Windows AD DS Definitions

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Logical | Domain Tree

A hierarchical collection of domains that share a common root domain and a contiguous Domain Name System (DNS) namespace. Savle.net hr.Savle.net this.Savle.net These all trust eachother - the same stuff goes in these

AD DS

(Active Directory Domain Services) The database that contains the users, groups, and computer accounts in a Windows Server domain.

Physical | Subnet

A site can have more than one subnet

Tree trust

A trust which is created automatically in each domain. In a tree/root trust, every tree in the forest automatically trusts every other tree in the forest.

Group Objects

Add multiple user objects to the group and they have the same access to let's say r w x a file Choose group type and scope

Managed Service Account

An account used by a service or application.

Logical | Forest

Collection of domains that have common AD DS root, schema, and global catalog Top of the domain trees that are separate but trust each other. Basically this.net and that.net can share some same objects and stuff for authentication I think.

Physical | Site

Container for AD DS objects such as computers and services that are specific to a physical location.

Physical | Domain Controller

Contains copy of AD DS database. Can process changes and replicate the changes to all other domain controllers in domain

Physical | Data Store

Copy of this is on every domain controller Stores directory info in the Ntds.dit file and associated log files D:\Windows\NTDS

Trust

Enable access to resources in a complex AD DS environment. Transitive trust - any friend of yours is a friend of mine (they can access each other) Non-transitive - create a trust between each domain (they can access each other)

To support group managed service accounts, what must you do?

Create a KDS root key Add-KdsRootKey -EffectiveImmediately New-ADServiceAccount -Name LondonSQLFarm -PrincipalsAllowedToRetrieveManagedPassword SEA-SQL1, SEA-SQL2, SEA-SQL3

Physical | Global catalog server

Domain controller that hosts the global catalog - partial read-only copy of all objects in multiple-domain forest.

Group Policy Object (GPO)

Enables network administrators to define multiple rights and permissions to entire sets of users all at one time.

Scope

Groups abilities or permissions. Local - Only for single local system Domain-local - All computers part of local domain Global - For users with similar chracteristics. Universal - Members can be from anywhere in the AD DS forest

Computer Objects

Have account and sign-in name and password and authenticate with domain Have access to resources belong to groups

Generic Containers

Like Users and Computers

Logical | Domain

Logical admin container for objects like users and computers. Domain maps to specific partition

Logical | OU (organizational unit)

Object for users, groups, and computers that provides a framework for delegating admin rights and administration by linking GPO (group policy objects) WITHIN A DOMAIN These are different than containers because containers can't have a GPO attached and OUs have a lot of management capabilities like who can manage them.

User Account

Object that contains Username Password Group Memberships Users authenticate to AD DS domain and access network resources with this.

Logical | Container

Object that provides organizational framework for use in AD DS.

Logical | Partition

Portion of AD DS database. Database consists of one file Ntds.dit Different partitions contain different data: Schema partition has copy of AD scheme Configuration partition contains config objects of forest, etc Domain

Physical | Read only domain controller

RODC Common where physical security is not optimal

RSAT

Remote Server Administration Tools Tools that let you manage Winows Server roles and features remotely Don't need to download but can enable it from settings.

Group Types

Security - primarily used to assign permissions. Distribution lists - Not security-enabled

Logical | Schema

Set of definitions of the object types and attributes that you use to define objects created in AD DS All object types

Group Managed Service Account

Used for more than one server in your domain

Active Directory Administrative Center

Used to administer and publish information in the directory, including managing users, groups, computers, domains, domain controllers, and organizational units. Cannot be installed on Domain Controller

Computer Container

Where you put computer objects


Ensembles d'études connexes

Chapter 19: The Elbow, Forearm, Wrist and Hand

View Set

Emirates Airlines | Speech Training | Lesson 1

View Set

4.2-4.3 Glycolysis and Fermentation/ Aerobic Respiration

View Set

Leadership and Management - U World

View Set

KINESIOLOGY FINGER & HAND JOINTS (EXTRINSIC AND INTRINSIC)

View Set

Phlebotomy chapter 8 (certification exam prep)

View Set

Chapter 2 Beginnings of English America/ Inquizitive

View Set