1.1 Intro to AD

Question 1

Partition

Answer 1

A partition, or naming context, is a portion of the AD DS database. Although the database consists of one file named Ntds.dit, different partitions contain different data. For example, the schema partition contains a copy of the Active Directory schema. The configuration partition contains the configuration objects for the forest, and the domain partition contains the users, computers, groups, and other objects specific to the domain. Active Directory stores copies of partitions on multiple domain controllers and updates them through directory replication.

Question 2

Schema

Answer 2

A schema is the set of definitions of the object types and attributes that you use to define the objects created in AD DS.

Question 3

Domain

Answer 3

A domain is a logical administrative container for objects such as users and computers. A domain maps to a specific partition and you can organize the domain with parent-child relationships to other domains.

Question 4

Domain tree

Answer 4

A domain tree is a hierarchical collection of domains that share a common root domain and a contiguous Domain Name System (DNS) namespace.

Question 5

Forest

Answer 5

A forest is a collection of one or more domains that have a common AD DS root, a common schema, and a common global catalog.

Question 6

OU

Answer 6

An OU is a container object for users, groups, and computers that provides a framework for delegating administrative rights and administration by linking Group Policy Objects (GPOs).

Question 7

Container

Answer 7

A container is an object that provides an organizational framework for use in AD DS. You can use the default containers, or you can create custom containers. You can’t link GPOs to containers.

Question 8

Domain controller

Answer 8

A domain controller contains a copy of the AD DS database. For most operations, each domain controller can process changes and replicate the changes to all the other domain controllers in the domain.

Question 9

Data store

Answer 9

A copy of the data store exists on each domain controller. The AD DS database uses Microsoft Jet database technology and stores the directory information in the Ntds.dit file and associated log files. The C:\Windows\NTDS folder stores these files by default.

Question 10

Global catalog server

Answer 10

A global catalog server is a domain controller that hosts the global catalog, which is a partial, read-only copy of all the objects in a multiple-domain forest. A global catalog speeds up searches for objects that might be stored on domain controllers in a different domain in the forest.

Question 11

Read-only domain controller (RODC)

Answer 11

An RODC is a special, read only installation of AD DS. RODCs are common in branch offices where physical security is not optimal, IT support is less advanced than in the main corporate centers, or line-of-business applications need to run on a domain controller.

Question 12

Site

Answer 12

A site is a container for AD DS objects, such as computers and services that are specific to a physical location. This is in comparison to a domain, which represents the logical structure of objects, such as users and groups, in addition to computers.

Question 13

Subnet

Answer 13

A subnet is a portion of the network IP addresses of an organization assigned to computers in a site. A site can have more than one subnet.

Question 14

user account

Answer 14

In Windows Server, a user account is an object that contains all the information that defines a user. A user account includes:

The username.
A user password.
Group memberships.

Question 15

What are managed service accounts?

Answer 15

Accounts that run services at server start up or triggered by events

Question 16

What are group managed service accounts?

Answer 16

Group managed service accounts enable you to extend the capabilities of standard managed service accounts to more than one server in your domain.

Question 17

What are group objects?

Answer 17

Rules set for groups of users.

Question 18

Security Group

Answer 18

Security groups are security-enabled, and you use them to assign permissions to various resources. You can use security groups in permission entries in access control lists (ACLs) to help control security for resource access. If you want to use a group to manage security, it must be a security group.

Question 19

Distribution Group

Answer 19

Email applications typically use distribution groups, which are not security-enabled. You also can use security groups as a means of distribution for email applications.

Question 20

Local Group Scope

Answer 20

You use this type of group for standalone servers or workstations, on domain-member servers that are not domain controllers, or on domain-member workstations. Local groups are available only on the computer where they exist. The important characteristics of a local group are:

You can assign abilities and permissions on local resources only, meaning on the local computer.
Members can be from anywhere in the AD DS forest.

Question 21

Domain-local group scope

Answer 21

You use this type of group primarily to manage access to resources or to assign management rights and responsibilities. Domain-local groups exist on domain controllers in an AD DS domain, and so, the group’s scope is local to the domain in which it resides. The important characteristics of domain-local groups are:

You can assign abilities and permissions on domain-local resources only, which means on all computers in the local domain.
Members can be from anywhere in the AD DS forest.

Question 22

Global Group Scope

Answer 22

You use this type of group primarily to consolidate users who have similar characteristics. For example, you might use global groups to join users who are part of a department or a geographic location. The important characteristics of global groups are:

You can assign abilities and permissions anywhere in the forest.
Members can be from the local domain only and can include users, computers, and global groups from the local domain.

Question 23

Universal Group Scope

Answer 23

You use this type of group most often in multidomain networks because it combines the characteristics of both domain-local groups and global groups. Specifically, the important characteristics of universal groups are:

You can assign abilities and permissions anywhere in the forest similar to how you assign them for global groups.
Members can be from anywhere in the AD DS forest.

Question 24

Computers container

Answer 24

Before you create a computer object in AD DS, you must have a place to put it. The Computers container is a built-in container in an AD DS domain. This container is the default location for the computer accounts when a computer joins the domain.

Question 25

What is an AD DS forest?

Answer 25

A forest is a top-level container in AD DS. Each forest is a collection of one or more domain trees that share a common directory schema and a global catalog.

Question 26

What is an AD DS domain?

Answer 26

An AD DS domain is a logical container for managing user, computer, group, and other objects. The AD DS database stores all domain objects, and each domain controller stores a copy of the database.

Question 27

What are trust relationships?

Answer 27

AD DS trusts enable access to resources in a complex AD DS environment. When you deploy a single domain, you can easily grant access to resources within the domain to users and groups from the domain. When you implement multiple domains or forests, you should ensure that the appropriate trusts are in place to enable the same access to resources.

Question 28

Define OUs

Answer 28

An OU is a container object within a domain that you can use to consolidate users, computers, groups, and other objects. You can link Group Policy Objects (GPOs) directly to an OU to manage the users and computers contained in the OU. You can also assign an OU manager and associate a COM+ partition with an OU.

Question 29

What are the generic containers?

Answer 29

AD DS has several built-in containers, or generic containers, such as Users and Computers. These containers store system objects or function as the default parent objects to new objects that you create. Don’t confuse these generic container objects with OUs. The primary difference between OUs and containers is the management capabilities. Containers have limited management capabilities. For example, you can’t apply a GPO directly to a container.

Question 30

Active Directory Administrative Center

Answer 30

The Active Directory Administrative Center provides a GUI that is based on Windows PowerShell. This enhanced interface allows you to perform AD DS object management by using task-oriented navigation, and it replaces the functionality of Active Directory Users and Computers.

Question 31

Windows Admin Center

Answer 31

Windows Admin Center is a web-based console that you can use to manage server computers and computers that are running Windows 10. Typically, you use Windows Admin Center to manage servers instead of using Remote Server Administration Tools (RSAT).

Windows Admin Center works with any browser that is compliant with modern standards, and you can install it on computers that run Windows 10 and Windows Server with Desktop Experience.

Question 32

Remote Server Administration Tools

Answer 32

RSAT is a collection of tools which enables you to manage Windows Server roles and features remotely.

Question 33

1. Which PowerShell command could you use to add a user?

Answer 33

New-ADUser

Question 34

What scope of group can be assigned permissions anywhere in an AD DS forest and can have members from anywhere in the forest?

Answer 34

Universal

Question 35

What type of trust relationship is automatically created between the domains Contoso.com and Seattle.Contoso.com?

Answer 35

A parent and child two-way transitive trust

Question 36

Which of the following is a built-in container in an AD DS domain that can home computer accounts?

Answer 36

The Domain Controllers OU