AD

Question 1

ADMX

Answer 1

IMPORTANT! For disabling web extensions and other cool administrative templates for Group Policy, look further into it!

Question 2

PAM (Privileged Access Management

Answer 2

Bastion Forest - Is a separate AD forest that is specifically set up for heightened security.

Shadow Security Principals (groups) - special SID that exists in the bastion? tf bitch ass mother fucker cunt?

Expiring Links - you can set links that expire that’s associated with specific Kerberos ticket item?? wtf bitch ass mother fucker what links you even talking about STUPID FUCKER

KDC TTL Enhancement - (Ticket-Granting Ticket Time-To-Live) is like an expiration date for the special “tickets” that computers use to prove their identity in a network.
In the computer world, when you log in and get a special “ticket” from the Key Distribution Center (KDC) through the Kerberos authentication system, that ticket has a TTL. This means it’s only valid for a specific period, like 8 hours. After 8 hours, the ticket expires, and you need to get a new one by re-authenticating.

Question 3

What is Kerberos?

Answer 3

is the Authentication Protocol

Here’s how Kerberos works:

Authentication: When you try to log into your computer or access a network resource, Kerberos checks your identity. It’s like showing your ID at the club entrance.

Ticket Granting Ticket (TGT): Once your identity is confirmed, Kerberos gives you a special ticket called a Ticket Granting Ticket (TGT). This ticket proves you’re allowed inside the club (network) for a certain period.

Ticket for Access: When you want to access specific resources (like files or databases) within the network, you don’t need to prove your identity each time. Instead, you use your TGT to get a shorter-term ticket for that specific resource. It’s like getting a stamp on your hand so you can move around the club freely without showing your ID at every door.

Encryption: All these tickets and communications between your computer and the network are encrypted, meaning they’re scrambled and secure from prying eyes. This keeps your data safe while it’s traveling across the network.

In Windows Server, Kerberos is kind of like the VIP security system running behind the scenes. You won’t see it as a separate program or window. It’s integrated into the authentication process, making sure that only authorized users and computers can access the resources they’re allowed to, all while keeping everything secure.

Question 4

learn port #’s

Answer 4

20

File Transfer Protocol (FTP) Data Transfer

21

File Transfer Protocol (FTP) Command Control

22

Secure Shell (SSH)

23

Telnet - Remote login service, unencrypted text messages

25 (same port for scan to email m365)

Simple Mail Transfer Protocol (SMTP) E-mail Routing

53

Domain Name System (DNS) service

80

Hypertext Transfer Protocol (HTTP) used in World Wide Web

110

Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a server

119

Network News Transfer Protocol (NNTP)

123

Network Time Protocol (NTP)

143

Internet Message Access Protocol (IMAP) Management of Digital Mail

161

Simple Network Management Protocol (SNMP)

194

Internet Relay Chat (IRC)

443

HTTP Secure (HTTPS) HTTP over TLS/SSL

Question 5

When installing Roles to AD on a NEW DC what option do you choose?

Answer 5

Add a new forest..

Why? Ur not adding another DC to an existing domain or forest.

Question 6

Make sure to keep password to AD DS safe for DSRM, what is DSRM?

Answer 6

Directory Services Restore Mode

Question 7

After creating your new AD DS you’ll be asked to Create a DNS delegation, do you click it or skip it?

Answer 7

Skip it, because were creating the root of a new DNS. It wouldn’t have the ability to be found by any external DNS servers.

Question 8

What is a NetBIOS domain name?

Answer 8

Nuggetlab dude just put NUGGETLAB

NetBIOS domain names provide a more human-readable way for computers to find and interact with each other.

This is especially useful in the context of Active Directory, where it helps organize and manage resources like user accounts, computers, and other network-related entities.

Question 9

How do you make a child domain?

Answer 9

Get another DC (just like at work how we have a redudant dc for our main pdc).

Click the flag with the yellow caution sign > Add a new domain to an existing forest > Child Domain > put parent domain name in ph.local > New domain name (ph2) dont put .local?

Make sure to click “Change” and enter in credentials

Make sure DNS is enabled and GC, then put in credentials.

Make sure DNS Delegation is applied as well.

Question 10

If you have a forest root domain of nuggetlab.com, it will be impossible to install a domain named accusource.net into the same forest because the names are not hierarchical. True or false?

Answer 10

False

Question 11

AD DS clients locate domain controllers by using: (2 things)

Answer 11

SRV Records (SRV (Service) record is like a signpost in the internet’s address book (DNS). It helps computers find specific services, like email or domain controllers in an Active Directory network.

Imagine you’re looking for the post office in a city. The SRV record is like a sign telling you where to find it. It says things like:

“For email service (_imap) use this server at this address.”
“For domain controller service (_ldap) use this server at this address and port.”
So, when your computer needs to find a specific service, it checks the SRV records in DNS to get the right directions. It’s a way computers navigate the internet efficiently by knowing where to find the services they need.)

&
Active Directory-Integrated DNS Servers

Question 12

RRAS

Answer 12

Routing and Remote Access Service (not as stable as a VPN but is a VPN???)

Question 13

What is pivoting in hacking terms?

Answer 13

When a hacker gains access to 1 machine then pivots and gains access to another machine. (PDC to Synology) or (PC to PDC).

Question 14

DMZ is also knows as?

Answer 14

perimeter network.

A DMZ is like having 2 firewalls and in between is your web server?

Intranet - Firewall Webserver Firewall -Internet

Question 15

Where is AD data stored?

Answer 15

C:\Windows\System32\NTDS.dit

Question 16

What makes up the AD Partitions?

Answer 16

• NTDS.dit,
• Configuration (contains info about the forest)
• Schema
• Domain (contains all domain info)
• Application (This is a custom partition that you create and choose which DC’s get a copy of the info).

Question 17

Global Catalog

Answer 17

Purpose - computers can locate objects within the domains

Question 18

To install Active Directory how do you install it?

Answer 18

Manage > Next > Next > Active Directory Domain Services

Question 19

How do you promote a server to a domain controller?

Answer 19

Click the yellow caution flag (to the left of Manage).

Question 20

What deployment do you choose for your very first PDC?

Answer 20

Add a new forest

Question 21

What is DSRM?

Answer 21

Domain Services Restore Mode (this is the password you will setup to restore AD from backup). This is during the initial installation when you try to add the server to a domain controller

Question 22

What is NetBIOS?

Answer 22

is an old ass bitch ass legacy name for older devices that need to be able to interact with.

In production you should disable NetBIOS because its really for devices in the 1999s and older and could be a security risk. Bitch

Question 23

Where is group policy info stored in the C: Drive?

Answer 23

C\WIndows\SYSVOL

Question 24

Does putting your AD DS database logs on a seperate drive make your server run faster?

Answer 24

(probably dont need to do this) yes, put your database on one SSD, and put your logs on a different SSD.

Question 25

When you first setup your redudant DC and need to domain join it to your existing PDC you’ll need to change…

Answer 25

Your DNS to what the primary is if the auto one doesn’t work kinda like what happened at work

Question 26

Where are virtual machines located in Azure?

Answer 26

Resource Groups

Question 27

What version OS and hardware is your PDC at work running?

Answer 27

2022 STANDARD.. Not datacenter..

32GB RAM, CPU: Intel Xeon CPU E5-2623 (3ghz, 4 cores, 8 logical processors).

Question 28

When making a virtual machine in Azure what is a “availability zone?”

Answer 28

Having your virtual machine replicated to other data centers in Azure cloud so that if one data center goes down, you’ve got a replica of your virtual machine in another data center.

Question 29

Wondering about pricing in Azure or anything microsoft? They have “pricing calculators.”

Question 30

What is the port # for RDP?

Answer 30

TCP 3389

Question 31

Don’t allow RDP port from the outside open on the server because hackers could do a port scan (nmap), then ggs. Setup VPN instead

Question 32

How are RODC passwords stored?

Answer 32

cache, mother fucker

Question 33

How do you pre-stage a DC to be RODC?

Answer 33

go to users and computers, right click on the Domain Controller container and click pre-create Read only domain controller account..

Question 34

Once you pre-stage the RODC what is next?

Answer 34

Have someone login to the DC with their credentials and it will activate?

Question 35

If you need to adjust the password replication policy how do you do this? Also what is this?

Answer 35

Right click on the RODC in the domain controller container in users and computers. Go to Properties, then Password Replication Policy.

Password Replication Policy is which accounts are able to cache for their passwords.

Question 36

What service needs to be running to remote into the DC via powershell (PS)

Answer 36

WinRM (windows remote management)

Question 37

What port number does WinRM use?

Answer 37

HTTP: 5985

HTTPS: 5986

Question 38

What powershell command can i use to see if the ports are listening to WinRM?

Answer 38

winrm quickconfig (use this on the DC, not your laptop) so used this command on the device you’re trying to connect to, not from the device.

Fuck it just do it on both devices, who cares.

Question 39

what ps command can you use to create a new folder?

Answer 39

mkdir

Question 40

What is FSMO?

Answer 40

Flexible Single Master Operations

FSMO (Flexible Single Master Operations) encompasses these five crucial roles:

In the forest you have these 2 domain level roles:

Schema Master
Domain Naming Master

Doman level roles:

RID Master
Primary DC Emulator
Infrastructure Master

“Brian: this is important when you decommision a server and migrate those rules to a new one to make it seamless”

Question 41

For FSMO in AD where can you find RID Master, PDC, and Infrastructure Master?

Answer 41

In AD Users and Computers right click on your DC (ph.local) and click Operations Master.

Question 42

For FSMO in AD where can you find Domain Naming Master?

Answer 42

Go to AD Domains and Trusts, right click the VERY top icon and click Operations Master.

Question 43

How do you enable the recycling bin in AD?

Answer 43

You can only do this in the Administrative Center…
Right click on ph.local domain and enable recycling bin

Question 44

what does the nmap command do?

Answer 44

Scans ports, you DUMB FUCK. Network scans

Question 45

When you setup a domain as part of a forest there is a automatic trust relationship called what?

Answer 45

Two way Transitive Trust

Two way means it goes both ways, like a trans fag goes both ways bc they are mentally ill.

Question 46

When doing outgoing and ingoing trusts what name on the server side do you need?

Answer 46

our name is ph.local so we would type in ph2.local or ph2.com whatever.

https://docs.google.com/document/d/1hqPpOOErMRnu4oiMvQH_oLAl8SOK3wwd4EPZf9FhBNk/edit

Question 47

a Bridgehead is what?

Answer 47

is a server that is mainly used for intersite replication.

Question 48

by default how often does a replication occur in a Bridgehead?

Answer 48

180 minutes (3 hours)

Question 49

KCC

Answer 49

Knowledge Consistency Checker.

A built-in process in Windows Server that ensures replication consistency within Active Directory by dynamically generating and maintaining the replication topology.

Question 50

With site link costs you want to have faster connections to have what?

Answer 50

Lower cost…. fast = low cost? wtf does that even mean.

Question 51

Inter-site replication replicates how many hours BY DEFAULT?

Answer 51

3 hours (180 minutes) You dont want it to be this long i guess, ur instructor set it to 60 minutes but this is just default (180 min).

Question 52

What is Bridge Head?

Answer 52

A bridgehead server is a server that is mainly used for intersite replication. You can configure a bridgehead server for every site that is created for each intersite replication protocol. This helps to control the server that is used to replicate information to other servers.

Question 53

Every site must have a unique..

Answer 53

IP address, there can not be duplicate IP’s. Obviously because public IP’s dont duplicate in the first place unless somethin is fucked up.

Question 54

powershell command to show replication in sites status?

Answer 54

repadmin /showrepl

Question 55

command line to check Active Directory issues?

Answer 55

dcdiag

Also use dcdiag /fix to make safe repairs.

Also use dcdiag /? for the help directory list of the command and what it can do.

Question 56

What does GPO stand for?

Answer 56

Group Policy Objects… RETARD

Question 57

What is the UPN logon and what does it stand for?

Answer 57

first.lastname (the account username) User Principal Name

Question 58

ACL

Answer 58

Access Control List

Question 59

A CID, or Computer ID, is:

Answer 59

a unique 10-digit, alphanumeric number that identifies a computer or workstation that gives direction to find out what permissions are supposed to be given to a certain user?

Question 60

A —> G —> DL —-> P

Answer 60

Accounts go into Global groups
Global groups go into Domain Local groups
Domain Local groups GET permissions to resources.

Question 61

Domain local groups cannot travel they’re cemented to the ground.. unlike what can travel..

Answer 61

Global groups

Domain local groups can contain links for objects in other domains. BUT they themselves cannot travel.

Question 62

When you create a group there is a Group Scope and a Group Type. What are those?

Answer 62

Group scope:

Domain Local
Global
Universal

Group TYPE:
Security
Distribution

Question 63

UGMC

Answer 63

Universal Group Membership Caching

Every 8 hours the list gets cached.

Question 64

Where is UGMC located?

Answer 64

sites and services, right click site, properties > at the bottom there’s a check box, check that shit and where it says default change that shit.

Question 65

a Terminal Server is also known as?

Answer 65

RDS (Remote Desktop Services)

Question 66

Azure ADDS is seperate from what?

Answer 66

Azure

Question 67

What is AADDS-NSG?

Answer 67

USE A VPN, Dont ever do this for RDP.. BUT it is
An inbound security rule that is not a firewall but filters packets (you will need to go in here to let you RDP into the server)

Question 68

When you setup a fresh Azure server users need to…

Answer 68

reset their passwords?

Question 69

Whats the difference between a Global group vs a Universal Group

Answer 69

Global is for single domains and Universal is for across domains within a forest

Question 70

Where can you add different UPNs? (like if you have Primalhealthlp.com and want to add befulfilledsystems.com

Answer 70

Domains and Trusts > Right click the very top thing (AD domains and trust), click properties

Question 71

Before you join your on prem server, enable SSPR (self service password reset), then reset your password and you should be able to join your on prem to Azure AD?

Question 72

Where do you add a @domain.com for the UPN?

Answer 72

Domains and Trusts > Right click on the bitch > Properties

Question 73

What 2 ways can you verify that you actually own a domain name? (primalhealthlp.com)

Answer 73

TXT record or an MX record

Question 74

What is a CNAME?

Answer 74

A canonical name (CNAME) serves as an ALIAS for domain names that share an IP address. For example, in the diagram ‘Searchsecurity.techtarget.com’ is an alias for ‘Techtarget.com. ‘ Both point to the same IP address.

Question 75

What are two types of managed authentication in Azure:

Answer 75

Password hash synchronization (PHS)
Azure AD performs the authentication itself.

Pass-through authentication (PTA)
Azure AD has AD DS perform the authentication.

Question 76

What is federation?

Answer 76

“federation” refers to setting up a trust relationship between two separate identity management systems. This allows a user in one domain to access resources in another domain without having to create a new account or password.

Question 77

because of HIPPA bullshit you can or can’t have ur Azure AD password sync hashed to the cloud?

Answer 77

NOPE you can’t. You would need to do Federation (old stuff) or pass-through auth?

Question 78

what tool do you download to clean up your AD users?

Answer 78

Idfix

Question 79

Your password policies are configured in the cloud or on-prem?

Answer 79

on prem, NOT the cloud. Everything is configured in GPO.

Question 80

What is the hierechal of GPO’s?

Answer 80

Local Computer, Site, Domain, OU

If you apply policies at any other level, then they will always overrule the local computer GPO

In business it will go from Site > Domain > OU

Question 81

True or False? When you block inheritance on an Organizational Unit (OU), it prevents GPOs linked to parent OUs from being applied to the child OU. However, certain settings, such as the password policy, are considered to be “critical” and are always enforced, even if inheritance is blocked.

Answer 81

True, Password Policy will always apply bc security reasons dumbass

Question 82

True or False? Block Inheritance cannot block the ENFORCED, but it can still block things from the site?

Answer 82

True

Question 83

Where are DEFAULT domain policies located?

Answer 83

In Group Policy Objects (the folder thats in gpmc.msc (group policy)

Question 84

What is the difference between a Default Domain Controllers Policy vs a Default Domain Policy?

Answer 84

The Default Domain Controllers Policy is specifically for domain controllers and contains settings relevant to their role (like kerberos?),

While the Default Domain Policy is for (everything?) and all computers and users in the domain and contains settings that apply to the entire domain.

Question 85

How do you create a new GPO?

Answer 85

right click on Group Policy Objects, and click New

Question 86

You can assign software to people, which forces it on people’s
computers, or you can publish it to people which makes it where they can go into control panel and it’ll be available, but the software is not installed?

Question 87

If you put a gpo underneath your ph.local will it affect everyone?

Answer 87

yes

Question 88

So when enforce conflicts with block inheritance it will
override block inheritance.

Question 89

it’s important to note that if there are other policies linked at lower levels (like specific Organizational Units or OUs), those can potentially override the domain-level policies based on the order of precedence.

Answer 89

Click on the OU in the GPO and it will tell you the precedence (hierarchy)

Question 90

gpresult /r /scope computer

Answer 90

This will show you what the computer GPO is applied to. Very helpful, remember this.

Question 91

NTUSER.DAT does what?

Answer 91

This is a hidden file in C:\Users\username This stores user profile settings from Windows registry so that they’re preserved between restarts.

You can edit it to restrict access to certain things in windows, but you adjust it in Regedit ?

Question 92

In GPO you have Policies and Preferences. Which one is set in stone to where the user can’t change the settings?

Answer 92

Policies

Question 93

Does Enforce a GPO override Block inheritance?

Answer 93

Yes