Tools 4.2
Which of the following is NOT an example of a special identity?
Dialup Service
What is a Domain Partition?
Domain specific information that is replicated to all DCs within a domain.
Order the steps to delegate Administrative Control of an OU. a. In the Users or Groups page, click Add. b. Right-click the object over which you want to delegate control, and click Delegate Control. c. In the Select Users, Computers, or Groups dialog box, type the name of the user or group to which you want to delegate control of the object, and click OK. The user or group appears in the Selected users and groups list. d. Select the Tasks to delegate, whether common tasks or custom tasks. Set the delegated permissions for the user or group to which you delegate control. e. From the Tools menu in the Server Manager window, select Active Directory Users and Computers.
EBACD
____ password policies mean that you can now create more than one set of account policies within a domain.
Fine-grained
What is the group scope for Domain Admins, Domain Controllers, and Domain Users default groups?
Global
What enables you to assign permissions to multiple users simultaneously?
Groups
Where does a forest sit in the Active Directory hierarchy?
Highest Level
Global Catalog
It stores a full replicate of every object within its own domain and a partial replica of each object within every domain in the forest
What is one of the main characteristics of a forest?
It uses partitions to store and replicate information
Can you delete default groups created by Windows Server 2012?
No, Default groups cannot be deleted
A(n) ____ is a grouping of related objects within a domain, similar to the idea of having subfolders within a folder, and can be used to reflect the structure of the organization without having to completely restructure the domain(s) when that structure changes.
OU
Creator Owner and Authenticated Users are two examples of _______.
Special Identity
AD LDS is installed as a server role via Server Manager.
True
To create a permanent container that cannot be moved or renamed
Which of the following is not a correct reason for creating an OU?
Within a domain, the primary hierarchical building block is the _________.
organizational unit
In addition to the group scope, there are two types of groups
• Security • Distribution
What directory services does Windows Server 2008 provide?
ADDS and ADLDS
What graphical tool can create user and computer accounts and was redesigned for Windows Server 2012?
Active Directory Administrative Center
What is Active Directory
Active Directory identifies all resources in a network and makes them accessible to users.
The command-line utility can create new user accounts by importing information from a comma-separated value file?
CSVDE.exe
Which of the following default groups is a universal group?
Enterprise Admins
What is the primary difference between universal groups and global groups in Windows Server 2012?
Global groups use less data in the global catalog. So, in considering replication traffic, universal groups should be within a site.
Attributes
In Active Directory Domain Services, the individual properties that combine to form an object.
Users; Computers; Global groups
In a domain running at the Windows Server 2012 domain functional level, which of the following security principals can members of a global group? (Choose all answers that are correct.)
What do OU's contain?
Printers, groups, shared folders
Name some forest partitions
Schema, Configuration, Domain, Global, Application.
Which of the following is NOT a group scope?
Security groups
Active Directory Domain Services (AD DS)
Server role in Active Directory that allows admins to manage and store information about resources from a network. Promotes server to domain controller.
Global to domain local; Universal to global
Which of the following group scope modifications are not permitted? (Choose all answers that are correct.)
A ____ is one in which every child object contains the name of the parent object.
contiguous namespace
In a ____, the user does not have permission to update the folder containing his profile.
mandatory user profile
A ____ is a TCP/IP-based concept (container) within Active Directory that is linked to IP subnets.
site
Adding object to the Member Of tab for a group makes the group a member of another group (if does not add members to the group).
• When you delete a group, all information about the group (including any permissions assigned to the group) is deleted. User accounts, however, are not deleted. They are simply no longer associated with the group. If you delete the group, use one of the following strategies to recover it: • Re-create the group, add all the original group members, and reassign any permissions granted to the group. • Restore the group from a recent backup.
Name 3 benefits of Active Directory
1. Automatic replication, 2. centralized administration, 3. single log-on for access to resources
Domain Controller
A Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources.
What are OU's?
A container that represents a logical grouping of resources.
Distribution
A distribution group is used to maintain a list of users and is typically used for sending e-mails to all groups members. Distribution groups cannot be used for assigning permissions.
What is a Group
A group is used to collect user accounts, computer accounts, and other group accounts into manageable units. Working with group instead of individual user accounts helps simplify network maintenance and administration. For instance, through groups the users receive all the user rights assigned to the group and all permissions assigned to the group on any shared resources.
What is a domain tree?
A grouping of domains that share the same namespace
Domains
A logical grouping of network resources and devices that are administered as a single unit.
What is a domain?
A logical grouping of network resources and devices that are administered as a single unit.
What is an Application Partition?
Allows administrators to control what information is replicated to which domain controllers.
Domain User
An account that can access ADDS or network-based resources, such as shared folders and printers within a specified domain.
Local User
An account that can access only resources on the local computer and does not reside inside of the domain.
Order the steps to create an OU with Active Directory Administrative Center. a. Click OK. The organizational unit object appears in the container. b. In the left pane, right-click the object beneath which you want to create the new OU and, from the context menu, select New > Organizational Unit. c. From Server Manager's Tools menu, select Active Directory Administrative Center. d. In the Name field, type a name for the OU and add any optional information you want.
CBDA
Order the steps to create a restricted groups policy. a. Open the GPO in the Group Policy Management Editor and browse to the Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups folder. b. Right-click the Restricted Groups folder and from the context menu, select Add Group. The Add Group dialog box appears. c. From the Tools menu in the Server Manager window, select Group Policy Management. The Group Policy Management console appears. d. Create a new Group Policy object (GPO) and link it to your domain. e. Type or browse to add a group object and click OK. The group appears in the Restricted Groups folder and a Properties sheet for the policy appears. f. Click one or both of the Add buttons to add objects that should be members of the group, or other groups of which the group should be a member.
CDABEF
Trees
Collection of domains within an active directory that have a common relationship
Forest
Consists of one or more Active Directory trees that are in a common relationship
An administrator needs to grant an e-mail distribution group of 100 members access to a database, how would the administrator proceed? The e-mail group is obsolete and can be dissolved.
Convert the distribution group to a security group and then assign the group access permissions.
Active Directory
Directory service that houses information about all network resources
What is the only OU created by default after installing Active Directory?
Domain Controllers OU
Groups are security principals, meaning you assign access permissions to a resource based on membership to a group. OUs are for organization and for assigning Group Policy settings.
Generally, how do groups differ from OUs?
Organizational Unit
Grouping of related objects within a domain so that objects can be under the same group policies
How do groups differ from OUs?
Groups are security principals, meaning you assign access permissions to a resource based on membership in a group. OUs are for organization and for assigning Group Policy settings.
Active Directory groups
Have a group scope. The scope defines the potential group membership and the resource access that can be controlled through the group. The following table lists the different security group scopes and their membership and use.
Group Policy
Hierarchical infrastructure that allows specific configurations for users and computers by the network administrator
cn=amy,ou=sales,dc=central,dc=cohowinery,dc=com
If the user named Amy is located in the sales OU of the central.cohowinery.com domain, what is the correct syntax for referencing this user in a command line utility?
Read-Only Domain Controller (RODC)
In Active Directory Domain Services, a domain controller that supports only incoming replication traffic. It cannot be modified but can be used for authentication.
What is a key difference between a domain tree hierarchy and the organizational unit (OU) hierarchy within a domain?
Inheritance
Schema
Like the blueprint for active directory, it defines the attributes each type of object can possess, the type of data that can be stored in each attribute, and the object's place in the directory tree.
Global (Group Scope)
Membership ----------------------------- Global groups can contain members within the same domain. These include: • Global groups in the same domain (in native mode only). • Users and computers within the same domain. Use global groups to group users and computers within the domain who have similar access needs. ----------------------------- Resource Access • Global groups can be assigned permissions to resources anywhere in the forest. • Create global groups to organize users (e.g., Sales or Development).
Domain Local (group scope)
Membership ------------------------------ Domain local groups can contain members from any domain in the forest. These include: • Domain local groups in the same domain (in native mode only). • Global groups within the forest. • Universal groups within the forest (in native mode only). • Users and computers within the forest. ------------------------------ Resource Access • Domain local groups can be assigned permissions within a domain. • Create domain local groups representative of the domain controller resources to which you want to control access, and then assign permissions on the resource to the group.
Universal (Group Scope)
Membership ------------------------------ Universal groups can contain members from any domain in the forest. These include: • Universal groups within the forest. • Global groups within the forest. • Users and computers within the forest. ------------------------------ Resource Access • Universal groups can be assigned permissions to resources anywhere in the forest. • Universal group membership should be relatively stable. For this reason, you should only add global or universal groups to universal groups. Avoid adding user accounts directly to universal groups.
What is a forest?
One or more Windows domains
Container
Pre-built container objects used to organize objects in Active Directory. Does NOT allow for delegation of control or the ability to link GPOs.
A ____ is different from normal DCs in that you cannot use it to update information in Active Directory and it does not replicate to regular DCs.
Read-Only Domain Controller
____ and user accounts enable an organization to delegate authority over objects, such as Active Directory containers, user accounts, groups, and applications.
Security Groups
Of the default groups created when Active Directory is installed, what are the types of those groups?
Security groups
Duplicating organizational divisions, assigning Group Policy settings, and delegating administration
Select the best reasons for using organizational units (OUs)?
Distinguished Name
The "file path" given to objects in Active Directory for locating them without a GUI.
Be aware of the following when managing groups
The basic best practices for user and group security are: • Create groups based on user access needs. • Assign user accounts to the appropriate groups. • Assign permissions to each group based on the resource needs of the users in the group and the security needs of your network. After creating a group, you may need to convert the group's scope and/ or type. • Converting a security group to a distribution group removes permissions assigned to the group. This could prevent or allow unwanted access. • You cannot directly convert a group from global to domain local or domain local to global. Instead, convert the group to a universal group and apply the changes, then convert the group to the desired scope. • If a global group is nested in another global group, the nested global group cannot be converted to a universal group because a universal group cannot be a member of a global group.
What are the different kinds of groups?
There are two types: security and distribution; and there are three group scopes: domain local, global, and universal.
There are two types: security and distribution, and three group scopes: domain local, global, and universal.
What are the different kinds of groups?
Dsmod.exe
What command-line utility allows administrators to modify groups' type and scope as well as add or remove members?
Global groups use less data in the global catalog. So, in considering replication traffic, universal groups should be within a site.
What is the primary difference between universal groups and global groups in Windows Server 2012?
Universal
Which of the following groups do you use to consolidate groups and accounts that either span multiple domains or the entire forest?
OU
Which of the following is a container object within Active Directory?
What is Active Directory Used in?
Windows 2000, Windows Server 2003, Windows Server 2008
Name some Active Directory Standards
X500 and LDAP
One of the group's members has the group set as its primary group.; You do not have the proper permissions for the container in which the group is located.
You are attempting to delete a global security group in the Active Directory Users and Computers console, and the console will not let you complete the task. Which of the following could possibly be causes for the failure? (Choose all answers that are correct.)
Delegation of control
You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers?
In Windows Server 2012, after a user logs on to Active Directory, a(an) ________ is created that identifies the user and all the user's group memberships.
access token
Active Directory is a ____ that houses information about all network resources such as servers, printers, user accounts, groups of user accounts, security policies, and other information.
directory service
1. A ____ usually is a higher-level representation of how a business, government, or school is organized, for example reflecting a geographical location or major division of that organization.
domain
Members of a universal group can come ______.
from trusted forests
The forest ____ refers to the Active Directory functions supported forest-wide.
functional level
The ____ stores information about every object within a forest.
global catalog
A ____ is intended to contain user accounts from a single domain and can also be set up as a member of a domain local group in the same or another domain.
global security group
If information on one DC changes, such as the creation of an account, it is replicated to all other DCs in a process called ____.
multimaster replication
DNS is a TCP/IP-based name service that converts computer and domain host names to dotted decimal addresses and vice versa, through a process called ____.
name resolution
Every resource in a domain is called a(n) ____.
object
A ____ is typically used to enable one- or two-way access between a Windows Server domain within a forest and a realm of UNIX/Linux computers.
realm trust
Each kind of object in Active Directory is defined through the ____, which is like a small database of information associated with that object, including the object class and its attributes.
schema
A(n) ____ means that if A and B have a trust and B and C have a trust, A and C automatically have a trust as well.
transitive trust
A ____ contains one or more domains that are in a common relationship.
tree
Like user accounts, there are both local and domain groups
• Local groups exist only on the local computer, and control access to local resources. • Domain groups exist in Active Directory, and can be used to control access to domain and local resources. In an Enterprise environment, you will work mainly with domain groups.
To add or remove members of a group, use the following methods
• On the group object, edit the Members tab and add the group members. Use this method to efficiently add multiple members to the same group. • On the user account, edit the Members Of tab and select the group to which you want to add the user. The Member of tab displays all of groups to which the object is a member. Use this method to efficiently add a single user to multiple groups.
Security
A security group is one that can be used to manage rights and permissions. • Group members get the permissions that are granted to the group. • A security group represents an object with a security identifier (SID), which through the member attribute, collects other object, such as users, computers, contacts, and other groups.
What concept does AD use for managing resources on a Windows Network?
A tree concept
Of the key reasons for creating organizational units, which of the following is NOT one of them?
Assigning permissions to network resources
