Active Directory Overview Flashcards

Introduction to AD

1
Q

A Domain

A

A domain is an administratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure.
Database information is replicated (shared or copied) within a domain.
Security settings are not shared between domains.
Each domain maintains its own set of relationships with other domains.
Domains are identified using DNS names. The common name is the domain name itself. The distinguished name includes the DNS context or additional portions of the name.
Depending on the network structure and requirements, the entire network might be represented by a single domain with millions of objects, or the network might require multiple domains.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Objects

A

Within Active Directory, each resource is identified as an object. Common objects include:
Users
Groups
Computers
Shared folders
You should know the following about objects:

Each object contains attributes (i.e. information about the object such as a user’s name, phone number, and email address) which is used for locating and securing resources.
The schema identifies the object classes (the type of objects) that exist in the tree and the attributes (properties) of the object.
Active Directory uses DNS for locating and naming objects.
Container objects hold or group other objects, either other containers or leaf objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organizational Unit (OU)

A

An organizational unit is like a folder that subdivides and organizes network resources within a domain. An organizational unit:
Is a container object.
Can be used to logically organize network resources.
Simplifies security administration.
You should know the following about OUs:

First-level OUs can be called parents.
Second-level OUs can be called children.
OUs can contain other OUs or any type of leaf object (e.g. users, computers, and printers).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Generic Containers

A

Like OUs, generic containers are used to organize Active Directory objects. Generic container objects:
Are created by default
Cannot be created, moved, renamed, or deleted
Have very few editable properties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Trees and Forests

A

Multiple domains are grouped together in the following relationship:
A tree is a group of related domains that share the same contiguous DNS name space.
A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS name spaces.
Trees and forests have the following characteristics:
The forest root domain is the top-level domain in the top tree. It is the first domain created in the Active Directory forest.
The tree root domain is the highest level domain in a tree.
Each domain in the tree that is connected to the tree root domain is called a child domain.
A domain tree is a group of domains based on the same name space. Domains in a tree:
Are connected with a two-way transitive trust.
Share a common schema.
Have common global catalogs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Domain Controller

A

A domain controller is a server that holds a copy of the Active Directory database that can be written to. Replication is the process of copying changes to Active Directory between the domain controllers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Sites and Subnets

A

Active Directory uses the following two objects to represent the physical structure of the network.
A subnet represents a physical network segment. Each subnet possesses its own unique network address space.
A site represents a group of well-connected networks (networks that are connected with high-speed links).
You should know the following about sites and subnets:
Sites and subnets are used to manage Active Directory replication between locations.
All Active Directory sites contain servers and site links (the connection between two sites that allows replication to occur).
Site links are used by Active Directory to build the most efficient replication topology.
A site differs from a domain in that it represents the physical structure of your network, while a domain represents the logical structure of your organization.
Clients are assigned to sites dynamically according to their Internet Protocol (IP) address and subnet mask.
Domain controllers are assigned to sites according to the location of their associated server object in Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The Active Directory Database

A

The Active Directory database has a file called NTDS.dit. It is the physical database file in which all directory data is stored. This file consists of three internal tables:

The data table contains all the information in the Active Directory data store: users, groups, application-specific data, and any other data that is stored in Active Directory after its installation.
The link table contains data that represents linked attributes, which contain values that refer to other objects in Active Directory.
The security descriptor (SD) table contains data that represents inherited security descriptors for each object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Global Catalog (GC)

A

The Global Catalog (GC) is a database that contains a partial replica of every object from every domain within a forest. A server that holds a copy of the Global Catalog is a global catalog server. The Global Catalog facilitates faster searches because different domain controllers do not have to be referenced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Operations Master Roles

A

Operations master roles, also referred to as Flexible Single-Master Operation (FSMO) roles, are specialized domain controller tasks assigned to a domain controller in the domain or forest. Operations master roles are useful because certain domain and enterprise-wide operations are not well suited for the multi-master replication performed by Active Directory to replicate objects and attributes. A domain controller that performs an operations master role is known as an operations master or operations master role owner.
The following roles are forest roles, meaning that one domain controller within the entire forest holds the role:

The schema master maintains the Active Directory schema for the forest.
The domain naming master adds new domains to and removes existing domains from the forest.
The following roles are domain roles, meaning that one domain controller in each domain holds the role:
The RID master allocates pools or blocks of numbers (called relative IDs or RIDs) that are used by the domain controller when creating new security principles (such as user, group, or computer accounts).
The PDC emulator acts like a Windows NT 4.0 Primary Domain Controller (PDC) and performs other tasks normally associated with NT domain controllers.
The infrastructure master is responsible for updating changes made to objects.
As you install or remove domain controllers, you will need to be aware of which domain controllers hold these roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Functional Level

A

A functional level is a set of operation constraints that determine the functions that can be performed by an Active Directory domain or forest. A functional level defines:
Which Active Directory Domain Services (AD DS) features are available to the domain or forest.
Which Windows Server operating systems can be run on domain controllers in the domain or forest. Functional levels do not affect which operating systems you can run on workstations and servers that are joined to the domain or forest.
Windows Server 2008 supports the following domain functional levels:
Windows 2000 Native
Windows Server 2003
Windows Server 2008
Windows Server 2008 supports the following forest functional levels:
Windows 2000
Windows Server 2003
Windows Server 2008
Note: You cannot have Windows NT domain controllers and Windows Server 2008 domain controllers in the same forest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Group Policy

A

A policy is a set of configuration settings that must be applied to users or computers. Collections of policy settings are stored in a Group Policy object (GPO). The GPO is a collection of files that includes registry settings, scripts, templates, and software-specific configuration values.
Group Policy is an important component of Active Directory because through Group Policy you can centrally manage and enforce desktop and other settings for users and computers within your organization. For example, with Group Policy you can:

Enforce a common desktop for users
Remove desktop components, such as preventing access to the Control Panel
Restricting what actions users can perform, such as preventing users from shutting down the system
Automatically installing software
Dynamically set registry settings required by applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly