CNA 234 / Chapter 1 - Introducing Active Directory (incomplete)
authentication
A process that confirms a user's identity, and the account is assigned permissions and rights that authorize the user to access resources and perform certain tasks on the computer or domain.
Knowledge Consistency Checker (KCC)
A process that runs on every domain controller to determine the replication topology.
Lightweight Directory Access Protocol (LDAP)
A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects. It's based on a suite of protocols called X.500 developed by the International Telecommunications Union.
directory partition
A section of an Active Directory database stored on a domain controller's hard drive. These sections are managed by different processes and replicated to other domain controllers in an Active Directory network.
right
A setting that specifies what types of actions a user can perform on a computer or network.
SYSVOL folder
A shared folder that stores information from Active Directory that's replicated to other domain controllers.
Flexible Single Master Operations (FSMO)
A specialized domain controller task that handles operations that can affect the entire domain or forest.
leaf object
A type of Active Directory object that doesn't contain other objects and usually represents a security account, network resource, or GPO.
domain user account
A user account created in Active Directory that provides a single logon for users to access all resources in the domain for which they have been authorized.
local user account Local user accounts are mainly used on standalone computers or in a workgroup network with computers that aren't part of an Active Directory domain.
A user account defined on a local computer that's authorized to access resources only on that computer.
user principal name (UPN)
A user logon name that follows the format username@domain. Users can use UPNs to sign in to their own domain from a computer that's a member of a different domain.
intrasite replication
Active Directory replication between domain controllers in the same site.
intersite replication
Active Directory replication that occurs between two or more sites.
B) Schema D) Global catalog
All domains in the same forest have which of the following in common? (Choose all that apply.) A) Domain name B) Schema C) Domain administrator D) Global catalog
organizational unit (OU)
An Active Directory container used to organize a network's users and resources into logical administrative units.
operations master
An Active Directory domain controller with sole responsibility for certain domain or forestwide functions.
application directory partition
An Active Directory partition that applications and services use to store information that benefits from automatic Active Directory replication and security.
domain directory partition
An Active Directory partition that contains all objects in a domain, including users, groups, computers, OUs, and so forth.
configuration partition
An Active Directory partition that stores configuration information that can affect the entire forest, such as details on how domain controllers should replicate with one another.
assigned application
An application package made available to users via Group Policy and places a shortcut to the application in the Start screen. The application is installed automatically if a user tries to run it or opens a document associated with it. If the assigned application applies to a computer account, the application is installed the next time Windows boots.
published application
An application package made available via Group Policy for users to install by using Programs and Features in Control Panel. The application is installed automatically if a user tries to run it or opens a document associated with it.
trust relationship
An arrangement that defines whether and how security principals from one domain can access network resources in another domain.
extension
An item in a Group Policy Object (GPO) that allows an administrator to configure a policy setting.
Install from Media (IFM)
An option when installing a DC in an existing domain; much of the Active Directory database contents are copied to the new DC from media created from an existing DC.
C) At user logon
By default, when are policies set in the User Configuration node applied? A) Every 5 minutes B) Immediately C) At user logon D) At computer restart
A) Only one domain controller can be assigned a particular FSMO role.
How many domain controllers can be assigned an FSMO role? A) 1 B) 3 C) 5 D) 10 E) 0
object
In Active Directory, a group of information that describes a network resource, such as a shared printer, or an organizing structure, such as a domain or OU.
site
In Active Directory, a physical location in which domain controllers communicate and replicate information regularly.
attribute value
Information stored in each attribute. See also schema attributes.
schema
Information that defines the type, organization, and structure of data stored in the Active Directory database.
Active Directory
The Windows directory service that enables administrators to create and manage users and groups, set networkwide user and computer policies, manage security, and organize network resources.
domain
The core structural unit of Active Directory; contains OUs and represents administrative, security, and policy boundaries.
forest root domain
The first domain created in a new forest.
relative identifier (RID)
The part of a SID that's unique for each Active Directory object. See also security identifier (SID).
multimaster replication
The process for replicating Active Directory objects; changes to the database can occur on any domain controller and are propagated, or replicated, to all other domain controllers.
B) LDAP
The protocol for accessing Active Directory objects and services is based on which of the following standards? A) DNS B) LDAP C) DHCP D) ICMP
Active Directory replication
The transfer of information between and among all domain controllers to make sure they have consistent and up-to-date information.
child domains
These can also be called subdomains.
B) Domains D) Sites
To which of the following can a GPO be linked? (Choose all that apply.) A) Trees B) Domains C) Folders D) Sites
D) IFM
When installing an additional DC in an existing domain, which of the following is an option for reducing replication traffic? A) New site B) Child domain C) GC server D) IFM
A) Active Directory Domains and Trusts C) ADSI Edit
Which MMC is added after Active Directory installation? (Choose all that apply.) A) Active Directory Domains and Trusts B) Active Directory Groups and Sites C) ADSI Edit D) Active Directory Restoration Utility
D) Domain
Which container has a default GPO linked to it? A) Users B) Printers C) Computers D) Domain
B) A service similar to a database program but with the capability to manage objects
Which of the following best describes a directory service? A) A service similar to a list of information in a text file B) A service similar to a database program but with the capability to manage objects C) A program for managing the user interface on a server D) A program for managing folders, files, and permissions on a distributed server
C) Sites
Which of the following is a component of Active Directory's physical structure? A) Organizational units B) Domains C) Sites D) Folders
domain controller (DC)
A Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources.
Directory Services Restore Mode (DSRM)
A boot mode used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally.
Schema classes
A category of schema information that defines the types of objects that can be stored in Active Directory, such as user or computer accounts.
Schema attributes
A category of schema information that defines what type of information is stored in each object.
tree
A grouping of domains that share a common naming structure.
Group Policy Object (GPO)
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory.
security identifier (SID)
A numeric value assigned to each object in a domain that uniquely identifies the object; composed of a domain identifier, which is the same for all objects in a domain, and an RID. See also relative identifier (RID).
permissions
Settings that define which resources users can access and what level of access they have to resources.
forest
A collection of one or more Active Directory trees.
GPO scope
A combination of GPO linking, inheritance, and filtering that defines which objects are affected by the settings in a GPO.
directory service
A database that stores information about a computer network and includes features for retrieving and managing that information.
schema directory partition
A directory partition containing the information needed to define Active Directory objects and object attributes for all domains in the forest.
replication partner
A domain controller configured to replicate another domain controller.
child domains
Domain that shares at least the top-level and second-level domain name structure as an existing domain in the forest.
built-in user accounts
One of two user accounts created by Windows automatically during installation.
A) Has fine-grained access controls B) Can be distributed among many servers
Which of the following is a feature of Active Directory? (Choose all that apply.) A) Has fine-grained access controls B) Can be distributed among many servers C) Can be installed on only one server per domain D) Has a fixed schema
A) Can contain trees with different naming structures C) Contains domains with different schemas D) Represents the broadest element in Active Directory
Which of the following is associated with an Active Directory forest? (Choose all that apply.) A) Can contain trees with different naming structures B) Allows independent domain administration C) Contains domains with different schemas D) Represents the broadest element in Active Directory
C) Global catalog
Which of the following is associated with installing the first domain controller in a forest? A) RODC B) Child domain C) Global catalog D) DHCP
B) A container object that can be linked to a GPO
Which of the following is not associated with an Active Directory tree? A) A group of domains B) A container object that can be linked to a GPO C) A common naming structure D) Parent and child domains
C) DC
Which of the following is not part of Active Directory's logical structure? A) Tree B) Forest C) DC D) OU
C) Domain
Which of the following is the core logical structure container in Active Directory? A) Forest B) OU C) Domain D) Site
A) Storing a copy of the domain data B) Providing data search and retrieval functions D) Providing authentication services
Which of the following is the responsibility of a domain controller? (Choose all that apply.) A) Storing a copy of the domain data B) Providing data search and retrieval functions C) Servicing multiple domains D) Providing authentication services
C) The first domain controller in the forest root domain
You have an Active Directory forest of two trees and eight domains. You haven't changed any operations master domain controllers. On which domain controller is the schema master? A) All domain controllers B) The last domain controller installed C) The first domain controller in the forest root domain D) The first domain controller in each tree
