005.2 Lesson 5 Possible Questions

three seconds after issuing the first change notification before sending a change notification to the next domain controller

If there are multiple replica domain controllers in the site, the source domain controller will wait

three hops are taken to get directory updates to replica domain controller

The KCC on each domain controller creates a bidirectional connection between the source domain controller and the replica domain controller. It ensures no more than

logon scripts and group policies, and it is a repository for public access files used by domain controllers.

The SYSVOL folder on each domain controller contains a copy of

LDIF file

The authoritative restore process creates an ___ containing each back‐link that needs to be restored

Edb.chk

The file that is used to track the point up to where transactions in the log file have been committed

Snapshot viewing

-Active Directory Users and Computers -LDP.exe -ADSIEDIT.exe

move database files

. On a domain controller that is running Windows Server 2008 or later, you do not need to restart the domain controller in DSRM to

Temp.edb

A file that is used as a scratch pad to store information about in‐progress large transactions and to hold pages pulled out of Ntds.dit during maintenance operations

Active Directory Administrative Center

After the Active Directory Recycle Bin has been enabled, you can access the Deleted Objects container using the

Denied RODC Password Replication Group

As an additional option, to prevent users from authenticating against the RODC, add the users or user group to

black box

As far as the client of cloud computing is concerned, cloud computing looks like a

not be replicated to a RODC

Attributes marked as confidential and that are part of the Filtered Attribute Set will

wbadmin.exe

Backup command‐line tool

Windows Server 2008 R2 or later.

Before you can use the Active Directory Recycle Bin, you need to have the forest functional level set to

8

Extensible Storage Engine (ESE) -Max database recorded size -___ KB page size

2

Extensible Storage Engine (ESE) -Max object size --___ Billion

16

Extensible Storage Engine (ESE) -Max size ___ TB

Res1.log and Res2.log files

Files that are used to reserve space for additional log files if edb.log becomes full

Active Directory Recycle Bin

If an object is inad-vertently deleted, you might consider using the ___ before performing an authoritative restor

password prepopulation

In order for ___ to cache passwords, the users and computers must have their accounts configured to have their passwords replicated, or they must have been added to the Allowed RODC Password Replication Group.

delete the RODC object from the Active Directory Users and Computers consol

In the event of an RODC theft or compromise, the user passwords need to be changed immediately at the hub site. To meet this immediate need, the fastest way to force all users, who have authenticated or who have their credentials cached on that RODC, is simpl

RPC over IP or Simple Mail Transfer Protocol (SMTP)

Intersite replication traffic can occur over

Knowledge Consistency Checker (KCC)

Intrasite replication topology is generated by

turned on

Only items deleted after the Active Directory Recycle Bin is ___ can be restored from the Active Directory Recycle Bin

inter-vals, costs, and schedule

Replication between sites depends on replication

Edb.log

The log file into which directory transactions are written before being committed to the database file. Transaction log files used by ESE are 10 MB in size

Ntds.dit

The physical database file in which all directory data is stored. This file consists of three internal tables: the data table, link table, and security descriptor (SD) table. It contains the schema information, configuration information, and domain information

creates a shortcut connection and makes a connection with the replica domain controller across the ring to increase the speed of replication

To circumvent more than three hops happening between a source domain controller and a replica domain controller, the KCC

Windows Server 2008 or later domain controller that holds the Schema Master FSMO role

To configure the Filtered Attribute Set, the configuration of the attribute must be done on

distin-guished name of the object

To perform an authoritative restore of an object or subtree, you need to know

different location

To perform an offline defragmentation procedure, you first create a new, com-pacted version of the database file in a

reboot the domain controller into DSRM, and then you can perform an authoritative restore of Active Directory objects while AD DS is stopped by using Ntdsutil.exe.

To perform state restore of a domain controller while AD DS is stopped you must

authoritative restore

To restore an object or container within Active Directory that has been inadvertently deleted, you need to perform

location

When the new defragmented data-base is created, the procedure then copies the compacted ntds.dit file back to the origina

back‐links

When you do an authoritative restore process, a ___ file is created

reset all users' passwords, reset all computer passwords, and export a list of compromised accounts.

When you initiate the deletion of the RODC, you are prompted and given the option to

data deduplication

dramatically reduce the amount of disk storage capacity consumed by daily and weekly backup data

AD DS

You can choose to restore the objects to their original location or to an alternate location within

Backup Schedule Wizard or by using the Backup Once option

You can create a backup using

nonauthoritative restore

You use only a ___ if the problem has not spread to the other domain controllers (highly unlikely) or you want to restore the domain controller so that it is functional again

back‐link

a ref-erence to an attribute within another object that also needs to be restored with the object

Filter Attribute Sets

allows administrators the ability to mark attributes as "Confidential" when being replicated to RODC

Microsoft Windows Backup

allows you to back up a system. However, third‐party backup software packages usually offer more features and options

Monitoring replication

allows you to troubleshoot and narrow down problems between domain controllers when replication is not working properly in your enterprise allows you to ensure all domains within the enterprise are receiving updates to all directory partitions, keeping users and directory data fully accessible.

Restartable AD DS

available by default on all domain controllers that run Windows Server 2016. There are no functional‐level requirements or any other prerequisites for using this feature.

not enabled by default, it can be enabled

change notification between sites is

semantic checke

check the integrity of the contents of the Active Directory database

integrity

command is used to detect low‐level (binary‐level) database corruption which reads every byte of the data file and makes sure that the correct headers exist in the database itself and that all of the tables are functioning and are consistent

Cloud computing

computing resources (hardware and software) that are delivered as a service over the network, such as the Internet

12

garbage collection occurs every ___ hours

replica domain controllers get all needed AD changes as soon as possible

he KCC creates a sepa-rate replication topology for the schema, configuration, domain, and application partitions to ensure

system state

if you need to back up Active Directory, you need to back up ___ so that you can get all the Active Directory components

intrasite replication

not used to notify domain con-trollers in other sites about changes

400/1000

ntds.dit file is approximately ___ MB in size per ___ users

Intersite replication

occurs between domain controllers residing in separate physical locations within the AD DS topology

snapshots

read‐only and you cannot modify the contents no direct methods with which to move, copy, or restore objects or attrib-utes from the ___ to the production instance of Active Directory.

Intersite replication

replication between domain controllers in different sites across a wide area network (WAN) considered request‐pull replication, meaning the replica bridgehead server in one site requests the changes from the source bridgehead server

tape libraries

support data deduplication

they are members of the Allowed RODC Password Replication Group

the user or group that you configured under the Managed By tab are not, by default, allowed to log on or authenticate against the RODC unless

Backup Operators or Administrators group

ust install the Windows Server Backup feature using the Add Roles and Features Wizard. To run Windows Server Backup, you must be a member of

RPC over IP

utilizes Remote Call Procedure over Internet Protocol connectivity, Kerberos authentication, and data encryp-tion, allowing efficient and secured data transfer between domain controllers

authoritative restore

when an ___ is performed windows increments the version number to be higher than any version number used in the other domain controllers

Password prepopulation

•Faster initial logons because the authentication process won't have to traverse the WAN to the closest, writable, Windows 2008 or later domain controller •The ability to prepare an RODC before shipment to the remote site if no WAN link is available when the RODC is brought online