Active Directory Foundations Flashcards
Schema Master
Performs updates to AD scheme.
Updates include ADPPREP /FORESTPREP, Microsoft exchange, and other applications that mud modify the Ad scheme.
Must be online when scheme updates are performed.
Generally placed on the forest root PDC.
Domain Naming Master
Responsible for naming domains.
Add and removes domains and application partitions to and from the AD forest.
Must be online when domains and application partitions in a forest are added or removed.
Generally placed on the forest root PDC.
PDC emulator
Manages password changes for computer and user accounts on replica domain controllers.
Consulted by replica domain controllers where service authentication requests have mismatched passwords.
Target D.C for GP updates.
Target D.C. for legacy applications that perform writable operations and for some admin tools.
Must be online and accessible at all times.
Generally places on higher-performance hardware in a reliable hub site alongside other DCs.
RID Master
Relative IDs.
SID = RID + Domain ID
Allocates and standby RID pools to replica DCs in the same domain.
Must be online for newly-promoted DCs to obtain a local RID pool or when existing DCs must update their current or standby RID pool application.
Generally placed on the forest root PDC.
Infrastructure Master
Updates cross-domain references and platforms/tombstones from the Global catalog.
A separate infrastructure Master is created for each application partitions including the default forest-wide and domain-wide application partitions.
Long list of numbers and translate SID into friendly name.
Maintain cross domain references.
Infrastructure Master Situation
In a single-domain forest, the infrastructure Master can be placed on any D.C.
In a multi-domain forest, the infrastructure Master is generally placed on a D.C. That is not a global catalog.
Except in the case where all DCs in the forest are Global catalogs. In this case the infrastructure Master can be placed on any D.C.
Promote a Domain Controller
Install the ADDS roles after DNS checks out for the domain.
Or power shell:
Install-WindowsFeature -Name ad-domain-services -IncludeManagementTools
DC Promotion Configuration
- add a domain controller to an existing domain.
- add a new domain to an existing forest.
- add new forest.
Then specify the domain information.
Tree domain
Gives you the ability to create a noncontiguous domain name.
Child domain
Contiguous naming for the domain.
Domain: company.pri
New domain in existing forest: taco.company.pri
New forest and domain configuration
Functional Level: define set of capabilities that existed at the time that that version of the OS was released. Certain types of activities at forest level.
Use highest functional level. May have to set the level below due to legacy applications.
Domain controller and DNS
Always install DNS before installing ADDS roles.
Directory Services Restore Mode or DSRM
Special password you enter once except when you need to perform a authoritative restore of AD database.
Look into 3rd party tools to recover AD.
DNS Delegation
Allow us to create appropriate delegation. To have the folder structure the srv records require.
Netbios Domain
“Company”
The word before the .pri.
(Company.pri)
15 characters or less.
Paths to Store AD DS database, log files, and Sysvol
Look into storing on other disk drives instead of all being on the C drive. Especially in production.
Remove a Domain controller from domain
Choose remove roles and features in server manager. Uncheck AD DS. Demote the domain controller to remove the records from the database.
May have to force the removal of a D.C. But clean removal is desired.
Power shell:
Install domain controller in remote location with a bad network.
Install from media. Snapshot of AD database on existing domain controller.
Open up command prompt:
Ntdsutil: activate instance ntds
ntdsutil: ifm
Ifm: create full c:\users\desktop
-creates a snapshot file.
Ntdsutil.dit file which contains the AD Database.
Go through typical domain controller addition settings.
Additional options. Choose to install from media.
After installation from media, due to being days behind prod, choose to replicate from a close location.
Install ADDS on server core
> powershell
> install-windowsfeature -name ad-domain-services
> install-addsdomaincontroller -domainname company.pri -credential (get-credential company\administrator)
- admin pass
- dsrm pass
Choose a configure as domain controller
Upgrade a domain controller
- Get healthy and ensure AD has no errors or logs.
- Test and verify the replication.
Extend the schema for your forest. ADPrep.
-ADPrep extends the schema with .ldf files in the exe.
- Upgrade DCs to new OS.
- Relocate FSMO roles if necessary
- Raise domain/forest functional level in domains and trusts
ADPrep for a domain controller upgrade
/forestprep - update forest info. Happens first.
/domainprep - happens once in each domain in that forest.
/rodcprep- update perms on rodcs
/gpprep
SRV Records
Allow clients to locate the different AD services and different AD servers to locate each other.
Dynamic DNS updates
Each D.C. Will automatically enter DNS records.
DNS registration issues
Ipconfig -registerdns on DCs missing records. Dynamic DNS has to be enabled
