Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
57 Cards in this Set
- Front
- Back
|
What directory format does Active Directory use?
|
X500
|
|
|
What do AD tree structures share?
|
The same contiguous name space?
|
|
|
What is an RODC?
|
A Read Only Domain Controller
|
|
|
Do different forests share the same name space?
|
No
|
|
|
What is NTDS.dit?
|
The AD database
|
|
|
What is a domain?
|
A domain is an administratively-defined collection of network resources that share a common directory database and security policies
|
|
|
What is an AD object attribute?
|
Information about the object such as a user's name, phone number, and email address) which is used for locating and securing resources.
|
|
|
What does an object schema identify?
|
The schema identifies the object classes (the type of objects) that exist in the tree and the attributes (properties) of the object.
|
|
|
What does AD use DNS for?
|
Active Directory uses DNS for locating and naming objects.
|
|
|
Name the OU structure
|
First-level OUs can be called parents.
Second-level OUs can be called children. OUs can contain other OUs or any type of leaf object (e.g. users, computers, and printers). |
|
|
What is an AD tree?
|
A tree is a group of related domains that share the same contiguous DNS name space.
|
|
|
What is an AD forest?
|
A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces.
|
|
|
What is the forest root domain?
|
The forest root domain is the top-level domain in the top tree. It is the first domain created in the Active Directory forest.
|
|
|
What is the tree root domain?
|
The tree root domain is the highest level domain in a tree.
|
|
|
What is a child domain?
|
Each domain in the tree that is connected to the tree root domain is called a child domain.
|
|
|
What is a domain tree?
|
A domain tree is a group of domains based on the same name space. Domains in a tree:
- Are connected with a two-way transitive trust. - Share a common schema. - Have common global catalogs. |
|
|
What is a domain controller?
|
A domain controller is a server that holds a copy of the Active Directory database that can be written to
|
|
|
What is replication?
|
Replication is the process of copying changes to Active Directory between the domain controllers.
|
|
|
What two objects does AD use to represent the physical structure of the network?
|
- A subnet represents a physical network segment. Each subnet possesses its own unique network address space.
- A site represents a group of well-connected networks (networks that are connected with high-speed links). |
|
|
What manages AD replication between locations?
|
Sites and subnets are used to manage Active Directory replication between locations.
|
|
|
What does an AD site differ from a domain?
|
A site differs from a domain in that it represents the physical structure of your network, while a domain represents the logical structure of your organization.
|
|
|
How are clients assigned to AD sites?
|
Clients are assigned to sites dynamically according to their Internet Protocol (IP) address and subnet mask.
|
|
|
How are domain controllers assigned to AD sites?
|
Domain controllers are assigned to sites according to the location of their associated server object in Active Directory.
|
|
|
What is the structure of the NTDS.dit file?
|
- The data table contains all the information in the Active Directory data store: users, groups, application-specific data, and any other data that is stored in Active Directory after its installation.
- The link table contains data that represents linked attributes, which contain values that refer to other objects in Active Directory. - The security descriptor (SD) table contains data that represents inherited security descriptors for each object. |
|
|
What does the Global Catalog server do?
|
Responsible for replicating a subset of attributes throughout Active Directory
|
|
|
What are FSMO roles/What do they do?
|
Flexible Single-Master Operation roles are specialized domain controller tasks assigned to a domain controller in the domain or forest. Operations master roles are useful because certain domain and enterprise-wide operations are not well suited for the multi-master replication performed by Active Directory to replicate objects and attributes
|
|
|
What are the FSMO roles?
|
- Schema Master
- Domain Naming Master - RID Master (Relative Identifier) - PDC Emulator - Infrastructure Master |
|
|
What does the schema master do?
|
Maintains the schema (the mapping of all the different object types)
|
|
|
What does the RID master do?
|
The RID master allocates pools or blocks of numbers (called relative IDs or RIDs) that are used by the domain controller when creating new security principles (such as user, group, or computer accounts).
|
|
|
What does the PDC Emulator do?
|
The PDC emulator acts like a Windows NT 4.0 Primary Domain Controller (PDC) and performs other tasks normally associated with NT domain controllers. (eg - time services)
|
|
|
What does the Infrastructure Master do?
|
Provides a mapping of all the container objects in AD. The infrastructure master is responsible for updating changes made to objects.
|
|
|
Which level do the Schema and Domain Naming Master roles operate at?
|
The Forest Level
|
|
|
What level do the RID, PDC and Infrastructure Master roles operate at?
|
The domain level
|
|
|
What is the Global Catalog?
|
The Global Catalog (GC) is a database that contains a partial replica of every object from every domain within a forest. A server that holds a copy of the Global Catalog is a global catalog server. The Global Catalog facilitates faster searches because different domain controllers do not have to be referenced.
|
|
|
What is an Operations Master?
|
A domain controller that performs an operations master role is known as an operations master or operations master role owner.
|
|
|
What does the Domain Naming Master do?
|
The domain naming master adds new domains to and removes existing domains from the forest.
|
|
|
What is a functional level?
|
A functional level is a set of operation constraints that determine the functions that can be performed by an Active Directory domain or forest
|
|
|
What does a functional level define?
|
- Which Active Directory Domain Services (AD DS) features are available to the domain or forest.
- Which Windows Server operating systems can be run on domain controllers in the domain or forest. Functional levels do not affect which operating systems you can run on workstations and servers that are joined to the domain or forest. |
|
|
Which domain functional levels does Server 2008 support?
|
Windows 2000 Native
Windows Server 2003 Windows Server 2008 |
|
|
Which forest functional levels does Server 2008 support?
|
Windows 2000
Windows Server 2003 Windows Server 2008 |
|
|
What is a group policy?
|
A policy is a set of configuration settings that must be applied to users or computers. Collections of policy settings are stored in a Group Policy object (GPO). The GPO is a collection of files that includes registry settings, scripts, templates, and software-specific configuration values.
|
|
|
What are new services in AD 2008?
|
- AD Domain Services
- AD Lightweight Directory Services - AD Certificate Services - AD Federation Services - AD Rights Management Services |
|
|
What is an AD role?
|
A role is a set of software features that provides a specific server function. Examples of roles include DNS server, DHCP server, File Server, and Print Server.
|
|
|
What is an AD role service?
|
Role services are specific programs that provide the functions of a role. Some roles, like DNS, have a single role service. Other roles, like Print Server, have multiple role services such as the LPD Service for Unix printing and Internet Printing. You can think of a role as a group of programs, with each role service being a sub-component of the role.
|
|
|
What is an AD feature?
|
A feature is a software program not directly related to a server role but which adds functionality to the entire server. Features include management tools, communication protocols or clients, and clustering support.
|
|
|
What is Active Directory Domain Services (AD DS)
|
AD DS is a distributed database that stores and manages information about network resources, such as users, computers, and printers. The AD DS role:
- Helps administrators securely manage information. - Facilitates resource sharing and collaboration between users. - Is required to be installed on the network to install directory-enabled applications such as Microsoft Exchange Server and for applying other Windows Server technologies, such as Group Policy. |
|
|
What is Active Directory Lightweight Directory Service (AD LDS)
|
Active Directory Lightweight Directory Services (AD LDS), formerly known as Active Directory Application Mode (ADAM), is an LDAP directory service that you can use to create a directory store (database) for use by directory-enabled applications. AD LDS is very similar to Active Directory Domain Services (AD DS), but is customizable and can be much smaller than an AD DS database.
|
|
|
What is Active Directory Federation Services (AD FS)
|
AD FS is a feature which enables secure access to web applications outside of a user's home domain or forest. The AD FS role:
- Provides Web Single-Sign-On (SSO) technologies to authenticate a user to multiple Web applications using a single user account. - Securely federates (shares) user identities and access rights in the form of digital claims between partner organizations. |
|
|
What is Active Directory Rights Management Service (AD RMS)
|
AD RMS is a feature which safeguards digital information from unauthorized use. The AD RMS role:
- Can define exactly how a recipient can use information, specifying who can open, modify, print, forward, and/or take other actions. - Allows organizations to create custom usage rights templates (such as "Confidential - Read Only") that can be applied directly to information such as product specifications, financial reports, e-mail messages, and customer data. |
|
|
What is Active Directory Certificate Services (AD CS)
|
AD CS is an identity and access control feature that creates and manages public key certificates used in software security systems. The AD CS role:
- Provides customizable services for creating and managing public key certificates. - Enhances security by binding the identity of a person, device, or service to a corresponding private key. - Includes features that allow you to manage certificate enrollment and revocation in a variety of scalable environments. |
|
|
Name some things that AD Certificate Services supports
|
Digital signatures
Encrypting File System (EFS) Internet Protocol security (IPsec) Secure/Multipurpose Internet Mail Extensions (S/MIME) Secure Socket Layer/Transport Layer Security (SSL/TLS) Secure wireless networks Smart card logon Virtual Private Networks (VPN) |
|
|
What AD roles are not supported on Server 2008 Standard?
|
AD FS requires the DataCenter or Enterprise editions for deployment.
|
|
|
WHich server roles can Server 2008 core run?
|
Active Directory
Active Directory Lightweight Directory Services (AD LDS) Dynamic Host Configuration Protocol (DHCP) Server DNS Server File Server Print Server Media Services Web Server (IIS) |
|
|
What are the limitations of Server 2008 core?
|
There is no Windows Shell.
There is no managed code support (no .NET framework). All code has to be native Windows API code. There is only MSI support for unattended mode installs. |
|
|
What methods can you use to manage a Server 2008 core system?
|
Log on and use the command prompt.
Log on using Remote Desktop to gain access to the command prompt. Use Windows Remote Shell (winrm). Run Server Manager or another tool on another computer and connect to the server core system. This method allows you to use a GUI interface for managing the server core system. |
|
|
How would you add server roles to a Server 2008 core system?
|
Run start /w ocsetup to add server roles to the server core system. Switches for the role or service must be typed exactly as they are listed, and role names are case-sensitive.
|
|
|
How would you see a list of roles, role services and features that can be installed on Server 2008 core?
|
run the oclist command
|
