chap 7
You are the administrator for WestSim Corporation. The network has a single domain, westsim.com. Five domain controllers, all running Windows 2008 server, are located on the network
Use the delegation of control wizard. Grant each user administrator permission to modify passwords for their department OU.
The default location for new user accounts and groups
Users and container
You receive a call Monday morning from the Help Desk. There are seven users who are unable to log in to the domain. Upon further investigation, you notice all seven accounts have been locked-out. You need to unlock the user accounts with the least amount of administrative effort while complying with your security policy. What should you do next?
Using Active Directory Users and Computers, select Unlock Account for each for each account.
You are planning the Active Directory deployment shown in the figure below. Your organization has two sites that will be members of the same Active Directory domain. Three domain controllers will be deployed at each site. It is anticipated that, as your organization grows, additional branch offices in remote locations will be added to the domain. Because the staff at these locations will be unlikely to have an experienced IT staff on site, you have decided to install three virtual domain machines in the Azure cloud and make them domain controllers in the same domain. Users in branch offices will then be able to use these cloud-based domain controllers for authentication. You need to ensure that domain authentication and synchronization traffic remains secure in this deployment. Click the network segment(s) where a VPN connection will need to be used.
Wires connecting site A and B.
you have just deployed an azure ad domain controller in the azure cloud. you created a user acct. youre now testing the configs trying to join your home computer to the domain which option in the system menu in the settings app will allow ur coputer to join
about
you have added a new printer to the network. only certain users have permission to use it. some users complain it takes too long to find the new printer in active directory. what can you do to ifx this?
add a global catalog server
which of the following container objects are active directory builtin containers? (four)
computers, managedserviceaccounts, foreignsecurityprincipals, users
You are the administrator for the widgets.com domain. Organizational Units (OUs) have been created for each company department. You have smllaer ous within each departmen OU, such as ITadmins in the admin ou. give one user in each ou the rights to manage user accts in their ou give your assistants in the itadmins group rights to manage passwords for all domain users What should you do?
create a password admin group in the ITadmins ou make your assistants members in the group, delegate control to the passwordadmin group to perform password tasks create a useradmin group in each department ou make the user in each ou a member of the useradmin group in each department ou, delegate control to the useradmin group to perform user account tasks in that ou
your network spans across 3 cities - atlanta, chicago, denver. your first active dir. domain controller is in atlanta. you have used active directory sites and services to change the names, but thats all. you need to configure active directory to direct clients to local network resources for authentication/ which steps must you perform
create subnet objects for the 3 cities and link them to their respective sites create site objects for chicago and denver move the chicago and denver server objects into their respective site objects
You are the administrator of a network with a single Active Directory domain. You would like to create a script to distribute to the Help Desk support staff for their needs when creating domain user accounts
dsadd
You are the administrator of a network with a single Active Directory domain. The domain includes a user account named Bob smith. You have been asked by the network security group to provide a listing of all the domain groups to which Bob Smith is a member.
dsget
You manage a Windows Server 2012 R2 system that functions as your company's domain controller. Your organization was recently acquired by a larger organization and the company name has changed as a result.
dsmod ldifde
You manage a Windows Server 2012 R2 system that is an Active Directory domain controller for your organization. You need to use command-line tools to generate a list of all users in the domain and then view the value of the Office property of each user.
dsquery user -name * | dsget user -display -office
You are the manager of the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. You have several assistant administrators who help manage Active Directory objects. For each OU, you grant one of your assistants Full Control over the OU. You come to work on morning to find that while managing some user accounts, the administrator in charge of the Sales OU has deleted the entire OU and all of its objects from a recent backup. You want to make sure that your assistants can't delete the OUs they are in charge of. What should you do? (Select two.) Edit the properties for each OU to prevent accidental deletion, Remove Full Control permissions from each OU. Run the Delegation of Control wizard for each OU, granting permissions to perform the necessary management tasks.
edit the properties for each OU to prevent accidental deletion, Remove Full Control permissions from each OU. Run the Delegation of Control wizard for each OU, granting permissions to perform the necessary management tasks.
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for Accounting, Sales, and Shipping departments. User and computer for each department are in their respective OU. At 5:30pm, you get a call from Mary Hurd, a user in the Sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information shown in the image. You need to make sure Mary can log in. What should you do? Enable Mary's account.
enable marys account
You are the administrator for a small company, which uses a single Windows Server 2012 R2 to host a single domain. All client computers run Windows 8. Mary Hurd, a user in the Sales department, calls and reports that she is unable to log in using her computer (Sales1). You use Active Directory Users and Computers and see the screen shown in the image. You need to allow Mary to log in. What should you do?
enable the computer account
global catalog
facilitates faster searches
You need to use a PowerShell to generate a list of all Active Directory computer accounts located in just the Computers container (cn=Computers,dc=testoutdemo,dc=com).
get-adcomputer -filter * -SearchBase "cn=Computer,dc=testoutdemo,dc=com"
tree
group of related domains
schema
identifies the types of objects that can exist in the tree
You are the network administrator for westsim.com . the network consists of a single Active Directory domain. All the servers run windows server 2012 R2. All the clients run windows 8. The company is opening a new branch office in New York which will have on hundred new users.
import-csv new-ADUser
You manage a Windows Server 2012 R2 system that functions as your company's domain controller. You want to test a new network application in a lab environment prior to rolling it on your production network.
ldifde csvde
domain - logical organization or physical structure
log org
forest - logical organization or physical structure
logical org
ou - logical organization or physical structure
logical organization
You have a laptop that you use for remote administrator from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheated one day, causing extensive damage. Rather than repair the computer, you purchase a new one for your use. The computer arrives and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer. Which commands should you run?
netdom reset, then netdom join
shared folder - network resource or security principal?
network
printer - network resource or security principal?
network resource
subnet - logical organization or physical structure
phys structure
site - logical organization or physical structure
physical structure
you have just deployed an azure ad domain controller in the azure cloud so users can remote in. replication is set to occur 180 minutes by default. how do you change this setting
place the azure ad domain controller in its own site
you manage a network with a single active directory domain called westsim.com most of your users work from office and access your on-premise controllers to authenticate. few users work remotely. you moved to office365 using cloud-hosted versions for epmloyees who work from home. what are the advantages of deploying azure ad?
remote users can authenticate to the domain from any location that has internet remote users have single sign-on access to the cloud hosted versions
object
resource in the directory
group - network resource or security principal?
security
user - network resource or security principal?
security
computer account - network resource or security principal?
security principal
you have just deployed an azure ad domain controller in the azure cloud. you created a user acct. youre now testing the configs. you joined your home computer. you are ready to make sure you can access w ur user account which steps do you need to log on to the azure ad user acct
select other user and sign in using azure ad user acct credentials sign out as local user
You are the administrator of a network with a single Active Directory domain. You need to create 75 user accounts in the domain User container.
use Csvde to import user accounts using the .csv file.
You are the administrator of a network with a single Active Directory domain. This domain currently includes 75 user accounts.
use the Ldifde.exe utility Use the Csvde.exe utility
organizational unit
used to logically organize network resources within a domain
object
user or group of users
`you manage a network with a single active directory domain called westsim.com most of your users work from office and access your on-premise controllers to authenticate. few users work remotely. you moved to office365 using cloud-hosted versions for epmloyees who work from home. which are options for deploying AZURE ad
you can install active directory domain controllers on windows azure vms in the cloud you can deploy active directory domain controllers using windows azure active directory Saas cloud service
Organizational units organize network resources. You can use the organizational model that best meets your needs. Drag the organizational model on the left to the appropriate example OU on the right.
*Denver OU: Physical location model *Printers OU: Object type model *Sales OU: Corporate structure model *Engineering OU: Corporate structure model *Brazil OU: Physical location model *Brazil OU containing Sales OU: Hybrid model
You have not yet installed Active Directory Domain Services (AD DS) on a new Windows Server system. You are planning to use the computer as a domain controller in Active Directory
1. Configure the computer name. 2. Set the system time and time zone.
You have completed the installation of the Active Directory Domain Services role on a new server. Now you want to promote this server to be a domain controller in an existing domain. The server was installed with a Server Core deployment, so you will need to make this server a domain controller in an existing domain from the PowerShell command line. 1. Install-ADDSDomainController 2. Import-Module ADDSDeployment
1. Install-ADDSDomainController 2. Import-Module ADDSDeployment
You have just started a new job as the administrator of the eastsim.com domain. The manage of the accounting department has overheard his employees jokes about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the account department. Before creating the password policy, you open the Active Directory Users and Computers structure and see the following containers and OU: eastsim.com *Builtin *Users *Computers *Domain Controllers Which steps must you perform to implement the desired password policy?
1. Put the accounting employees user objects into the OU created for the accounting employees. 2. Create an OU in eastsim.com for the accounting employees. 3. Configure the password policy and link it to the OU created for the accounting employees.
domain
A collection of network resources that share a common directory database
global catalog
A database that contains a partial replica of every object from every domain
domain controller
A server that holds a copy of the Active Directory database
organizational unit
A type of container object that can be created by the administrator
you need to add a new windows server to an active directory domain. powershell is install-windowsfeature________
AD-Domain-Services
You manage a network with a single domain named eastsim.com . The network currently has three domain controllers.
Active Directory Users and Computers or Active Directory Sites and Services
You are the administrator of a network with two active directory domains. Each domain currently includes 35 global groups and 75 domain local groups. You have been reading the Windows Server help files and have come to the conclusion that universal groups may be the answer to ease administrative management of these groups.
Add global groups to universal groups and then add those local groups.
generic container
An object type that cannot be created, moved, renamed, or deleted
Holds the default service administrator accounts
Builtin container
domain controller
Can make changes to the Active Directory database
You manage a group of 10 Windows workstations that are currently configured as a Workgroup. Which advantages you could gain by installing Active Directory and adding the computers to a domain?
Centralized configuration control, Centralized authentication
forest
Collection of related domain trees
The default location for workstations when they join the domain
Computers container
You are the network administrator for your company. Your network consists of two Active Directory domain: research.westsim.local and sales.westsim.local
Configure one of the domain controllers in Houston to be a global catalog server.
You are the administrator of a multi domain Active Directory forest. You have a Universal Group called SalesExecs.
Convert the SalesExecs group from a Distribution group to a security group.
You are the administrator for ABC Corporation. The network has a single Active Directory domain called xyz.com. The sales team has a shared folder on Srv1 that is used to hold sales contact information.
Convert the group to a security group.
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the Accounting, Sales, and Shipping departments. User and computer accounts for each department are in their respective OU. Organizational units have been created for the Accounting, Sales, and Shipping departments. User and computer accounts for each department are in their respective OU. Mary Hurd is a manager in the Sales Department. Mary is a member of the Managers global group. This group also has members from other Organizational Units. The Managers group has been given the Read share permission to the Reports shared folder. Mary's user account (mhurd) has also been given the Change share permission to the Reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as the mhurd user account. You want to complete the configuration with as little effort as possible. What should you do?
Copy the mhurd user account. Assign the new account the Change share permission to the Reports shared folder.
You are the domain administrator for a single domain forest. You have 10 file servers that are member servers running Windows Server 2012 R2. Your company has designed its top level OU structure based on the 15 divisions for your company.
Create a Global group called AllMgrs; make each of the existing division managers groups a memb
You are the domain administrator for a single domain forest. Your company has based its top level OU structure on the four divisions for your company; Manufacturing, Operations, Marketing, and Transportation
Create a Global security group called AllMgrs and make each of the existing division manager groups a member. Create a Universal security group called AllMgrs and make each of the existing division manager groups a member.
You manage a single domain named widgets.com . Organizational Units have been created for all company departments. Computer and user accounts have been moved into their corresponding department OUs. The CEO has requested the ability to send e-mails to managers and ream leaders.
Create a distribution global group. For each user on the e-mail list, make their user account a member of the group.
You are the administrator for a network with two domains: westsim.com and sales.westsim.com . You have a shared folder called Reports and on the Sales1 server in the sales.westsim.com domain. You also have a shared folder called Contacts on the Sales6 Server in the branch.westsim.com domain.
Create a global group in each domain. Add users within each domain to the group.
You are the network administrator of a network that spans two locations: Atlanta and Dallas. Atlanta and Dallas are connected using a dedicated WAN link.
Create a new site object in Active Directory and move the server object for the Dallas domain controller into the new site.
You are in charge of designing the Active Directory tree. You have a small company that has only one location. You have determined that you will have approximately 500 objects in your completed tree. organized with four primary departments
Create a organizational unit object for each department. Train a member of each department to perform limited administrative duties. use delegation wizard to give a member of each ou enough rights to perform necessary tasks in appropraite ou
You are the network administrator for your company. Your company has three standalone servers that run Windows Server 2012 R2. All servers are located in a single location. You have decided to create a single Active Directory domain for your network. Currently, each department has one employee designated as the department's computer support person. Employees in this role create user accounts and reset passwords for the department.
Create a organizational unit structure where each department has its own OU. Use the delegation of Control wizard to grant each computer support user appropriate permission to their department OUs.
You are the network administrator for a company with a single Active Directory domain. The corporate office is located in Miami and there are satellite offices in Boston and Chicago.
Create subnets for the new floors in the Boston office and link them to the Boston site.
You are the administrator for the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. You have assistants who help with resetting passwords and managing group membership. You also want your assistants to help create and delete user accounts. Which of the following tool can you use to allow your assistants to perform these additional tasks? Delegation of Control Wizard You have just started a new job as the administrator of the eastsim.com domain. The manage of the accounting department has overheard his employees jokes about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the account department. Before creating the password policy, you open the Active Directory Users and Computers structure and see the following containers and OU: eastsim.com *Builtin *Users *Computers *Domain Controllers Which steps must you perform to implement the desired password policy?
Delegation of Control Wizard
You are the administrator for a network with two domains: westsim.com and sales.westsim.com . You have a shared folder called Reports and on the Sales1 server in the sales.westsim.com domain. The follwoing two users need access to this shared folder: Delete the existing group. Create a domain local group in sales.westsim.com . Add Mark and Mary as member and assign permission to the share. Convert the group to a universal group.
Delete the existing group. Create a domain local group in sales.westsim.com . Add Mark and Mary as member and assign permission to the share. Convert the group to a universal group.
You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain controller at each site.
Designate the domain controllers at sites 2 and 3 as global catalog servers.
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the Accounting, Sales, and Support departments. User and computer accounts for each department are in their respective OU. The Support department has very high turnover. Nearly every week you need to add new user accounts. All user accounts have the same Department and Fax Number settings. Each user account must also have permission to the Orders shared folder. You want to create a template account to use when creating new accounts in the future. You want to create a template account to use when creating new accounts in the future. What should you do? (Select three.)
Disable the user account, Create a group called Support. Make the template account a member of the Shipping group. Assign permissions for the group to the Orders shared folder, Create a user account with the Department and Fax Number settings.
The root container to the hierarchy
Domain Controller
the default location for domain controller computer accounts
Domain Controller OU
You are the manager of the eastsim.com domain. The forest and domain are running in Windows 2000 functional mode. Your two domain controllers have been upgraded to Windows 2008. Your active directory structure has organizational units (OU) for each company department. You have several admins who help manage Active Directory objects. For each OU, you grant on assistants full control over the OU. You come to work one morning to find that while managing some user accounts the administrator in charge of the Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. You edit the OU properties but can't find the protect object from accidental deletion setting. What should you do so you can configure the setting?
In Active Directory Users and computers show the advanced settings
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for Accounting, Sales, and Shipping departments. User and computer for each department are in their respective OU. You have hired a temporary worker named John Miller to work in the Shipping department during the holidays. John should only be allowed to log on to the Ship01 workstation and no others. What should you do?
In John's user account, add Ship01 to the Log On To list
You are the domain administrator for north.westsim.com . You havea high-end color laser printer that is shared on a server in north.westsim.com . Because of the high price per page you have removed the print permission from the Everyone group.
In the North domain create a Domain Local group called CRT-PRT. In all three domains create a Global group named Marketing. Add all three global groups to the North CLR-PRT group and assign the print permission to the group.
attributes
Information about an object, such as a user's name
You are a domain administrator for a large, multi-domain network. There are approximately 2500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied. What should you do?
Move the computer accounts from their current location to the correct OUs
You want to configure Computer1 as a Global Catalog server.
NTDS settings
You are the network administrator for westsim.com . the network consists of a single Active Directory domain. All the servers run windows server 2012 R2. All the clients run windows 8. There is one main office and seven branch offices. You have been asked to create a script that can be used in the event of a disaster that destroys the entire network.
New-ADObject
You manage user accounts in the southsim.com domain. Each department is represented by an organizational unit. Computer and user accounts for each deparment have been moved to their respective OUs.
On the members of tab for the sales-gg group, add the colormagic-DL group. On the ColorMagic printer object, assign permissions to the ColorMagic-DL group. On the Members tab for the Sales-GG group, add all sales user accounts.
You have just ordered several laptop computers that will be used by members of the programming team. The laptop will arrive with Windows 8 pre-installed. You want the computer account for each new laptop to be added to the Developer OU in Active Directory. You want each programmer to join his or her new laptop to the domain. What should you do?
Pre stage the computer accounts in Active Directory. Grant the programmers the right to join the workstation to the domain.
You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2012 R2. All the client run Windows 8. A user named Mary Merone is working on location in Africa. She calls to report that her laptop has failed. The hardware vendor replaced the laptop and now you need to join the new computer to the domain. However, there is no connectivity from the current location of the domain. You must ensure that the laptop is joined to the domain immediately even if it cannot be physically connected to a domain controller. What should you do first?
Prepare the computer to perform an offline domain join by creating an Active Directory account for the computer using the Djoin /provision command.
• You are the administrator for a small network. You have approximately 50 users who are served by a single Windows Server 2012 R2 computer. You are providing Active Directory, DNS, and DHCP with this server. Your clients all use Windows 8. Last week an employee quit. A replacement has been hired, and will be starting next Monday. The new user will need to have access to everything the previous user had, including documents files held in the home folder. You need to set up an account for the new user, providing all access required. What should you do?
Rename the existing account, changing the name fields to match the new employee.
You have a laptop that you use for remote administrator from home and while traveling. The laptop has been joined to the domain using the name of AdminRemote. The processor in your laptop overheated one day, causing extensive damage. Rather than repair the computer, you purchase a new one for your use. The computer arrives and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. What should you do?
Reset the computer account in Active Directory.
You are the administrator for a large, single-domain network. You have several Windows Server 2012 R2 domain controllers and member servers, with a few Windows Server 2008 member servers. Your 3500 client computers are a mix of Windows 7 Professional and Windows 8. Today, one of your users has called for help. It seems that his computer is reporting that a trust cannot be established between his Window 7 computer and the domain controller. He is unable to log on to the domain. You examine the computer's account in using Active Directory Users and Computers and there is nothing obviously wrong. You need to allow this user to log on to the domain. What should you do?
Reset the computer account, and rejoin the domain.
Prior to installing Active directory on your network, you set up a test network in your lab. You created several user accounts that correspond to actual network users.
Run Ldifde to export the user accounts. Run Ldifde to import the user accounts. Edit the .ldif file to specify user account passwords. Run Ldifde to modify the existing accounts.
You get a call from another user one day telling you that his password no longer works. As you inquire about the reasons why the password doesn't work, he tell you that yesterday he got a call from an administrator asking for his user account password, which he promptly supplied.
Run Ldifde to export user account information. Edit the .ldif file to modify the user account properties and passwords. Run Ldfide to modify the existing user accounts. Create a script that runs Dsmod. Specify the new password and account properties in the script. Run the script
You manage a network with a single Active Directory domain called westsim.com. Organizational units have been created for the Accounting, Sales, and Shipping departments. User and computer accounts for each department are in their respective OU. Maria Hurd is going on a 7 week sabbatical and will not be working during that time. You would like to secure her user account to prevent it from being used to access network resources while she is away. What should you do?
Set an account expiration time for the last day Maria will be in the office. disable the account
replication
The process of copying changes between domain controllers
At 5:30 pm, you get a call from Mary Hurd, a user in the Sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information shown in the image. You need to make sure Mary can log in. What should you do?
Unlock Mary's account; Change the log on hours to extend past 5:30 pm change marys account to never expire
You manage user accounts in the southsim.com domain. Each department by an Organizational Unit (OU). Computer and user accounts for each department have been removed to their respective OUs. When a new employee in the sales department is hired, you create the user account, add to multiple groups, assign the user permissions to the sales contact database, and configure permissions to home and shared folders. Because of high turnover, you find that as users leave the organization, you spend several hours tracking down file ownership and reassigning permissions to other users. You would like to simplify this process. What should you do?
Use a programming language to create a de provisioning solution. Write scripts or routines that run automatically when the user account is deleted to reassign ownership and permissions.