IS-451M-Exam 2-Lecture 7
What is the difference between a single-domain structure and a multi-domain structure?
A single-domain structure is usually easier and less expensive than a multidomain structure May not always be a better solution
What is a tree?
A tree is a grouping of domains that share a common naming structure. It can consist of a parent domain and possibly one or more child domains. (If they have different names, they have different trees.)
How can you search for Active Directory objects?
Active Directory objects can be searched for using the Find Users, Contacts, and Groups dialog box
What is a "ORGANIZATIONAL UNIT" primarily contain?
An OU is a primary container object for organizing and managing resources in a domain
What does Authentication confirm?
Authentication confirms a users identity
What can be delegated by "ORGANIZATIONAL UNIT"?
Authority of an OU can be delegated
What's the main difference between "adding a domain controller to an existing domain" vs. "installing the first domain controller" ?
Biggest difference is that you select "Add a domain controller to an existing domain" instead of "Add a new forest"
How are computer accounts created?
Computer accounts are created automatically when AD is installed on a server
What replication occurs between two or more sites?
Intersite replication
What replication occurs between domain controllers in the same site?
Intrasite replication
What is the information stored in each attribute called?
The Attribute Value
What is the core logical structure in AD?
The Domain Object is core logical structure in AD.
What is a domain?
The core structural unit of an Active Directory. It contains OUs and represents administrative, security, and policy boundaries.
What is the first domain referred to?
The first domain is the forest root and is referred to as the forest root domain
What is Active Directory Replication?
The process of "maintaining a consistent database of information" when the database is "distributed among several locations"
What does the Active Directory "SCHEMA" define?
The schema defines the type, organization, and structure of data stored in the AD database
How are Trust Relationships established?
Trust relationships are established automatically between all domains in the forest
If there is is no trust between domains, is access across domains still possible?
When there is no trust between domains, no access across domains is possible.
In Active Directory, a trust relationship defines what?
defines whether and how security principals from one domain can access network resources in another domain
BUILTIN - folder object holds...
it holds default groups created by Windows
What does permission define?
permissions define which resources users can access and what level of access they have
What is a Shared Folder leaf object?
represents a shared folder on a computer in the network
What is a Printer leaf object?
represents a shared printer in the domain
What does Knowledge Consistency Checker (KCC) run on?
runs on all DCs to determine the replication topology
MANAGED SERVICE ACCOUNTS - is created specifically for services to...
services to access domain resources
What do rights define?
specifies what types of actions a user can perform on a computer or network
What is the role of the "Directory Service"?
stores information about a computer network and offers features for retrieving and managing that information. (Generally an admin tool, users use it to find resources, centralized management tool, so it requires careful planning to set up).
USERS - stores two default...
stores two default users (Administrator and Guest) and several default groups
COMPUTERS - is the default location for...
the default location for computer accounts created when a new computer or server becomes a domain member
The computer account object's name must match?
the name of the computer that the account represents
What are the some common characteristics that all domains in a forest share?
-A single schema -Forest-wide administrative accounts -Operations masters -Global Catalog -Trusts between domains -Replication between domains
What are the two windows created default user accounts called?
-Administrator and Guest
What is the physical structure of a site look like for an Active Directory?
-An Active Directory site is simply a physical location in which domain controllers communicate and replicate information regularly
What other could be possible Active Directory leaf objects?
-Contact -Printer -Shared Folder
What tasks can you perform using the ADAC?
-Create and manage users, group, and computer accounts -Manage OUs. -Connect to other domain controllers in the same or a different domain. -Change the domain's functional level and enable the AD Recycle Bin.
What does Active Directory leaf object usually represent? (Silly actor, next race go phone on.)
-Security account -Network resource -GPO
What is a domain controller responsible for in an active directory?
-Storing a copy of the domain data and replicating changes to that data to all other domain controllers in the domain. -Providing data search and retrieval functions for users attempting to locate objects in the directory. -Providing authentication and authorization services for users who log on to the domain and attempt to access network resources
What is an "OBJECT" in a Active Directory Schema?
-a grouping of information that describes a network resource
What do User Account objects contain?
-group memberships, account restrictions, profile path, and dial-in permissions
What can you explore Active Directory Services in?
1. Active Directory Administrative Center (ADAC) or 2. Active Directory Users and Computers MMC
What are the two variations of adding a domain to an existing forest?
1. Add a child domain - you're adding a domain that shares at least the top-level and second-level domain name structure as an existing domain in the forest 2. Add a new tree - you're adding a new domain with a separate naming structure from any existing domains in the forest
What are the 5 "FOLDER OBJECTS" created by the default? (Bring computers for system project meeting shortly after us.)
1. Builtin 2. Computers 3. Foreign Security Principals 4. Managed Service Accounts 5. Users
What are the windows I should see when installing Active Directory Services?
1. Click on Server Manager, 2. Deployment Configuration Window, 3. The Domain Controller Options Window, 4. DNS Options Window 5. Specifying Active Directory Paths, 6. Review Options, 7. Prerequisites Check Window.
Functions the forest root domain usually handles?
1. DNS server 2. Global catalog server 3. Forest-wide administrative accounts 4. Operations masters
What are the 5 types of Active Directory partition? (Did she go crazy after dumping chuck?)
1. Domain directory partition 2. Schema directory partition 3. Global catalog partition 4. Application directory partition 5. Configuration partition
Global Catalog servers perform the following vital functions:
1. Facilitates domain and forest-wide searches 2. Facilitates logon across domains - Users can log on to computers in any domain by using their user principal name (UPN) 3. Hold universal group membership information
What are the 6 features that the "Active Directory Services" use? (Hello Officer, can birds detect dumb shrimp swimming for peanut butter apples)
1. Hierarchical organization 2. Centralized but distributed database 3. Scalability 4. Security 5. Flexibility 6. Policy-based administration
What are the four organizing components that make up the logical structure of an Active Directory? (Organizations under drugs think funny)
1. Organizational Units (OUs) 2. Domains 3. Trees 4. Forests
What is two different structures of the Active Directory structure?
1. Physical Structure 2. Logical Structure
What are the 5 operations master roles referred to as Flexible Single Master Operation (FSMO) roles? (She is doing nothing right & is doing Pilates during conferences everyday.
1. Schema Master 2. Infrastructure master 3. Domain Naming master 4. RID master 5. PDC Emulator master
Why do most small and medium businesses choose a single domain?
1. Simplicity 2. Lower costs 3. Easier management 4. Easier access to resources
What does the Active Directory "SCHEMA ATTRIBUTE" define?
Schema attributes define what type of information is stored in each object
What does the Active Directory "SCHEMA CLASSES" define?
Schema classes define the types of objects that can be stored in Active Directory
What do Security Account objects include?
Security account objects include users, groups, and computers
What is the Operations Master?
Several operations in a forest require having a single domain controller, called the Operations Master, whose sole responsibility is the function.
What are the four questions you should know before adding a new domain controller?
Should you install DNS? Should the DC be a global catalog (GC) server? Should this be a read only domain controller (RODC)? In which site should the DC be located?
Why does each domain object have a Group Policy Object linked to it?
So that it that can affect all objects in the domain
What does a Computer Account object represent?
computer account object represents a computer that's a domain controller or domain member
FOREIGN SECURITY PRINCIPALS - contains user accounts from...
contains user accounts from other domains added as members of the local domain's groups
What is a Forest?
A collection of one or more Active Directory trees that provide a common Active Directory environment. -All domains in all trees can communicate and share information. -Can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domains
What does an "CONTAINER OBJECT" contain?
A container object contains other objects.
What is a "CONTAINER OBJECT" used for?
A container object is used to organize and manage users and resources on the network. Can also act as administrative and security boundaries
What do Group objects represent and is this easier than what?
A group object represents a collection of users with common permissions or rights. It is easier than assigning permissions and rights to individual users.
What is each section of an Active Directory database called? And how many types are there?
Directory partition, There are 5 types.
If you are removing a DC from the forest, you have to make sure that , ___ roles are not removed from the network as well?
FSMO roles.
What does the Domain Directory Partition type contain?
It contains all objects in a domain, including users, groups, computers, OUs, and so forth
What does the Schema Directory Partition type contain?
It contains information needed to define AD objects and object attributes.
What does the Configuration Partition type contain?
It contains the configuration information that can affect the entire forest
What does the Global Catalog Partition type contain?
It contains the global catalog, which is a partial replica of all objects in the forest
What does the Application Directory Partition type contain? and what is it used by?
It is used by applications and services. And it contains information that benefits from automatic Active Directory replication and security.
How many domain controllers does Microsoft recommend you to have and why?
Microsoft recommends at least two DCs in every domain For fault tolerance and load balancing
What replication is used by AD for replacing AD objects?
Multimaster replication
When do you need to use more than one domain?
Need for differing account policies Need for different name identities Replication control Need for internal versus external domains Need for tight security
How is the "ORGANIZATIONAL UNIT"?
Nesting OUs can build a hierarchical Active Directory structure that mimics the corporate structure for easier object management
What do Network Resource objects include?
Network resource objects include servers, domain controllers, file shares, printers, etc.
Are trusts and permissions the same thing?
No! -Trusts do not equal permissions -Permissions are still required to access resources, even if a trust relationship exists
What objects are in an OU?
OU contains Active Directory objects, such as: User accounts Groups Computer accounts Printers Shared folders Applications Servers Domain controllers
What is an OU?
OU is an Organizational unit that is an Active Directory container used to organize a network's users and resources into logical administrative units
What does an "ORGANIZATIONAL UNIT" organize multiple objects into?
OUs can organize multiple objects into logical administrative groups that can be configured with specific policies relevant to that group
The first domain controller in the forest typically takes the role of what?
Operations Master
What are the three "CONTAINER OBJECTS" found in Active Directory?
Organizational Units Folder Objects Domain objects
What is "Active Directory" based on originally and what is it based on now and why?
Originally, X.500, a suite of protocols the International Telecommunication Union (ITU) developed, is the basis for its hierarchical structure and for how Active Directory. Now, LDAP is a lighter weight of X.500 that doesn't use the OSI model but not uses the TCP/IP model. Now that it uses LDAP it is able to integrate with UNIX/LINUX Operating systems.
What does Active Directory Domain Services refer to?
Windows Active Directory service
Which year of windows server was the active directory first introduced?
Windows Active Directory was first used in Windows 2000 Server
What is a Contact leaf object?
a person associated with the company but not a network user
