AD on DC - what tools are added to Adminstrative Tools folder?
answer
AD Users and Computers AD Domains and Trusts AD Sites and Services ADSI Edit
question
Fault Tolerant
answer
The ability torespond geacefully to a software or hardware failure. Specifically, the network continues providing authenication services after the failure of a DC.
question
Read-Only Domain Controller (RODC)
answer
Introduced in Windows Server 2008, a DC that contains a copy of the ntds.dit file that cannot be modified and that does not replicate its changes to other DCs within AD.
question
ntds.dit
answer
AD database information file stored on each DC.
question
Multimaster database
answer
AD is one. It means that administrators can update the ntds.dit from any DC.
question
Loose Consistency
answer
Individual DCs in an AD database may contain slightly different information, because it can take anywhere from a few seconds to several hours for changes to replicate throughout a given environment.
question
Publish
answer
An option that allows users to access network resources by searching the Active Directory database for the desired resource.
question
Container Object
answer
An object that is used to organize other objects.
question
Leaf object
answer
An object that does not contain other objects and usually refers to a resource such as a printer, folder, user, or group.
question
What are the Container Objects that are found in Server 2008?
answer
Forests Domain Trees Domains Organizational Units (OUs)
question
Forests
answer
The largest container object with AD. Defines the fundamental security boundary with AD - a user can access resources across an entire AD forest using a single logon/ password combination.
question
Partitions/Naming Contexts (NCs)
answer
AD divided into these portions in order to improve the efficiency in accessing AD.
question
Minimum number of NCs on a DC. They are called?
answer
three. Schema NC Configuration NC Domain NC
question
Schema Naming Context
answer
contains the rules and definitions that are used for creating and modifying object classes and attributes with AD.
question
Configuration Naming Context
answer
contains information regarding the physical topology of the network, as well as other configuration data that must be replicated throughout the forest.
question
Domain Naming Context
answer
consists of user, computer, and other resource information for a particular AD Domain.
question
Schema and Configuration NCs are replicated--
answer
Forest-wide - shared by every domain and domain tree within the forest.
question
Domain Naming Context is replicated --
answer
to each DC within a single domain.
question
Domain Tree
answer
In AD, a logical grouping of network resources and devices that can contain one or more domains configured in a parent-child relationship.
question
Forest -- Domain Tree --- Domains structure
answer
Each AD forest can contain one or more Domain trees. Each Domain tree can contain one or more domains.
question
Domain
answer
A grouping of objects in AD that can be managed together. A domain can function as a security boundary for access to resources, such as computers, printers, servers, applications, and file systems.
question
Global catalog replication
answer
Does not replicate to all DCs, it only replicates to DCs configured to hold the global catalog.
question
Forest Root Domain
answer
the first domain created with an AD forest.
question
Organizational Units (OUs)
answer
A container that represents a logical grouping of resources that have similar security or administrative guidelines.
question
OU structure
answer
Modeled after company's Organizational chart, departments and/or resource needs. security settings of an OU is inherited by all child objects of the container.
question
delegation of control
answer
Administration of an OU is tasked to a department supervisor or manager, thus allowing that person to manage day-to-day resource access as well as more mundane tasks, such as resetting passwords.
question
Name the objects that can be contained in an OU.
answer
Users, Groups, Contacts Printers,Shared folders Computers, OUs, InetOrgPerson
question
What is the Fourth Partition type, first introduced in Windows Server 2003?
answer
Application Partition. Provides fine control in which administrators can direct where information is replicated to a domain or forest.
question
object
answer
An element in AD that refers to a resource.
question
Attributes
answer
Characteristics associated with an object class in AD that make the object class unique within the database.
question
Where are the attributes defined?
answer
In the Schema, but the same attribute can be associated with more than one object class.
question
Schema
answer
Master database that contains definitions of all objecta in the AD. It contains two components: object classes and attributes.
question
Name the Object classes automatically created when AD is installed.
answer
Users, Groups Computers, DCs Printers
question
Common Attributes of all Object Classes
answer
Unique Name Globally Unique ID (GUID)128bitHexidecimal# Require Object Attributes Optional Object Attributes
question
Access Control Lists (ACLs)
answer
Implemented by the administrator and used by the directory to keep track of which users and groups have permission to access specific objects and to what degree they can use or modify them.
question
Site
answer
one or more IP subnets connect by fast links. Usually means all computers that are connect via a single LAN.
question
Knowledge Consistency Checker (KCC)
answer
An internal AD process that automatically creates and maintains the replication topology.
question
KCC operates under which snap-in?
answer
The AD Sites and Services Snap-in located in the Administrator Tools folder on the DC or Administrative Workstation with Administrative Tools installed.
question
Lightweight Directory Access Protocol (LDAP)
answer
Industry standard that enables data exchange between directory services and applications.
question
What defines the naming of all objects in the AD database?
answer
LDAP standard and therfore, provides a directory that can be integrated with other directory services, such as Novell eDirectory, and AD-aware applications, such as MS Exchange.
question
Distinguished Name (DN)
answer
Used by LDAP to refer to an object. The DN references an object in the AD directory structure using its entire hierarchical path, starting with the object itself and including all parent objects up to the root of the domain.
question
LDAP naming attributes defined
answer
Cn=common name Ou=Organizational unit name Dc=Domain components, one for each part of the DNS name.
question
JSmith of the sales department of lucernepublishing.com - what is the DN?
answer
cn=JSmith, ou=sales, dc=lucernepublishing, dc=com
question
User Principal Names (UPNs)
answer
In Windows 2008, follows the format of [email protected]. Provides consistency between user log on name and user's email name.
question
Domain Name System (DNS)
answer
The name resolution mechanism computers use for all Internet communications and for private networks that use the AD domain services included with MS Windows Server 2008 and earlier server versions.
question
What provides the translation of the host name to its IP Address?
answer
DNS
question
What is a foundational requirement for AD?
answer
DNS, the DC role cannot be installed onto a server unless that server can locate an appropriate DNS server on the same machine or somewhere on the network.
question
Locator Service
answer
AD DNS provides direction for network clients that need to know which server performs what function.
question
SRV Records
answer
The locator records within DNS that allow clients to locatw an AD domain controller or global catalog.
question
The ability to resolve SRV records allows clients to do what?
answer
Authenticate into the AD.
question
What does dynamic updates permit the DNS clients to do?
answer
To automatically register and update their information in the DNS database.
question
Forest and Domain Functional Levels
answer
Designed to offer support for AD DCs running various supported operating systems. As you decommission legacy controllers, you can modify these functional levels to expose new functionality within AD.
question
Rolling Upgrades
answer
Upgrade strategy based on functional levels that allows enterprises to migrate their AD DCs gradually, based on the need and desire for the new functionality.
question
How are changes to functional level performed?
answer
An adminstrator makes the change manually. Note that once the change has taken place, it is not reversible. you will have to perform a domain- or forest-wide restore of the AD database to return yoyr network to the previous fun tional level.
question
What are the three domain functional levels supported in Windows Server 2008?
answer
Windows 2000 Native Windows Server 2003 Windows Server 2008
question
What is allowed in Windows 2000 Native domain functional level?
answer
backward compatibility with MS Windows 2000 allows Windows 2000, Windows Server 2003, and Windows Server 2008 DCs.
question
What is allowed in Windows Server 2003 domain functional level?
answer
Windiws Server 2003 and 2008 DCs only allowed.
question
What is allowed in Windows Server 2008 domain functional level?
answer
No backward compatiability. Only Windows Server 2008 DCs supported.
question
Windows 2000 Native Domain Functional Level features
answer
Install from Media Application Directory Partitions Drag-and-drop User Interface Universal groups
question
Windows Server 2003 Domain Functional Level features
answer
All listed in Windows 2000 Native Replicated lastLogonTimestamp attribute User password on inetOrgPerson Domain rename
question
Windows Server 2008 Domain Functional Level features
answer
All listed in Windows Server 2003 Improved SYSVOL replication Improved encryption 4 authentication methods Improved auditing of users logons Multiple password policies per domain. RODCs
question
Name the three forest functional levels
answer
Windows 2000 Windows Server 2003 Windows Server 2008
question
What is the default forest functionality enabled when Windows Server 2008 DC is introduced into the network?
answer
Windows 2000
question
Windows 2000 Forest Functional features
answer
Install from Media Universal Group Caching Application Directory Partitions Enchanced User Interface.
question
Windows Server 2003 Forest Functional features
answer
All listed in Windows 2000 Improved replication of group objects Improved ISTG functionality Conversion to inetOrgPerson objects Schema deactivations to attributes & classes Dynamic Auxillary class objects Domain renaming Cross-forest trusts All new domains at Windows Server 2003 domain functional level
question
Windows Server 2008 forest functional features
answer
All listed in Windows Server 2003 All new domains at Windows Server 2008 domain functional level
question
Guidelines to raise the forest functional level
answer
Log on as member -Enterprise Admins Group Connect to DC with Schema Master Role. Check that all DCs are running an OS supported by the targeted forest functional level Raising the forest functional level irreversible.
question
trust relationship
answer
Enables administration from a particular domain to grant access to their domain's resources to users in other domains.
question
describe the trust relationships in an AD forest
answer
when a child domain is created it automatically receives a two-way transitive trust with its parent domain and when a new domain tree is created, the root domain in the new tree automatically receives a two-way trust with the root domain.
question
shortcut trust
answer
A manually created no transitive trust that allows child domains in separate trees to communicate more efficiently by eliminating the tree-walking of a trust path.
question
tree-walking
answer
the trust path up a domain tree through the child domains and parent domains to the root domain and then down the other parent domain to the desired child domain"
question
external trust
answer
A one-way, nontransitive trust that is established with a Windows NT domain or a Windows 2000 domain in a separate forest.
question
cross-forest trust
answer
Transitive Trust type (one-way or two-way) that allows resources to be shared between AD forests.
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New