Active Directory Flashcards
What is a Directory Service?
A directory service allows information to be stored, classified and retrieved.
What is Active Directory?
Active Directory is the directory service in a Microsoft operating system.
It is a database of objects that stores, organizes, and enables access to other objects.
It also provides essential networking services such as DNS and Kerberos-based authentication.
AD is hierarchy made up of Tree > Domains (Root and Child) > and Subdomains
What is a Domain Controller?
A domain controller is a windows server that stores a copy of all the information on the objects within the domain. They accept requests for changes to the databases and replicate the information amongst all the other domain controllers in the domain.
What is Kerberos?
Kerberos is an authentication protocol that is used to verify the identity of a user or host. It is used to verify the identity of a user or host.
Single sign on - Using Kerberos authentication within a domain or in a forest allows the user or service access to resources permitted by administrators without multiple requests for credentials. After initial domain sign on through Winlogon, Kerberos manages the credentials throughout the forest whenever access to resources is attempted.
What are attributes in AD?
Attributes describe an object such as passwords and names are attributes of a user.
What are objects in AD?
Objects are the most basic component of the directory and are a unique set of attributes or characteristics that represent a network resource, such as users, computers, and organizational units.
What is LDAP?
LDAP or Lightweight Directory Access Protocol is a is a protocol, not a service. LDAP is used to talk to and query several different types of directories, including Active Directory.
Active Directory uses LDAP to supply the naming convention for objects.
What are Distinguished Names (DNs)?
DNs are the complete path through the hierarchy tree structure to a specific object.
What is a Group in Active Directory?
Groups are used to collect user accounts, computer accounts, and other groups into manageable units. Working with groups instead of with individual users helps simplify network maintenance and administration.
There are two types of groups in Active Directory:
Distribution groups - used to create email distribution lists.
Security groups - used to assign permissions to shared resources.
