7 - LDAP & Active Directory Flashcards
____________ serves as a centralized “command and control” for configuring devices that fall under its control.
Active Directory
What is LDAP?
[Define]
An open standard protocol for accessing object oriented databases, known as Directory Servers.
What does LDAP define?
Defines how clients access the directory server and perform database operations over an IP network.
The information present in your directory such as object classes, names and functions.
Data Models
Uniquely identifies an entity in a directory
Distinguished Name (DN)
Requests LDAP users make to alter the data associated with an entry. Defined modification types include adding, deleting, replacing, and increasing.
Modifications
A component of a DN. Typically the first (first what?)
Relative Distinguished Name (RDN)
Defines all the objects and attributes that the directory service uses to store data
Schema
String of characters that is used as a unique identifier. In AD FS, URIs are used to identify both partner network addresses and configuration objects.
Uniform Resource Identifier (URI)
What is a Domain?
An administrative grouping of multiple private computer networks or local hosts within the same infrastructure.
Domains can allow greater management of their internal devices and assist in blocking external ones.
[TRUE / FALSE]
TRUE
Domains are often used synchronously with domain name.
[TRUE / FALSE]
TRUE
Made up of several domains that share a common schema and configuration, forming a contiguous namespace.
Trees
Active Directory is a set of one or more trees.
[TRUE / FALSE]
TRUE
What is a “Forest”?
One or more trees that do not form a contiguous namespace.
Name the three things that all trees in a forest share.
- Common Schema
- Configuration
- Global catalog
What is the first Domain created in a Forest?
The Forest Root Domain
What port does LDAP use?
389
A _______ is a relationship established between domains to enable users in one domain to access resources in another domain.
trust
How do Trusts authenticate Users across the trust?
Via Kerberos or NTLM
In the Parent-Child Trust, when are child domains created?
Child domains are automatically added when created.
When is the Tree-Root trust created?
When new root domains are added to an Active Directory forest.
When is the Forest Trust created?
Must be created by a privileged administrator.
What trust relationship does the Forest trust establish?
It establishes a trust relationship between two AD forests.
This trust exists between two distant child domains; used to improve logon.
Shortcut Trust
Access between two Active Directory domains located in different forests (no forest trust exists).
Can be one direction.
External Trust
What protocol do queries on the domain for Windows systems use?
LDAP
Name the 4 steps of the Domain Query process.
- Client queries DNS for LDAP SRV record.
- Once the LDAP service is identified, the client connects to Port 389.
- The connection is made to a Domain controller.
- Client authenticates and performs the search.
Looking for something within the forest will require a ___________.
Global catalog
How does the Global Catalog (GC) identify the location of every object in the forest.
the GC uses Distinguished Names
Name the 3 Forest-Wide queries that need the Global Catalog (GC) service:
- Search for a resource (printer, fileshare) in a forest that contains more than one domain
- A User Principal Name (UPN) logon in a forest that contains more than one domain
- Email address search from the Global Address List (GAL)
Name the 3 steps of the Forest wide query process.
- Client queries DNS for GC SRV record.
- Once the GC service is identified, client connects to port 3268 or 3269. This connection is made to a domain controller running the GC service.
- Client authenticates and performs search.
In Windows systems, what is “Local Security Policy”?
A combination of settings used by Windows systems to control security on a computer.
What are policy settings commonly used for?
to edit account and password policies
How is “Local Policy” a valuable tool?
It is a valuable tool for computer compliance and centrally manage users, applications, and components.
Name three things you can find using Local Security Policy
- The Domains trusted to authenticate logon attempts
- Privileges and Rights assigned to accounts
- Security Auditing Policy
___________ is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
Group Policy
Without an Active Directory, there’s one Group Policy available - what is it?
Local Group Policy
Group Policy administration only works in conjunction with _______.
Active Directory
What is a Group Policy object (GPO)?
A collection of Group Policy settings that define what a system will look like and how it will behave for a defined group of users.
Every GPO contains two parts. What are they?
- User configuration
- Computer configuration
Contains policy settings that are relevant only for users.
User configuration
Contains policy settings that are relevant only for computers. Every setting is relevant to the computer itself.
Computer configuration
One or more trees that do not form a contiguous namespace are in a what?
Forest
