005.2 Lesson 5 Possible Questions
three seconds after issuing the first change notification before sending a change notification to the next domain controller
If there are multiple replica domain controllers in the site, the source domain controller will wait
three hops are taken to get directory updates to replica domain controller
The KCC on each domain controller creates a bidirectional connection between the source domain controller and the replica domain controller. It ensures no more than
logon scripts and group policies, and it is a repository for public access files used by domain controllers.
The SYSVOL folder on each domain controller contains a copy of
LDIF file
The authoritative restore process creates an ___ containing each back‐link that needs to be restored
Edb.chk
The file that is used to track the point up to where transactions in the log file have been committed
Snapshot viewing
-Active Directory Users and Computers -LDP.exe -ADSIEDIT.exe
move database files
. On a domain controller that is running Windows Server 2008 or later, you do not need to restart the domain controller in DSRM to
Temp.edb
A file that is used as a scratch pad to store information about in‐progress large transactions and to hold pages pulled out of Ntds.dit during maintenance operations
Active Directory Administrative Center
After the Active Directory Recycle Bin has been enabled, you can access the Deleted Objects container using the
Denied RODC Password Replication Group
As an additional option, to prevent users from authenticating against the RODC, add the users or user group to
black box
As far as the client of cloud computing is concerned, cloud computing looks like a
not be replicated to a RODC
Attributes marked as confidential and that are part of the Filtered Attribute Set will
wbadmin.exe
Backup command‐line tool
Windows Server 2008 R2 or later.
Before you can use the Active Directory Recycle Bin, you need to have the forest functional level set to
8
Extensible Storage Engine (ESE) -Max database recorded size -___ KB page size
2
Extensible Storage Engine (ESE) -Max object size --___ Billion
16
Extensible Storage Engine (ESE) -Max size ___ TB
Res1.log and Res2.log files
Files that are used to reserve space for additional log files if edb.log becomes full
Active Directory Recycle Bin
If an object is inad-vertently deleted, you might consider using the ___ before performing an authoritative restor
password prepopulation
In order for ___ to cache passwords, the users and computers must have their accounts configured to have their passwords replicated, or they must have been added to the Allowed RODC Password Replication Group.
delete the RODC object from the Active Directory Users and Computers consol
In the event of an RODC theft or compromise, the user passwords need to be changed immediately at the hub site. To meet this immediate need, the fastest way to force all users, who have authenticated or who have their credentials cached on that RODC, is simpl
RPC over IP or Simple Mail Transfer Protocol (SMTP)
Intersite replication traffic can occur over
Knowledge Consistency Checker (KCC)
Intrasite replication topology is generated by
turned on
Only items deleted after the Active Directory Recycle Bin is ___ can be restored from the Active Directory Recycle Bin
inter-vals, costs, and schedule
Replication between sites depends on replication
Edb.log
The log file into which directory transactions are written before being committed to the database file. Transaction log files used by ESE are 10 MB in size
Ntds.dit
The physical database file in which all directory data is stored. This file consists of three internal tables: the data table, link table, and security descriptor (SD) table. It contains the schema information, configuration information, and domain information
creates a shortcut connection and makes a connection with the replica domain controller across the ring to increase the speed of replication
To circumvent more than three hops happening between a source domain controller and a replica domain controller, the KCC
Windows Server 2008 or later domain controller that holds the Schema Master FSMO role
To configure the Filtered Attribute Set, the configuration of the attribute must be done on
distin-guished name of the object
To perform an authoritative restore of an object or subtree, you need to know
different location
To perform an offline defragmentation procedure, you first create a new, com-pacted version of the database file in a
reboot the domain controller into DSRM, and then you can perform an authoritative restore of Active Directory objects while AD DS is stopped by using Ntdsutil.exe.
To perform state restore of a domain controller while AD DS is stopped you must
authoritative restore
To restore an object or container within Active Directory that has been inadvertently deleted, you need to perform
location
When the new defragmented data-base is created, the procedure then copies the compacted ntds.dit file back to the origina
back‐links
When you do an authoritative restore process, a ___ file is created
reset all users' passwords, reset all computer passwords, and export a list of compromised accounts.
When you initiate the deletion of the RODC, you are prompted and given the option to
data deduplication
dramatically reduce the amount of disk storage capacity consumed by daily and weekly backup data
AD DS
You can choose to restore the objects to their original location or to an alternate location within
Backup Schedule Wizard or by using the Backup Once option
You can create a backup using
nonauthoritative restore
You use only a ___ if the problem has not spread to the other domain controllers (highly unlikely) or you want to restore the domain controller so that it is functional again
back‐link
a ref-erence to an attribute within another object that also needs to be restored with the object
Filter Attribute Sets
allows administrators the ability to mark attributes as "Confidential" when being replicated to RODC
Microsoft Windows Backup
allows you to back up a system. However, third‐party backup software packages usually offer more features and options
Monitoring replication
allows you to troubleshoot and narrow down problems between domain controllers when replication is not working properly in your enterprise allows you to ensure all domains within the enterprise are receiving updates to all directory partitions, keeping users and directory data fully accessible.
Restartable AD DS
available by default on all domain controllers that run Windows Server 2016. There are no functional‐level requirements or any other prerequisites for using this feature.
not enabled by default, it can be enabled
change notification between sites is
semantic checke
check the integrity of the contents of the Active Directory database
integrity
command is used to detect low‐level (binary‐level) database corruption which reads every byte of the data file and makes sure that the correct headers exist in the database itself and that all of the tables are functioning and are consistent
Cloud computing
computing resources (hardware and software) that are delivered as a service over the network, such as the Internet
12
garbage collection occurs every ___ hours
replica domain controllers get all needed AD changes as soon as possible
he KCC creates a sepa-rate replication topology for the schema, configuration, domain, and application partitions to ensure
system state
if you need to back up Active Directory, you need to back up ___ so that you can get all the Active Directory components
intrasite replication
not used to notify domain con-trollers in other sites about changes
400/1000
ntds.dit file is approximately ___ MB in size per ___ users
Intersite replication
occurs between domain controllers residing in separate physical locations within the AD DS topology
snapshots
read‐only and you cannot modify the contents no direct methods with which to move, copy, or restore objects or attrib-utes from the ___ to the production instance of Active Directory.
Intersite replication
replication between domain controllers in different sites across a wide area network (WAN) considered request‐pull replication, meaning the replica bridgehead server in one site requests the changes from the source bridgehead server
tape libraries
support data deduplication
they are members of the Allowed RODC Password Replication Group
the user or group that you configured under the Managed By tab are not, by default, allowed to log on or authenticate against the RODC unless
Backup Operators or Administrators group
ust install the Windows Server Backup feature using the Add Roles and Features Wizard. To run Windows Server Backup, you must be a member of
RPC over IP
utilizes Remote Call Procedure over Internet Protocol connectivity, Kerberos authentication, and data encryp-tion, allowing efficient and secured data transfer between domain controllers
authoritative restore
when an ___ is performed windows increments the version number to be higher than any version number used in the other domain controllers
Password prepopulation
•Faster initial logons because the authentication process won't have to traverse the WAN to the closest, writable, Windows 2008 or later domain controller •The ability to prepare an RODC before shipment to the remote site if no WAN link is available when the RODC is brought online