Active directory Flashcards
Two-way _______ _________ are automatically established upon the creation of a subdomain or with the addition of a domain tree into an AD DS forest
transitive trusts
_________ trusts are those that are set up manually
Explicit
__________ ___________ allow authentication verifications to be processed faster, as opposed to having to move up and down a domain tree.
Shortcut trusts
__________ ____________allow different forests to share information without actually merging schema information or global catalogs
external trusts
What are organizational units?
organizational units (OUs) are containers that logically store directory information and provide a method of addressing AD DS through LDAP
What is the primary method for organizing user, computer, and other object information into a more easily understandable layout?
organizational units
What are the two different group types and their function?
A security group can be used to apply permissions to objects for the members of the group.
A distribution group, used to send mail to members of the group
What are the components of Group scope in AD DS?
Machine local groups
Domain local groups
Global groups
universal groups
What is the function of a Machine local groups?
Users and groups in the local domain, and other trusted domains and forests
local groups allow resources to be accessed only on the machine where they are located
What are Domain local groups?
Used to administer resources located only on their own domain.
They can contain users and groups from any other trusted domain. Most typically, these types of groups are used to grant access to resources for groups in different domains
What are Global groups?
contain users only in the domain in which they exist but are used to grant access to resources in other trusted domains.
What are universal groups?
universal groups grant access to any resource in the forest
What is the difference between an OU and a group?
groups can be used when applying security to objects, whereas OUs exist when certain administrative functionality needs to be delegated.
What are active directory objects?
Containers
Leafs
What are container objects in AD?
Domains, Organizational Units (OU), Sites
Create collections for organizational purpose
What are leaf objects in active directory?
Users, Computers, Security and Distribution Groups
How is a NetBIOS naming -legacy formatted?
domain\object name
e.g. dickson\jdickson
How is Universal Principal name (UPS) formatted?
object name@ domain
e.g. jdickson@dickson.local
What is CN?
common name is an object name
What is OU?
Organizational unit
Can have many OUs based on hierary
___________ ________ represents the entire naming path that the object occupies
CN=Joel Oleson,OU=SLC,DC=Companyabc,DC=com
Distinguished name
What do DC components define ?
The domain controllers define the DNS name of the Active Directory domain.
AD DS uses ___________ ____________ to authenticate users
Domain Controllers(DC’s)
The __________ _________, enables an administrator to view, delete, and modify schema attributes.
ADSIEdit utility
What allows queries and updates to take place in AD DS?
LDAP
Lightweight Directory Access Protocol
What is the Schema master?
- has one writable master copy in a forests
- this limits access thus reducing potential replication conflicts
What are AD DS DCs that contain a copy of the global catalog?
Global catalog servers (GCs)
The global catalog is an index of the AD DS database that contains a _______ ______ of its contents
Partial Copy
A common attribute extension occurs with the installation of _________________, which extends the schema
Microsoft Exchange Server
Schema determines the way that all user, computer, and other object data are ________ in AD DS and ________ to be standard across the entire AD DS structure.
Stored, configured
What is an AD DS schema?
A set of definitions for all object types and their related attributes in the directory
Users and computers are all stored and managed from within the boundaries of the _________
Domain
Domains in AD DS serve as administrative _________ __________ for objects and contain their own
________ ____________
security boundaries, security policies
Each domain in an AD DS tree shares a common ________ and global catalog
Schema
What is transitive trust?
The trusts flow through the domain structure.
Forests are a group of ________________ __________ trees
Interconnected Domain Trees
They are a grouping of organization domains
________ _________ connect the roots of each tree together into a common forest.
Implicit Trusts
What authentication method does not send password information over the network and is the method used in AD?
Kerbos
What are the 5 operations master (OM) roles?
Schema master Domain naming master PDC emulator RID master Infrastructure master
What is the Domain naming master?
- adds domains into the AD DS forest
- must have a record of all domains and objects to perform its function
- can only be one in a forest
What is the PDC emulator?
the primary time sync server for the domain
what is a RID master?
role owner is the single DC responsible for processing RID pool requests from all DCs within a given domain. It is also responsible for moving an object from one domain to another during an interdomain object move
What is the Infrastructure Master
Manages references to domain objects not within its own domain
What are the DC responsibilities?
Houses AD database
Provides Kerberos based authentication
Provides Kerberos based ticketing service (authorization)
