Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

54 Cards in this Set

  • Front
  • Back
What is NTAS.dit and how is fault tolerance provided?
it is how active directory is stored on a domain controller; multi-master replication system- multiple servers installed as domain controllers share a common database
What is the Schema?
Each object in active directory (user accounts, printer accounts, computers, and groups)
What is the maximum recommended level of OU's?
Unlimited number of OU's no more than 10 levels deep
What are the 4 different directory partitions?
Schema (rules & definitions that are used for creating and modifying object classes and attributes)
Configuration (replication topology & other config data that must be replicated through the forest)
Domain (all the objects within the local domain)
Application (allows admin to control what info is replicated and to which domain controllers)
What is a Site?
one or more IP subnets that are connected by fast links
What does LDAP define?
Lightweight Directory Access Protocol: standards for naming formats and directory functions; standard naming structure and hierarchy
What is a distinguished name?
Full Name; an object in the directory is referenced by its complete name using the entire hierarchical path
What is a UPN?
User Principal Name; follow the format
What is the default domain functional level? What are their supported OS's and the features of each?
Windows 2000 Mixed; pre-Windows Server 2003 domain controllers
What are the different forest functional levels and the requirements to raise it?
Windows 2000 (default), Windows Server 2003 interim, and Windows Server 2003; must be logged on as a member of the Enterprise Admins group and only on a server that holds the Flexible Single Master Operations Schema Master role
What is a cross forest trust?
when trust paths are crossed between forest
What file system is required for Active Directory?
What are 2 ways in install Active Directory?
dcpromo.exe or Manage Your Server Web page
What is in the Domain DNS zone?
a single partition that allows DNS information to be replicated to all domain controllers running DNS within the domain
What is aging and scavenging?
the process that can be used by Windows Server 2003 DNS to clean up the DNS database when resource records are no longer required
What are the facts and requirements to raise the domain and forest functional levels?
one way operation (raised domain and forest functional levels can not be reversed without a complete reinstallation of the domain), each domain must be handled independently, the forest functional level cannot be raised until all domains in a forest have been raised to at least Windows 2000 native, logged on as a member of the domain admins group to raise the domain functionality, logged on as a member of the enterprise admins group to raise the forest functionality
What is a short cut and what are realm trusts?
trust established to shorten the number of hops required to gain access to a domain; trust established with a non-windows platform that uses kerberos as the authentication method
What are the characteristics of a site?
logical structure that can been seen in ADUC, physical network structure affects the efficiency of active directory replication
What is the default location for computers in sites and services?
What is the update sequence number and what is a time stamp?
assigned by domain controllers when an object or attribute has changed; placed on each change that occurs
What is the rule of 3?
No single domain controller should be more than 3 network hops away from an originating domain controller
How often does the KCC run?
Knowledge Consistency Checker; every 15 minutes
What are cost, schedule, and frequency for site sinks and what are their default levels and ranges?
The three attributes of site link objects; Cost (allows admin to define the path that replication will take), Schedule (determines when the link can be used to replicate information), Frequency (provides the how often information regarding the replication schedule); Default: 180 minutes but can be as little as 15; 10,080 minutes is a week
What is the difference between intersite and intrasite replication?
Intra: designed to control replication traffic over slow WAN links
Inter: site links, connection between two sites that are logical and transitive
What are the functions of the global catalog?
Central Repository for forest wide data; facilitate searches in the forest, resolve UPNs, provide universal group membership information
What is Universal Group caching and how often is it refreshed?
non global catalog domain controllers can process logons without contacting a global catalog server; every 8 hours
What are the 5 FSMO roles?
Domain Naming Master (create and delete domains in the forest), Relative Identifier (RID) Master (responsible for generating a pool of identifiers that are used when new accounts, groups, and computers are created), Infrastructure Master (replicating changes to an objects SID or distinguished name (DN)), Primary Domain Controller (PDC) emulator (provides backward compatibility for computers that are considered to be downlevel clients), Schema Master (making master changes to the active directory schema)
When can we convert groups?
Any time as long as the domain functional level is set to Windows 2000 native or higher
When do we have Universal Groups?
When consolidating groups and accounts that either span multiple domains or span the entire forest
What is CSVDE and LDIFDE used for?
Comma-Seperated Value Directory Exchange (import or export active directory information from a comma-separated value, can not modify or delete existing objects); LDAP Date Interchange Format Directory Exchange (same as CSVDE but can make modifications to the schema if necessary)
What does Microsoft say is a strong password?
one that follows guidelines that make it difficult for a potential hacker to crack; combination of minimum length, history, character types, and age (6-8 characters, upper and lowercase letters, numbers,and symbols, at least one of every character type, different that previous passwords
What do we have to do in order to use a smart card?
implement a PKI (public key infrastructure)
What does "Run as..." do and what service is required to use it?
allows you to maintain your primary logon as a standard user and creates a secondary session for access to an administrative tool; secondary logon service to be running
What does an OU look like and how do you hide it?
Flat or Pyramid; modify the ACL
What is the move option?
safe method of moving objects from one OU to another in ADUC
What are GPC and GPT?
Group Policy Container (active directory object that stores the properties of the GPO); Group Policy Template (located int he Policies subfolder of the Sysvol volume, stores policy settings such as security settings and script files
What are 2 default group policies?
Default Domain Policy (linked to the domain and its settings affect all users and computer in the domain); Default Domain Controllers Policy (linked to the Domain Controllers OU and it affects all domain controllers within this object)
What are the 3 states setting can be in?
Software Settings, Windows Settings, Administrative Templates
How are group policies processed and what are exceptions?
Local Policies, Site Policies, Domain Policies, OU Policies; No Override (force the settings to flow down through the active directory without being blocked my child domains), Block Policy Inheritance (set on a site, domain, or OU to block all policies from parent containers flowing to this container), Loopback (setting that provides an alternative method of obtaining the ordered list of GPOs to be processed for the user)
What happens if the security log becomes full and how do you fix it?
It shuts down;
What do we do to services to provide faster start up and log on?
Set it to manual
What are the steps to SDLC?
Planning, Implementation, Maintenance, Removal
What is .msi, .mst, and .msp?
file is a relational database file that is copied to the target computer system along with the program files it deploys; modifications to .msi files require transform files which are .mst; serve as patch files
What is the difference between assign and publish and when are they installed?
assign is used to specify that the applications will be assigned by default with standard package properties when you add new packages to the GPO, publish is used to specify that the applications will be published by default with standard package properties when you add new packages to the GPO;
What is the default level for software restriction?
the software restriction policies folder is empty by default
What are the 4 rules and what do they do for software restriction? What is the priority of the rules?
1.Hash Rule, 2. Certificate Rule, 4. Path Rule, 3. Internet Zone Rule
With Group Policy permissions, what are the defaults and how can we use those to filter them?
group policy settings will apply to all child objects within the domain, site, or OU to which they are linked; Permissions and WMI filters
What are different considerations when using a WMI filter?
at least one domain controller running Windows Server 2003 must be present, only evaluated on XP Professional or Server 2003, must have an outcome of true in order for GPO to be applied, only one WMI filter per GPO, can be linked to multiple GPOs once created
What does GPMC provide?
single access point to all aspects of group policy that are spread across other tools
What does RSOP and GPresult do?
Resultant Set of Policies (sum of the policies applied to a user or computer after all filters, security group permissions, and inheritance setting such as Block Policy Inheritance and No Override; create and display a RSoP query from the command line
What are the 2 types of defrag, what is the difference between them, and how do they work?
Automatic Online (garbage collection process, tombstone, default life 60 days); Manual Offline (F8 directory services restore mode, Ntsdsutil files, compact to drive:\directory, replace %systemroom%\ntds\ntds.dit)
What are the 3 types of restore and what are the differences between them?
Primary (when all Active Directory information is lost for the entire domain); Normal (restores the Active Directory database to its state before the backup); Authoritative (use NTdsutil, cannot be performed using any onther Windows Server 2003 tool)
What does the Directory Service Log contain?
logs informational events such as service start and stop messages, errors, and warnings
What are DSAstat, Repadmin, and Netdom?
compare directory info on domain controllers and detect the difference; checks replication consistence between replication partner and monitors the replication status; manage and verify trusts, join computers to domains and verify replication ability and permissions between partners