70-410 Lesson 13: Installing Domain Controllers

Ace your homework & exams now with Quizwiz!

Which of the following features allows you to create virtual machines on a leased cloud resource?

. Infrastructure as a Service (IaaS) Explanation: In addition to running Windows Server 2012 R2 on physical computers and locally-hosted virtual machines, Microsoft's Windows Azure service enables administrators to create virtual machines using leased cloud resources provided by Microsoft. This feature, called Infrastructure as a Service (IaaS), enables administrators to run applications in the cloud while maintaining full control over the virtual machines themselves.

A directory service that Microsoft first introduced in Windows 2000 Server and has upgraded in each successive server operating system release, including Windows Server 2012 R2.

Active Directory Domain Services (AD DS)

What defines what objects exist as well as what attributes are associated with any object in the Active Directory?

Active Directory schema Explanation: Different object types have different sets of attributes, depending on their functions. The attributes each type of object can possess, the type of data that each attribute can store, and the object's place in the directory tree are all defined in the directory schema.

What is the global catalog?

An index of all AD DS objects in a forest Explanation: The global catalog is an index of all AD DS objects in a forest that prevents systems from having to perform searches among multiple domain controllers.

What is the process of granting the user access only to the resources he or she is permitted to use?

Authorization Explanation: Authorization is the process of granting the user access only to the resources he or she is permitted to use. Users joined to an Active Directory Domain Services (AD DS) domain can log on to the domain, not to an individual computer or application, and can access any resources in that domain for which administrators have granted them the proper permissions.

What allows administrators to grant users in one domain access to resources of another domain within the same domain tree?

Bidirectional trust relationship between domains Explanation: Domains in the same tree have bidirectional trust relationships between them, though, which Active Directory creates automatically when you create each subdomain. These trust relationships mean that an administrator of a particular domain can grant any user in the tree access to that domain's resources. As a result, you do not need to create duplicate user objects, just because an individual needs access to resources in a different domain.

What are the two basic classes of Active Directory objects?

Container and leaf objects Explanation: Objects come in two basic classes: container objects and leaf objects. A container object can have other objects subordinate to it, whereas a leaf object cannot have subordinate objects. The container objects essentially form the branches of the tree, with the leaf objects growing on the branches.

Active Directory keeps a naming convention for the domain that mirrors ______.

DNS Explanation: Active Directory uses the Domain Name System (DNS) naming conventions for its domains. You can create an Active Directory domain using the registered domain name you use on the Internet, or you can create an internal domain name, without registering it.

A communications protocol specified in the X.500 standard. It is also the progenitor of the Lightweight Directory Access Protocol (LDAP).

Directory Access Protocol (DAP)

What is the fundamental component of the Active Directory architecture, functioning as the boundary for virtually all directory functions, including administration, access control, database management, and replication?

Domain Explanation: The domain is the fundamental component of the Active Directory architecture. You can zoom into a domain and create a hierarchy within it, and you can zoom out and create a hierarchy out of multiple domains. In AD DS, domains function by default as the boundaries for virtually all directory functions, including administration, access control, database management, and replication.

What is not a container, nor full-fledged security division and cannot have Group Policy settings applied directly to them?

Group Explanation: Group objects are not containers, as OUs are, but they perform a similar function, with important differences. Groups are not full-fledged security divisions, as OUs are; you cannot apply Group Policy settings to a group object directly. However, group members—which can be leaf objects, such as users or computers, as well as other groups—inherit permissions assigned to that group.

What is an important difference between groups and OUs?

Group memberships are independent of the domain's tree structure. Explanation: One of the most important differences between groups and OUs is that group memberships are independent of the domain's tree structure. A group can have members located anywhere in the domain and, in some cases, can have members from other domains.

What is the PowerShell cmdlet for installing a domain controller to the domain "adatum.com"?

Install-AddsForest -DomainName "adatum.com" Explanation: In its simplest form, the following command installs a domain controller for a new forest called adatum.com: Install-AddsForest -DomainName "adatum.com"

The standard communications protocol for directory service products, including Active Directory Domain Services.

Lightweight Directory Access Protocol (LDAP)

What does LDAP stand for?

Lightweight Directory Access Protocol (LDAP) Explanation: LDAP defines the format of the queries that Active Directory clients send to domain controllers, as well as provides a compound naming structure for uniquely identifying objects in the directory.

What type of Active Directory replication minimizes problems in database management over slow WAN links?

Multiple-master replication Explanation: Single-master replication can make managing the database difficult, especially if administrators are located in remote offices and must work over a slow wide-area network (WAN) link. To avoid this problem, Active Directory uses multiple-master replication, in which you can make changes to domain objects on any domain controller, which replicates those changes to all the other domain controllers.

What is the next level of Active Directory container object within a domain?

Organizational unit Explanation: An organizational unit (OU) is a container object that functions in a subordinate capacity to a domain, similar to a subdomain, but without the complete separation of security policies. As container objects, OUs can contain other OUs, as well as leaf objects.

What is a container object that functions in a subordinate capacity to a domain, and still inherits policies and permissions from its parent objects?

Organizational unit Explanation: An organizational unit (OU) is a container object that functions in a subordinate capacity to a domain, similar to a subdomain, but without the complete separation of security policies. As container objects, OUs can contain other OUs, as well as leaf objects. You can apply separate Group Policy settings to an OU and delegate the administration of an OU as needed. However, an OU is still part of the domain and still inherits policies and permissions from its parent objects.

In Active Directory Domain Services, a domain controller that supports only incoming replication traffic.

Read-Only Domain Controller (RODC)

What is the process by which domain controllers communicate by sending database information to each other to stay synchronized?

Replication Explanation: When a domain has two or more domain controllers, each controller must have a database that is identical to those of the others. To stay synchronized, the domain controllers communicate by sending database information to each other, which is a process called replication.

What special DNS resource record enables clients to locate domain controllers and other vital AD DS services?

SRV Explanation: The DNS is essential to the operating of AD DS. To accommodate directory services such as AD DS, a special DNS resource record was created that enables clients to locate domain controllers and other vital AD DS services.

If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees?

Same security entity as one Active Directory forest, bidirectional trust between domain trees Explanation: When you create the first domain on an Active Directory network, you are in fact creating a new forest, and that first domain becomes the forest root domain. Subsequent domain trees can be created, but are still part of the original domain forest. Domains are not security boundaries, in the strict sense of the term. You can perform tasks in one domain that affect all other domains in the forest. To completely isolate one domain from another, you must create them in different forests. Therefore, the forest functions as the security boundary, not the domain.

What determines the functional level of an Active Directory forest?

The lowest version of Windows Server on a domain controller Explanation: Functional levels are designed to provide backward compatibility in AD DS installations, with domain controllers running various versions of the Windows Server operating system. Each successive version of Windows Server includes new Active Directory features, which are not directly compatible with previous versions. By selecting the functional level representing the oldest Windows version running on your domain controllers, you disable these new features, so that the various domain controllers can interoperate properly.

What is the PowerShell cmdlet and syntax for demoting a domain controller?

Uninstall-ADDSDomainController -ForceRemoval -LocalAdministratorPassword <password> -Force Explanation: To demote a domain controller with Windows PowerShell, use the Uninstall-ADDSDomainController cmdlet

What is the method for removing a domain controller in Windows Server 2012 R2?

Using the Remove Roles and Features Wizard Explanation: To remove a domain controller from an AD DS installation, you must begin by running the Remove Roles and Features Wizard.

Which of the following features allows you to install AD DS on a virtual machine that is located in the cloud?

Windows Azure Explanation: In addition to running Windows Server 2012 R2 on physical computers and locally-hosted virtual machines, Microsoft's Windows Azure service enables administrators to create virtual machines using leased cloud resources provided by Microsoft. Windows Azure resources can be self-contained in the cloud and administrators can create a virtualized AD DS forest to organize and manage them.

For Server Core installations, how does Windows Server 2012 R2 differ from Windows Server 2008 when installing the AD DS role and promoting the system to a domain controller?

Windows Server 2012 R2 now allows administrators to use PowerShell. Explanation: In Windows Server 2008 and Windows Server 2008 R2, the accepted method for installing AD DS on a computer using the Server Core installation option is to create an answer file and load it from the command prompt using the Dcpromo.exe program with the /unattend parameter. In Windows Server 2012 R2, you can install AD DS on a computer running the Server Core installation option and promote the system to a domain controller, all by using Windows PowerShell.

Which of the following is not true about an object's attributes? a. Administrators must manually supply information for certain attributes. b. Every container object has, as an attribute, a list of all the other objects it contains. c. Leaf objects do not contain attributes. d. Active Directory automatically creates the globally unique identifier (GUID).

a. Administrators must manually supply information for certain attributes. b. Every container object has, as an attribute, a list of all the other objects it contains. c. Leaf objects do not contain attributes

What is the key difference between groups and Organizational Units (OUs)? a. Because groups are independent from domain structure, its members may be located anywhere in the domain or outside the domain. b. You cannot apply Group Policy settings directly to group objects. c. OUs are containers, whereas groups are not containers. d. There is essentially no difference between OUs and groups.

a. Because groups are independent from domain structure, its members may be located anywhere in the domain or outside the domain.

What is required by DNS for Active Directory to function? a. Dynamic update support b. DHCP forwarding support c. SRV records support d. Active Directory integration

a. Dynamic update support c. SRV records support

What is the first domain installed in a new Active Directory forest called? a. Forest root domain b. Parent root domain c. Domain tree root d. Domain root

a. Forest root domain

Order the steps to add a domain controller to an existing domain. a. On the Installation progress page that appears at the end of the Active Directory Domain Services role installation procedure, click the Promote this server to a domain controller hyperlink. The Active Directory Domain Services Configuration Wizard appears. b. Select an existing domain controller to function as a Replication source. c. After authenticating if necessary, specify the domain from the forest to which the new server will be added. Select any options as needed: Install DNS, Leave a Global Catalog, and Select Read only domain controller. d. Select the Add a domain controller to an existing domain option, and then click Select. e. Select a site where the domain controller will be located. f. Specify the password for Directory Services Restore Mode (DSRM).

a. On the Installation progress page that appears at the end of the Active Directory Domain Services role installation procedure, click the Promote this server to a domain controller hyperlink. The Active Directory Domain Services Configuration Wizard appears. d. Select the Add a domain controller to an existing domain option, and then click Select. c. After authenticating if necessary, specify the domain from the forest to which the new server will be added. Select any options as needed: Install DNS, Leave a Global Catalog, and Select Read only domain controller. e. Select a site where the domain controller will be located. f. Specify the password for Directory Services Restore Mode (DSRM). b. Select an existing domain controller to function as a Replication source. Explanation: Every Active Directory domain should have a minimum of two domain controllers.

What is the default trust relationship between domains in one forest? a. Two-way trust relationship between domain trees b. By default, no trust relationship between domain trees c. One-way trust relationship between domain trees d. Each domain tree trusts the forest, but not between each other

a. Two-way trust relationship between domain trees

Which of the following cannot contain multiple Active Directory domains? a. organizational units b. sites c. trees d. forests

a. organizational units

In Active Directory Domain Services, the individual properties that combine to form an object.

attributes

The process by which Windows Server 2012 R2 verifies that the user matches the user account employed to gain access.

authentication

The process of determining whether an identified user or process is permitted access to a resource and the user's appropriate level of access.

authorization

Order the steps to remove a replica domain controller. a. Click the Demote this domain controller hyperlink. Select the Force the removal of this domain controller check box and click Next. b. From the Server Manager's Manage menu, select Remove Roles and Features. c. Clear the Active Directory Domain Services check box. d. Select the server that you want to demote from a domain controller. e. Clear the AD DS check box. Click Remove Features, and then click Next. Click Remove. Close the wizard and restart. f. In the Password and Confirm Password text boxes, type the password you want the server to use for the local Administrator account after the demotion.

b. From the Server Manager's Manage menu, select Remove Roles and Features. d. Select the server that you want to demote from a domain controller. c. Clear the Active Directory Domain Services check box. a. Click the Demote this domain controller hyperlink. Select the Force the removal of this domain controller check box and click Next. f. In the Password and Confirm Password text boxes, type the password you want the server to use for the local Administrator account after the demotion. e. Clear the AD DS check box. Click Remove Features, and then click Next. Click Remove. Close the wizard and restart. Explanation: To remove a domain controller from an AD DS installation, you must begin by running the Remove Roles and Features Wizard.

Which of the following does an Active Directory client use to locate objects in another domain? a. DNS b. Global Catalog c. DHCP d. Site Link

b. Global Catalog

What are the two basic classes of Active Directory objects? a. Resource b. Leaf c. Domain d. Container

b. Leaf c. Domain

What is the primary reason for creating different sites on an Active Directory network? a. To create geographical divisions within the Active Directory b. To control the traffic passing over relatively slow and expensive WAN links between locations c. To provide an access control layer between sites d. To provide a boundary when applying Group Policy settings

b. To control the traffic passing over relatively slow and expensive WAN links between locations Explanation: The primary reason for creating different sites on an Active Directory network is to control the amount of traffic passing over the relatively slow and expensive WAN links between locations.

Which of the following items is a valid leaf object in Active Directory? a. Domain b. User c. Application partition d. OU

b. User

What is the simplest way for administrators to upgrade their AD DS infrastructure to Windows Server 2012 R2? a. Upgrade all existing down-level domain controllers (DCs) to Windows Server 2012 R2. b. In Server Manager, use the Active Directory Domain Services Configuration Wizard to update a DC. c. Add a new Windows Server 2012 R2 DC to your existing Directory Services installation. d. Use Adprep.exe, included in the operating system.

c. Add a new Windows Server 2012 R2 DC to your existing Directory Services installation. Explanation: You can upgrade an AD DS infrastructure in two ways. You can upgrade the existing down-level DCs to Windows Server 2012 R2, or you can add a new Windows Server 2012 R2 DC to your existing installation.

What is the simplest way for administrators to upgrade their Active Directory Domain Services (AD DS) infrastructure to Windows Server 2012 R2? a. Upgrade all existing down-level domain controllers (DCs) to Windows Server 2012 R2. b. In Server Manager, use the Active Directory Domain Services Configuration Wizard to update a DC. c. Add a new Windows Server 2012 R2 server to your existing Directory Services installation. d. Use Adprep.exe, included in the operating system.

c. Add a new Windows Server 2012 R2 server to your existing Directory Services installation.

An Active Directory functional level must be low enough to ensure interoperability between domain controllers running different versions of Windows Server. How does the functional level affect the AD forest? a. Higher functional level means more efficient AD communication. b. Higher functional level means few Global Catalog errors. c. Lower functional level means fewer features available. d. Lower functional level means time to upgrade the lowest servers.

c. Lower functional level means fewer features available.

Order the steps to create a new forest. a. Select the Add a new forest option and in the Root domain name text box, type the name of the domain you want to create. b. Consider the earliest Windows versions you plan to install as domain controllers to specify the Forest and Domain functional levels. c. On the Installation progress page that appears at the end of the AD DS role installation procedure, click the Promote this server to a domain controller hyperlink. The Active Directory Domain Services Configuration Wizard appears. d. Specify the password for Directory Services Restore Mode (DSRM). e. Confirm the NetBIOS equivalent of the domain and paths for AD DS file where applicable.

c. On the Installation progress page that appears at the end of the AD DS role installation procedure, click the Promote this server to a domain controller hyperlink. The Active Directory Domain Services Configuration Wizard appears. a. Select the Add a new forest option and in the Root domain name text box, type the name of the domain you want to create. b. Consider the earliest Windows versions you plan to install as domain controllers to specify the Forest and Domain functional levels. d. Specify the password for Directory Services Restore Mode (DSRM). e. Confirm the NetBIOS equivalent of the domain and paths for AD DS file where applicable. Explanation: When beginning a new AD DS installation, you first need to create a new forest, which you do by creating the first domain in the forest, the forest root domain.

In Active Directory Domain Services, an object, such as a domain or organizational unit, that has leaf objects or other container objects as its subordinates.

container object

What is an important difference between groups and organizational units (OUs)? a. An OU can represent the various divisions of your organization. b. Group membership can be a subset of an OU. c. OUs are a security entity. d. Group memberships are independent of the domain's tree structure.

d. Group memberships are independent of the domain's tree structure.

When is an Active Directory site topology created? a. Site topology is started upon initial installation of the Active Directory. b. Site topology starts when you finalize the links and subnets configuration. c. Creation of sites and its topology is dependent on link costs. d. Site topology is manually configured dependent on WAN bandwidth and transmission speed.

d. Site topology is manually configured dependent on WAN bandwidth and transmission speed. Explanation: Unlike many other elements of an Active Directory deployment, the creation of a site topology is not automatic. You must manually create and configure the site, subnet, and site link objects. When you create a site topology, you create site objects, specify the subnets located at each site by creating subnet objects, and then specify the access schedules and relative costs of the WAN links between the sites (in terms of bandwidth and transmission speed, not monetary costs) by creating and configuring site link objects.

What administrative division in Active Directory is defined as a collection of subnets that have good connectivity between them to facilitate the replication process? a. Forests b. Locations c. Domains d. Sites

d. Sites Explanation: To facilitate the replication process, Active Directory includes another administrative division called the site. A site is defined as a collection of subnets that have good connectivity between them. Good connectivity is understood to be at least T-1 speed (1.544 megabits per second). Generally speaking, this means that a site consists of all the local area networks (LANs) at a specific location. A different site would be a network at a remote location, connected to the other site using a T-1 or a slower WAN technology.

What is the primary reason for creating different sites on an Active Directory network? a. To create geographical divisions within the Active Directory b. To provide another boundary when applying Group Policy settings (along with domains and OUs) c. To provide a layer of access control between objects in differing sites d. To control the amount of traffic passing over the relatively slow and expensive WAN links between locations

d. To control the amount of traffic passing over the relatively slow and expensive WAN links between locations

Is it possible to add AD DS on a computer running Server Core? a. No, you require the full GUI installation of Windows Server 2012 R2. b. Yes, you use Dcpromo.exe and accompanying answer files. c. No, unless all servers are already running Windows 2012. d. Yes, you use PowerShell, by first installing AD DS role, and then promoting the server to a DC.

d. Yes, you use PowerShell, by first installing AD DS role, and then promoting the server to a DC.

What is the command-line tool and syntax for determining whether a domain controller has been registered in DNS?

dcdiag /test:registerindns /dnsdomain:<domain name> /v Explanation: If the DNS registration process fails, computers on the network cannot locate that domain controller, the consequences of which can be serious. To confirm that a domain controller has been registered in the DNS, open a command-prompt window with administrative privileges and enter the dcdiag /test:registerindns /dnsdomain:<domain name> /v command.

An Active Directory Domain Services component that specifies the attributes each type of object can possess, the type of data that can be stored in each attribute, and the object's place in the directory tree.

directory schema

A set of network resources available for a group of users who can authenticate to the network to gain access to those resources.

domain

A Windows server with Active Directory Domain Services directory service installed. Each workstation computer joins the domain and is represented by a computer object. Administrators create user objects that represent human users. A domain differs from a workgroup because users log on to the domain once, rather than to each individual computer.

domain controller

In Active Directory Domain Services, an architectural element that consists of one or more domains that are part of the same contiguous namespace.

domain tree

Order the steps to install the AD DS role. a. Confirm installation if not selecting from optional functions. b. Select the server that you want to promote to a domain controller and click Next. Select the Active Directory Domain Services role. c. Leave the Role-based or feature-based installation radio button selected and click Next. d. Click Add Features to accept the dependencies, and then click Next. e. From the Server Manager's Manage menu, select Add Roles and Features.

e. From the Server Manager's Manage menu, select Add Roles and Features. c. Leave the Role-based or feature-based installation radio button selected and click Next. b. Select the server that you want to promote to a domain controller and click Next. Select the Active Directory Domain Services role. d. Click Add Features to accept the dependencies, and then click Next. a. Confirm installation if not selecting from optional functions. Explanation: Although the AD DS role does not actually convert the computer into a domain controller, installing it prepares the computer for the conversion process.

In Active Directory Domain Services, an architectural element that consists of one or more domain trees.

forest

An Active Directory _____ consists of one or more separate domain trees.

forest Explanation: An Active Directory forest consists of one or more separate domain trees, which have the same two-way trust relationships between them as two domains in the same tree. When you create the first domain on an Active Directory network, you are in fact creating a new forest, and that first domain becomes the forest root domain.

In Active Directory Domain Services, the first domain created in a forest.

forest root domain

A list of all the objects in an Active Directory Domain Services forest and a subset of each object's attributes, used by domain controllers to locate and access the resources of other domains in the same forest.

global catalog

In Active Directory Domain Services, an object, such as a user or computer, which is incapable of containing any other object.

leaf object

A technique in which duplicate copies of a file are updated on a regular basis, no matter which copy changes. For example, if a file is duplicated on four different servers, a user can access any of the four copies and modify the file as needed. The replication engine uses the changes made to the modified copy to update the other three copies. Compare to single master replication.

multiple-master replication

A container object that functions in a subordinate capacity to a domain, but without the complete separation of security policies.

organizational unit (OU)

A technique in which duplicate copies of a file are updated on a regular basis from one master copy. For example, if a file is duplicated on four different servers, users can modify one copy and the replication engine propagates the changes to the other three copies. Compare with multiple-master replication.

single-master replication

A collection of subnets that have good connectivity between them.

site


Related study sets

Federal Tax Considerations for Health Insurance Quiz

View Set

CTI: Intelligence Sources and Formats

View Set

ATI: RN Community Program Planning, Implementation, and Evaluation Assessment

View Set

Pharmacology 1 Musculoskeletal Meds

View Set

Part 2, Chapter 14: Using Worksheets and Worksheet Functions

View Set