Server I Ch 6
Knowledge Consistency Checker (KCC)
A process that runs on every DC to determine the replication topology.
Lightweight Directory Access Protocol (LDAP)
A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects. It's based on a suite of protocols called X.500, developed by the International Telecommunications Union.
right
A setting that specifies what types of actions a user can perform on a computer or network.
SYSVOL folder
A shared folder that stores information from AD that's replicated to other domain controllers
domain user account
A user account created in Active Directory that provides a single logon for users to access all resources in the domain for which they have been authorized
local user account
A user account defined on a local computer that's authorized to access resources only on that computer. Local user accounts are mainly used on stand alone computers on in a workgroup network with computers that are not part of an AD domain.
user prinicipal name
A user logon name that follows the format username@domain. Users can use to log on to their own domain from a computer that is a member of a different domain.
physical structure
AD's ___________ _________ consists of sites and servers configured as domain controllers.
Schema objects Group Policy Objects
AD's contents and functions are defined by what three things?
intrasite replication
Active Directory replication between DCs on the same site.
intersite replication
Active Directory replication that occurs between two or more sites.
b. Schema d. Global catalog
All domains in the same forest have which of the following in common? (Choose all that apply.) a. Domain name b. Schema c. Domain administrator d. Global catalog
organizational unit (OU)
An AD container used to organize a network's users and resources into logical administrative units.
assigned application
An application package made available to users via Group Policy and places a shortcut to the application on the start screen. The application is installed automatically if a user tries to run it or opens a document associated with it. If the assigned application applies to a computer account, the application is installed the next time Windows boots.
published application
An application package made available via Group Policy for users to install by using Programs and Features in the Control Panel. The application is installed automatically if a user tries to open it or run a document associated with it.
trust relationship
An arrangement that defines whether and how security principals from one domain can access network resources in another domain.
extension
An item in a GPO that allows an administrator to configure a policy setting.
Install from media (IFM)
An option wen installing a DC in an existing domain; much of the AD database contents are copies to the new DC from media created from an existing DC.
c. At user logon
By default, when are policies set in the User Configuration node applied? a. Every 5 minutes b. Immediately c. At user logon d. At computer restart
-IncludeManagementTools
If using PowerShell to install AD DS on a GUI server, what parameter should be included?
Member servers
If you select Windows Server 2012 R2 as the functional level, you cant run DCs in any earlier server OS version but older OS servers can still act as __________ _________.
attribute value
Information stored in each attribute
schema
Information that defines type, orginization, and structure of data stored in the AD database.
Flexible Single Master Operation (FSMO) roles
Specialized domain controller tasks that handle operations that can affect the entire domain or forest. Only one domain controller can be assigned a particular ________________.
domain
The core structural unit of Active Directory; contains OUs and represents administrative, security and policy boundaries.
forest root domain
The first domain created in a new forest.
Forest
The first domain in a new forest is also the name of the _________.
Organizational units Domains Forests Trees
The four organizing components of AD
GPO scope
The objects affected by a GPO linked to a site, domain or OU.
Logical structure
The organizational structure of AD that makes it possible to pattern the directory service's look and feel after the organization in which it runs.
relative identifier (RID)
The part of a SID that's unique for each Active Directory object.
multimaster replication
The process for replicating AD objects; changes to the database can occur on any domain controller and are propagated, or replicated,to all other DCs.
b. LDAP: Lightweight Directory Access Protocol (LDAP)
The protocol for accessing Active Directory objects and services is based on which of the following standards? a. DNS b. LDAP c. DHCP d. ICMP
Active Directory replication
The transfer of information between all domain controllers t make sure they have consistent and up to date information
Hierarchical organization
This feature of Active Directory makes management of network resources and administration of securities polices easier.
Enterprise admins and schema admins
To what two admins groups must an admin belong to in order to add a new tree to the forest?
b. Domains d. Sites
To which of the following can a GPO be linked? (Choose all that apply.) a. Trees b. Domains c. Folders d. Sites
False
True or False: A functional level set in the installation of AD can never be changed.
False
True or False: AD domains only consist of one domain controller.
True
True or False: Each DC contains a full replica of the objects that make up the domain.
True
True or False: Each DC can only control one domain.
To provide a common AD environment in which all trees and domains can communicate and share information while allowing independent administration/operation of each domain.
What is the main purpose of the forest?
Network share
What location is ideal for IFM data?
DNS Server role
What server role is required to be installed for AD DS to be installed?
NetBIOS name
When installing AD DS, this allows backwards compatibility with systems that do not use DNS.
Creates an XML file with the settings selected to be used for AD install automation on other servers
When installing AD, you can select the export the AD deployment configuration settings. What does this do?
d. IFM
When installing an additional DC in an existing domain, which of the following is an option for reducing replication traffic? a. New site b. Child domain c. GC server d. IFM
a. Active Directory Domains and Trusts c. ADSI Edit
Which MMC is added after Active Directory installation? (Choose all that apply.) a. Active Directory Domains and Trusts b. Active Directory Groups and Sites c. ADSI Edit d. Active Directory Restoration Utility
Promoting the server to a domain controller
Which action will start the AD DS configuration wizard?
d. Domain
Which container has a default GPO linked to it? a. Users b. Printers c. Computers d. Domain
c. Domain naming master
Which is responsible for management of adding, removing, and renaming domains in a forest? a. Schema master b. Infrastructure master c. Domain naming master d. RID master
Saved queries
Which node in the AD Users and Computers MMC can save search time?
b. Similar to a database program but with the capability to manage objects
Which of the following best describes a directory service? a. Similar to a list of information in a text file b. Similar to a database program but with the capability to manage objects c. A program for managing the user interface on a server d. A program for managing folders, files, and permissions on a distributed server
c. Schema attributes
Which of the following defines the types of information stored in an Active Directory object? a. GPOs b. Attribute values c. Schema attributes d. Schema classes
d. Schema classes
Which of the following defines the types of objects in Active Directory? a. GPOs b. Attribute values c. Schema attributes d. Schema classes
c. Sites
Which of the following is a component of Active Directory's physical structure? a. Organizational units b. Domains c. Sites d. Folders
a. Computers
Which of the following is a default folder object? a. Computers b. Domain Controllers c. Groups d. Sites
replication partner
A DC configured to replicate with another domain controller.
operations master
A DC with sole responsibility for certain domain or forest-wide functions
Directory Services Restore Mode (DSRM)
A boot mode used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally.
schema classes
A category of schema information that defines the types of objects that can be stored in AD such as user or computer accounts.
schema attributes
A category of schema information that defines what type of information is stored in each object
object
A grouping of information that describes a network resource, such as a shared printer, an organizing structure such as a domain or OU.
Group Policy Object
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory.
secutriy identifier
A numeric value assigned to each object in a domain that uniquely identifies the object; composed of a domain identifier, which is the same for all objects in a domain, and an RID.
site
A physical location in which DCs communicate and replicate information regularly.
authentication
A process that confirms a user's identity, and the account assigned permissions and rights that authorize the user to access resources and perform certain tasks on the computer or domain.
permissions
Settings that define which resources users can access and what level of access they have to resources.
forest
A collection of one or more Active Directory trees. Can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domains.
directory service
A database that stores information about a computer network and includes features for retrieving and managing that information.
schema directory partition
A directory partition containing the information needed to define AD objects and object attributes for all domains in the forest.
application directory partition
A directory partition that applications and services use to store information that benefits from automatic Active Directory replication and security.
domain directory partition
A directory partition that contains all objects in a domain, including users, groups, computers, OUs and so forth.
configuration partition
A directory partition that stores configuration information that can affect the entire forest, such as detail on how domain controllers should replicate with one another.
global catalog partition
A directory partition that stores the global catalog, which is a partial replica of all objects in the forest. It contains the most commonly accessed object attributes to facilitate in object searches and user logons across domains.
fully qualified domain name (FQDN)
A domain name that includes all parts of the name including the top-level domain.
Centralized but distributed database
A feature of AD that allows all network data to be centrally located but distributed among many servers for fast, easy access to information from any location.
Tree
A grouping of domains that share a common naming structure
child domains
Domains that share at least the top level and second level domain name structure as an existing domain in the forest. AKA sub-domains
2
Microsoft recommends a minimum of ____ DCs per domain for load balancing and fault tolerance.
site (Microsoft definition)
One or more IP subnets connected via high-speed LAN technologies.
built-in user accounts
User accounts created by Windows automaticly during installation.
Storage and replication of domain data Data search and retrieval services for the directory Authentication and authorization services for domain logons and resource accessibility
What are the three primary functions of a DC?
Active Directory Administrative Center (ADAC) Active Directory Users and Computers MMC
What are the two GUI options for exploring AD?
To control the frequency of AD replication. To assign policies based on physical location.
What are the two main reasons for defining multiple sites?
Ntdsutil
What interactive command line program is used for configuring IFM data and options?
LDAP
What is required to integrate OSs like UNIX/Linux systems into the Active Directory network?
a. Domain directory partition c. Schema directory partition d. Configuration partition
Which of the following is a directory partition? (Choose all that apply.) a. Domain directory partition b. Group policy partition c. Schema directory partition d. Configuration partition
a. Fine-grained access controls b. Can be distributed among many servers
Which of the following is a feature of Active Directory? (Choose all that apply.) a. Fine-grained access controls b. Can be distributed among many servers c. Can be installed on only one server per domain d. Has a fixed schema
a. Can contain trees with different naming structures b. Allows independent domain administration d. Represents the broadest element in Active Directory
Which of the following is associated with an Active Directory forest? (Choose all that apply.) a. Can contain trees with different naming structures b. Allows independent domain administration c. Contains domains with different schemas d. Represents the broadest element in Active Directory
c. Global catalog
Which of the following is associated with installing the first domain controller in a forest? a. RODC b. Child domain c. Global catalog d. DHCP
d. Shared folder
Which of the following is considered a leaf object? (Choose all that apply.) a. Computer account b. Organizational unit c. Domain controller d. Shared folder
b. A container object that can be linked to a GPO
Which of the following is not associated with an Active Directory tree? a. A group of domains b. A container object that can be linked to a GPO c. A common naming structure d. Parent and child domains
c. DC: Domain Controller
Which of the following is not part of Active Directory's logical structure? a. Tree b. Forest c. DC d. OU
c.Domain
Which of the following is the core logical structure container in Active Directory? a. Forest b. OU c. Domain d. Site
a. Storing a copy of the domain data b. Providing data search and retrieval functions d. Providing authentication services
Which of the following is the responsibility of a domain controller? (Choose all that apply.) a. Storing a copy of the domain data b. Providing data search and retrieval functions c. Servicing multiple domains d. Providing authentication services
b. Rights
Which of the following specifies what types of actions a user can perform on a computer or network? a. Attributes b. Rights c. Permissions d. Classes
Active Directory Domain Services role
Which role provides a single point of user, desktop, and server administration?
b. Local user account
Which type of account is not found in Active Directory? a. Domain user account b. Local user account c. Built-in user account d. Computer account
c. The first domain controller in the forest root domain
You have an Active Directory forest of two trees and eight domains. You haven't changed any operations master domain controllers. On which domain controller is the schema master? a. All domain controllers b. The last domain controller installed c. The first domain controller in the forest root domain d. The first domain controller in each tree