Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
54 Cards in this Set
- Front
- Back
|
What is NTAS.dit and how is fault tolerance provided?
|
it is how active directory is stored on a domain controller; multi-master replication system- multiple servers installed as domain controllers share a common database
|
|
|
What is the Schema?
|
Each object in active directory (user accounts, printer accounts, computers, and groups)
|
|
|
What is the maximum recommended level of OU's?
|
Unlimited number of OU's no more than 10 levels deep
|
|
|
What are the 4 different directory partitions?
|
Schema (rules & definitions that are used for creating and modifying object classes and attributes)
Configuration (replication topology & other config data that must be replicated through the forest) Domain (all the objects within the local domain) Application (allows admin to control what info is replicated and to which domain controllers) |
|
|
What is a Site?
|
one or more IP subnets that are connected by fast links
|
|
|
What does LDAP define?
|
Lightweight Directory Access Protocol: standards for naming formats and directory functions; standard naming structure and hierarchy
|
|
|
What is a distinguished name?
|
Full Name; an object in the directory is referenced by its complete name using the entire hierarchical path
|
|
|
What is a UPN?
|
User Principal Name; follow the format username@companyname.com
|
|
|
What is the default domain functional level? What are their supported OS's and the features of each?
|
Windows 2000 Mixed; pre-Windows Server 2003 domain controllers
|
|
|
What are the different forest functional levels and the requirements to raise it?
|
Windows 2000 (default), Windows Server 2003 interim, and Windows Server 2003; must be logged on as a member of the Enterprise Admins group and only on a server that holds the Flexible Single Master Operations Schema Master role
|
|
|
What is a cross forest trust?
|
when trust paths are crossed between forest
|
|
|
What file system is required for Active Directory?
|
NTFS
|
|
|
What are 2 ways in install Active Directory?
|
dcpromo.exe or Manage Your Server Web page
|
|
|
What is in the Domain DNS zone?
|
a single partition that allows DNS information to be replicated to all domain controllers running DNS within the domain
|
|
|
What is aging and scavenging?
|
the process that can be used by Windows Server 2003 DNS to clean up the DNS database when resource records are no longer required
|
|
|
What are the facts and requirements to raise the domain and forest functional levels?
|
one way operation (raised domain and forest functional levels can not be reversed without a complete reinstallation of the domain), each domain must be handled independently, the forest functional level cannot be raised until all domains in a forest have been raised to at least Windows 2000 native, logged on as a member of the domain admins group to raise the domain functionality, logged on as a member of the enterprise admins group to raise the forest functionality
|
|
|
What is a short cut and what are realm trusts?
|
trust established to shorten the number of hops required to gain access to a domain; trust established with a non-windows platform that uses kerberos as the authentication method
|
|
|
What are the characteristics of a site?
|
logical structure that can been seen in ADUC, physical network structure affects the efficiency of active directory replication
|
|
|
What is the default location for computers in sites and services?
|
Default-First-Site-Name
|
|
|
What is the update sequence number and what is a time stamp?
|
assigned by domain controllers when an object or attribute has changed; placed on each change that occurs
|
|
|
What is the rule of 3?
|
No single domain controller should be more than 3 network hops away from an originating domain controller
|
|
|
How often does the KCC run?
|
Knowledge Consistency Checker; every 15 minutes
|
|
|
What are cost, schedule, and frequency for site sinks and what are their default levels and ranges?
|
The three attributes of site link objects; Cost (allows admin to define the path that replication will take), Schedule (determines when the link can be used to replicate information), Frequency (provides the how often information regarding the replication schedule); Default: 180 minutes but can be as little as 15; 10,080 minutes is a week
|
|
|
What is the difference between intersite and intrasite replication?
|
Intra: designed to control replication traffic over slow WAN links
Inter: site links, connection between two sites that are logical and transitive |
|
|
What are the functions of the global catalog?
|
Central Repository for forest wide data; facilitate searches in the forest, resolve UPNs, provide universal group membership information
|
|
|
What is Universal Group caching and how often is it refreshed?
|
non global catalog domain controllers can process logons without contacting a global catalog server; every 8 hours
|
|
|
What are the 5 FSMO roles?
|
Domain Naming Master (create and delete domains in the forest), Relative Identifier (RID) Master (responsible for generating a pool of identifiers that are used when new accounts, groups, and computers are created), Infrastructure Master (replicating changes to an objects SID or distinguished name (DN)), Primary Domain Controller (PDC) emulator (provides backward compatibility for computers that are considered to be downlevel clients), Schema Master (making master changes to the active directory schema)
|
|
|
When can we convert groups?
|
Any time as long as the domain functional level is set to Windows 2000 native or higher
|
|
|
When do we have Universal Groups?
|
When consolidating groups and accounts that either span multiple domains or span the entire forest
|
|
|
What is CSVDE and LDIFDE used for?
|
Comma-Seperated Value Directory Exchange (import or export active directory information from a comma-separated value, can not modify or delete existing objects); LDAP Date Interchange Format Directory Exchange (same as CSVDE but can make modifications to the schema if necessary)
|
|
|
What does Microsoft say is a strong password?
|
one that follows guidelines that make it difficult for a potential hacker to crack; combination of minimum length, history, character types, and age (6-8 characters, upper and lowercase letters, numbers,and symbols, at least one of every character type, different that previous passwords
|
|
|
What do we have to do in order to use a smart card?
|
implement a PKI (public key infrastructure)
|
|
|
What does "Run as..." do and what service is required to use it?
|
allows you to maintain your primary logon as a standard user and creates a secondary session for access to an administrative tool; secondary logon service to be running
|
|
|
What does an OU look like and how do you hide it?
|
Flat or Pyramid; modify the ACL
|
|
|
What is the move option?
|
safe method of moving objects from one OU to another in ADUC
|
|
|
What are GPC and GPT?
|
Group Policy Container (active directory object that stores the properties of the GPO); Group Policy Template (located int he Policies subfolder of the Sysvol volume, stores policy settings such as security settings and script files
|
|
|
What are 2 default group policies?
|
Default Domain Policy (linked to the domain and its settings affect all users and computer in the domain); Default Domain Controllers Policy (linked to the Domain Controllers OU and it affects all domain controllers within this object)
|
|
|
What are the 3 states setting can be in?
|
Software Settings, Windows Settings, Administrative Templates
|
|
|
How are group policies processed and what are exceptions?
|
Local Policies, Site Policies, Domain Policies, OU Policies; No Override (force the settings to flow down through the active directory without being blocked my child domains), Block Policy Inheritance (set on a site, domain, or OU to block all policies from parent containers flowing to this container), Loopback (setting that provides an alternative method of obtaining the ordered list of GPOs to be processed for the user)
|
|
|
What happens if the security log becomes full and how do you fix it?
|
It shuts down;
|
|
|
What do we do to services to provide faster start up and log on?
|
Set it to manual
|
|
|
What are the steps to SDLC?
|
Planning, Implementation, Maintenance, Removal
|
|
|
What is .msi, .mst, and .msp?
|
file is a relational database file that is copied to the target computer system along with the program files it deploys; modifications to .msi files require transform files which are .mst; serve as patch files
|
|
|
What is the difference between assign and publish and when are they installed?
|
assign is used to specify that the applications will be assigned by default with standard package properties when you add new packages to the GPO, publish is used to specify that the applications will be published by default with standard package properties when you add new packages to the GPO;
|
|
|
What is the default level for software restriction?
|
the software restriction policies folder is empty by default
|
|
|
What are the 4 rules and what do they do for software restriction? What is the priority of the rules?
|
1.Hash Rule, 2. Certificate Rule, 4. Path Rule, 3. Internet Zone Rule
|
|
|
With Group Policy permissions, what are the defaults and how can we use those to filter them?
|
group policy settings will apply to all child objects within the domain, site, or OU to which they are linked; Permissions and WMI filters
|
|
|
What are different considerations when using a WMI filter?
|
at least one domain controller running Windows Server 2003 must be present, only evaluated on XP Professional or Server 2003, must have an outcome of true in order for GPO to be applied, only one WMI filter per GPO, can be linked to multiple GPOs once created
|
|
|
What does GPMC provide?
|
single access point to all aspects of group policy that are spread across other tools
|
|
|
What does RSOP and GPresult do?
|
Resultant Set of Policies (sum of the policies applied to a user or computer after all filters, security group permissions, and inheritance setting such as Block Policy Inheritance and No Override; create and display a RSoP query from the command line
|
|
|
What are the 2 types of defrag, what is the difference between them, and how do they work?
|
Automatic Online (garbage collection process, tombstone, default life 60 days); Manual Offline (F8 directory services restore mode, Ntsdsutil files, compact to drive:\directory, replace %systemroom%\ntds\ntds.dit)
|
|
|
What are the 3 types of restore and what are the differences between them?
|
Primary (when all Active Directory information is lost for the entire domain); Normal (restores the Active Directory database to its state before the backup); Authoritative (use NTdsutil, cannot be performed using any onther Windows Server 2003 tool)
|
|
|
What does the Directory Service Log contain?
|
logs informational events such as service start and stop messages, errors, and warnings
|
|
|
What are DSAstat, Repadmin, and Netdom?
|
compare directory info on domain controllers and detect the difference; checks replication consistence between replication partner and monitors the replication status; manage and verify trusts, join computers to domains and verify replication ability and permissions between partners
|
