Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
75 Cards in this Set
- Front
- Back
|
What is a Directory Service?
|
A tool that allows businesses to define, manage, access, and secure network resources, including files, printers, people and applications for a group of users.
|
|
|
What is a Domain Controller?
|
A server that stgores Active Directgory database and authenticates users with the network during logon.
|
|
|
What is the file named NTDS.dit?
|
Each domain controller actively participates in storing, modifying, maintaining, and replicating the Active Directory database information thatg is stored on each domain controller in this file.
|
|
|
What are the beneefits of Active Directory service?
|
* Centralized resource and security administration
* Single logon for access to global resources * Fault tolerance and redundancy * simplified resource location |
|
|
What are three ways an organization can decide to adminiser Active Directory?
|
based on an organizational or business model, or according to types of functions being administered.
|
|
|
What is a schema in Active Directory?
|
it is a master database that contains definitions of all objects in the active directory-it is the Active Directory.
|
|
|
What are the two parts to the schema?
|
Object classes and attributes.
|
|
|
What are come common attributs?
|
a unique name, globally unique identifier (GUID), required object attributes, optional object attributes, control lists (ACLs)
|
|
|
What is a unique name?
|
the name identfies the object in the database. A unique name is given to the object upon its creation and includes references to its location within the directory database.
|
|
|
What is a Globally unique identifier (GUID)?
|
The GUID is a 128-bit hexadecimal number that is assigned to every object in the Active Directory forest upon its creation. It does not change even when the object itself changes.
|
|
|
What are Required object attributes?
|
These attributes are required for the object to function. In particular, the user account must have a unique name and password entered upon creation.
|
|
|
What are Optional Object attributes?
|
These attributes add information tgat is not critical to the object in terms of functionality. This type of information is "nice to know" as opposed to "need to know." An example would be a phone number or street address for a user account.
|
|
|
What is a container object?
|
It can hold other objects, either additional child containers or leaf objects.
|
|
|
What is a leaf object?
|
It cannot contain other objects and usually refers to a particular resource such as a printer, folder, or user.
|
|
|
What is an Organizational Unit?
|
It is a logical grouping of resourcing of resources that have similar security guidelines. It can reflect logical structure of the organization by modeling the company's organizational chart or by organizing users according to their resource needs.
|
|
|
What is delegation of administration?
|
All users who have similar resource needs can be placed in an organizational unit for ease of management if this best supports the needs of the organization. Security is applied to the OU by default inherited by all child objects of the container, thereby simplifying management. Administration of an OU can be delegated to a supervisor or management and thus allow tht person to manage the day-to-day resource access. Each container, or OU can be creatged with custom security guidelines in mind, allowing for detailed administrative control.
|
|
|
What is inheritance?
|
Any jpermissions assigned to a parent container are by default inherited by all child containers and leaf objects?
|
|
|
What is Microsoft's recommended limit of OU nested relationships?
|
No more than 10 deep.
|
|
|
What is a domain?
|
A logical grouping of netowrk resources and devices that are administered as a single unit.
|
|
|
What is a forest root domain?
|
It is the first domain created in a Windows server 2003 domain.
|
|
|
What is a domain?
|
It is a security boundairy.
|
|
|
What is a child domain?
|
It is a sub-domain in a domain.
|
|
|
What is a domain tree?
|
a grouping of domains that have the same parental hierarchy and share the name of the parent domain.
|
|
|
What is a domain family?
|
Each domain tree contains a domain family which consists of the parent domain and all child domains.
|
|
|
What is a forest?
|
A forest is the highest level in the Active Directory domain hierarchy. Administrative security implemented at the forest level flows down through the hierarchy to all domain trees below.
|
|
|
What are directory partitions?
|
In a forest, Active Directory uses them to store and replicate information. These partitions divide the database into manageable pieces that separate forest-wide information from domain-specific information. In olrder for all domains to be able to share and replicate information, they must have common particions. The forest-wide partitions include the schema and configuration partitions.
|
|
|
What is a Schema Partition?
|
It contains the rules and definitions that are used for creating and modifying object classes and attributes.
|
|
|
What is a configuration partition?
|
It contains the replication topology and other configuration data that must be replicated throughout the forest.
|
|
|
What is a domain partition?
|
A directory partition which contains all of the objects within the local domain.
|
|
|
What is an application partition?
|
It allows administrators to control what information is replicated and to which domain controllers. This results in greater flexibility and better control over replication performance.
|
|
|
What is a site?
|
One or more IP subnets connected by fast links created to facilitate the replication of AD informaiton.
|
|
|
What is KCC?
|
Knowledge consistency checker. generally takes care of all replication topology issues. It is located in the Administrative tools folder of the domain controller.
|
|
|
What is LDAP?
|
Lightweight irecory Access Protocol. developed in the early 1990's by the Internet Engineering Task Force, it defines how global directories should be structured and includes the hierarchical specifications.It enables data exchange between directory services and applications. Access to all directory objects hapens through LDAP
|
|
|
What are the two types of names that cana be used to reference an jobject?
|
Its distinguised name and its relative distinguished name.
|
|
|
What is the LDAP Naming Attribute and Definition of Naming Attribute for the Object class: User or any leaf object?
|
LDAP Naming Attribute: cn
Definition of Naming Attribute: Common name |
|
|
Attribute and Definition of Naming Attribute for the Object class: Organizational Leaf Object?
|
LDAP Naming Attribute: OU
Definition of Naming Attribute: Organizational Unit |
|
|
Attribute and Definition of Naming Attribute for the Object class: Domain
|
LDAP Naming Attribute: DC
Definition of Naming Attribute: Domain components, one for each part of the DNS name |
|
|
How are users and resources grouped in he logical and physical structures of the organization's business model?
|
User and resources are grouped in domains and OUs according to resource neeeds, location, departments, or even security guidelines.
|
|
|
Why is DNS support a necessity for the Active Directory infrastructure to function properly?
|
DNS supports SRV records which are locator records within DNS to provide a mapping to a host providing a service. Dynamic updates permit DNS clients to register and update their information in the DNS database which permits the locator service to function.
|
|
|
What are the four Domain Functional Levels?
|
Windows 2000 mixed. Windows 2000 native. Windows 2003 Interim. Windows Server 2003.
|
|
|
Which Domain functional level allows you to upgrade directly to Windows Server 2003?
|
Windows Server 2003 Interim allows you to upgrade from Windows NT 4.0 to Winows Server 2003.
|
|
|
Which Functional Level provides backward compatabillity to Windows NT 4.0 and Windows 2000?
|
Windows 2000 Mixed.
|
|
|
Which Functional Level allows backward compatibility to Windows 2000?
|
Windows 2000 Native.
|
|
|
Does Windows Server 2003 allow for any backward compability to the older operating systems?
|
No
|
|
|
If I raise the functional level on a server, can I change it back?
|
No. It is an irreversable procedure.
|
|
|
What operating systems are supported by Windows 2000 mixed?
|
Windows NT 4.0. Windows 2000. Windows Server 2003
|
|
|
What operating systems are supported by Windows 2000 native?
|
Windows 2000.
Windows server 2003 |
|
|
What operating systems are supported by Windows 20003 interim?
|
Windows NT 4.0
Windows server 2003 |
|
|
What operating systems are supported by Windows server 2003?
|
Windows server 2003
|
|
|
What are the forest functional levels?
|
Windows 2000. Windows 2003 interim. Windows server 2003
|
|
|
What are the requirements of a cross-forest trust?
|
Functional level must be set to windows server 2003. Trusts must be created manually and must be done at both ends of the shared link for a way-way trust to exist.
|
|
|
What method of authentication is used when a resource is accessed via a cross-forest trust?
|
a secure link is established using the Kerberos authentication protocol.
|
|
|
If you want to use a Bind DNS server to support Active Directory what version of the BIND software must it be running?
|
Version 8.1.2 or later.
|
|
|
What is the forest root domain?
|
The first Active Directory domain on the network.
|
|
|
What is FSMO Roles?
|
Flexible single master operations roles are specific server roles that work together to enable multi-master functionality of Active Directory.
|
|
|
What is the command to start the install of Actice Directgory installation?
|
dcpromo
|
|
|
What is the FQDN?
|
It is the Fully Qualified Domain Name, It usually matches the DNS name registered by the company to use on the internet.
|
|
|
What is the NetBios name.
|
It is the name that is used if prior versions of Microsoft operating systems need access to the domain.
|
|
|
Are the Reverse lookup zones created when you install AD?
|
No you must create them yourself. the -MSDCS. and domain are created by default
|
|
|
How do you verify SRV records?
|
use NS lookup ls -t SRV domain
|
|
|
How do you create a reverse lookup zone?
|
In the administrative tools folder, right-click Reverse Lookup Zone and click new zone and then select primary zone and then follow from there.
|
|
|
What are the four types of trusts that can be manually established in Windows Server 2003?
|
Shortcut, Cross-forest, external and realm
|
|
|
What is a UPN?
|
A User Principal Name stored in the global catalog which allows them to be available forest-wide.
|
|
|
What is the first site, the first subnet in the Active Directory forest established named?
|
Default-First-Site-Name
|
|
|
What does it mean for a site to be well-connected?
|
It means that the network infrastructure in a site is fast and reliable, they replicate with one another, sites are independent of the domain structure.
|
|
|
Where does the domain controller go during the installation of a new domain controller?
|
It is automatically placed in the site corresponding to the network address portion of the domain controller's IP address. But if the sites are not created prior to adding a domain controller, the new domain controller will be placed in the Default-First-Site-Name container, requiring it to tbe moved later.
|
|
|
What is the idea behind replication?
|
All domain controllers in a domain should communicate Active Directgory information to each other, in addition to comminicating forest-wide information with other domains.
|
|
|
When does replication occur?
|
when one of the following conditions are met? an object is added or removed form AD. The value of an attribute has changed. The name of an object has changed.
|
|
|
What is an Update Sequence Number?
|
USNs are assigned by domain controllers when an object or atribute has changed. The higher the number, the more recent the change with regard to the original value. If ia property vhange occurs on a user account, sugh as a password change, the USN number is incremented by one.
|
|
|
What is a timestamp?
|
It is placed on each change that occurs. If a user changes his password several times, a change is stamped with the time the changed is occurred. AD used the USN and timestamp to determine which attribute value is most recent.
|
|
|
What is a bridgehead server?
|
It is the single server in each site selected to perform site-site replication. It is the gatge-keeper. They allow AD to update only one domain controller in a site. Then they proceed to update the remainder of its domain controller partners with the newly replicated information.
|
|
|
What is convergence?
|
It is when the complete propagation of a partition's objects and attributes have taken place at all domain controllers within a site.
|
|
|
What is the difference between intrasite replication and intersite replication?
|
Intrasite replication is in the same domain and Intersite is between multiple site networks.
|
|
|
What is the rule of 3?
|
no single domain controller should be more than three network hops away from an originating domain controller in an intrasite replication
|
|
|
What are the four different partitions of AD?
|
domain, schema, configuration and application
|
