AD 70-640 Flashcards
What is Schema?
Defines all attributes for all objects in AD
Is what gives the ability to create object:
Examples: tables, the fields in each table, and the relationships between fields and tables.
What file is the core of Active Directory?
NTDS.DIT
What are the Advantages of Active Directory?
Centralized - makes all activities under one authority
Scale-able - allows you to make a lot of objects
Extensible - allows you to add fields to the schema
Examples:pictures, Social #, ETC
Manageable
Secure- Cuborose Tickets traffic is automatically encrypted
DNS Intergration -
Replication- Create users accounts can get replicated to another server convergence
GPO- items it can use to control every aspect what each user can see and do.
What is Convergence?
convergence is when active directory agrees with itself in all of its different locations.
What is a Domain?
A group of computers and devices on a network
What is a Forest?
A collection of one or more AD domains that share a common logical structure, directory schema, directory configuration, and Global catalog
How do you open the Initial Configuration Task after you check do not show?
OOBE
What is DCPROMO?
starts the AD DS install wizard
What is dynamically assigned IP address?
It automatically assigns an IP address that changes on its own.
What is a static IP address?
Manually assigned IP address that will only changes when manually changed by a admin.
How do you change your IP address from Dynamic to Static?
Network and sharing - Manage network connections - Local area connection - Properties
What is a subnet mask?
it determines if the information is on your network or on another. If the information is located on another network the request will be forwarded to the Default gateway.
What is a common preferred DNS server address?
127.0.0.1 because it is a loop back address.
How do you preform an unattended installation?
dcpromo /unattend:location\myanswerfile.txt
How to tell the version of windows you are on?
WinVer in the command prompt
How to determine the version of the schema?
regedit- hkeylocal system- currentcontrolset- services - NTDS - Prameters
How to add a Child Domain?
Run DCPromo and create new domain in existing forest
How to update the schema?
put dvd in drive
run cmd
adprep /forest prep
once complete run adprep /domain prep /gpprep
How are RODC updated?
Updates are replicated to the RODC from a Read Write Domain Controller
How does Credential Caching work?
RODC verifies credentials instead of forwarding the request.
Admins are denied Caching credentials by default
What can a admin on a RODC do?
Install updates and drivers
How many RODC and be on one domain?
One RODC per domain per site
What happens if you want a RODC in a site that contains outlook users?
You will have to make the RODC a GC
How do you install a RODC?
DCPROMO w/Advance (Full)
For Server Core you have to have a answer file
What are the 5 operations maters roles?
Forest Operations: the schema master domain naming master Domain: Infrastructure - relative identifier (RID) master, primary domain controller (PDC) emulator infrastructure master.
How to access the schema?
- You have to register the schema, regsvr32 schmmgmt.dll
- run mmc console
- add/remove snap in
- add the schema
What is the primary domain controller (PDC) emulator?
The final Authority for password changes, responsible for master time source, domain master browser,
What is the Domain Naming Master?
checks to make sure that the name space is not in use.
What is Domain Master Browser?
find
What is the Master Time Source?
find
What is the Schema Master role?
Is what gives the options for active directory. Provided the field (Text Box )
What does command dcdiag?
tells you about the domain and what roles it haves. Can be used to diagnosed issues.
What does command dcdiag /test:ridmanager /v do?
it provided information about the RID
What is a stand by master?
Stand by master is used when a server goes down. you can transfer the servers roles to the stand by master
( A back up server )
Why should the Domain Naming Master Role and Global Catalog be installed on the same server?
The domain naming master role refers to the GC to see if the name space already exist.
What does the Infrastructure Master Role do?
Check the cross domain references to verify their group membership . Refers to the GC for verification.
Where are the Domain Operation Roles?
Server manager - active directory user and computers - right click on domain - operations masters
Where do you find the Forrest Operations Roles?
Domain Naming Master Role can be found in Open Active Directory Domains and Trust - right click on Directory Domains and Trust - Operations masters roles
Schema master role can be found in console - right click on active directory schema - operations master role
How to transfer the Schema Master Role?
have to be a schema admin - console - right click on change active directory domain controller - select the new server. - once connected you right click on right click on active directory schema - operations master role - then select the word change
How do you see what Domains are running what Operation master roles?
in cmd run netdom query fsmo
How to rename a domain controller?
start - right click on computer - properties - change settings - select the change button
How to raise the domain functional level.
rick click on the domain inside of server manager - select raise domain functional level ,
How do you determine the highest Functional Level For a Forrest?
The highest level is based upon the lowest level Domain Controller
What is Linked Value Replication?
It picks out the new objects inside of the security group and replicates only the new objects instated of replicating all the memberships in that group
How to raise the Function Level for Forest?
Active Directory Domains and Trust - right click on active directory domains and trust - raise forest functional level
How to make a user account?
Go to the users folder - right click - select user -
What trick should you use for creating Template accounts?
create it with a _ in front of the name to make it appear at the top and disable the user account
How to change the hours someone can login?
click the account - go to account settings tab - select logon hours
How to make a new user from a template account?
right click on the template account - select copy - fill in the persons information.
What is DSADD?
is the primary tool you can use to add new accounts
What is DSRM?
Allows you to remove ou and all of the content in it.
What is DSmove?
Allows you to move and rename groups
What is LDIFDE?
Used to improt and export from a plane text file
What is CSDE?
Used to work with CSV files to automatically import & export accounts.
How do you get assistance with powershell cmdlets?
get-help (then the task you want to preform) get-service
What are variables in PowerShell?
Its an abbreviation that reduces the amount of typing and they start with $
These changes are only temporary
example: $wmi=Get-WmiObject Win32_Service - computername dci
will run complete cmdlet in full when you now type $wmi
What is PowerShell?
is a command line that uses Verb-Noun Syntax (CMDLET) example Get-Service
It is backwards compatible with cmd commands
**
What is a Alias in PowerShell?
a shortened cmdlet
These changes are only temporary
example: get-ChildItem
Alias: Dir
How do you make a Alias in PowerShell?
new-alias np (desired abbreviation) notepad (name of task)
How do you assign or limit someone to the computers they can access.
Right click on the account - account tab - select logon - and you can assign the computer the user can access.
How do you make an account profile?
account preferences - profile - \servername\profiles\%username%
How do you access GPO passwords settings?
server manager - features - Group policy management - forest - domain - right click on default domain policy edit -
computer configurations - security settings - account policy
How to access the Audit account login settings?
server manager - features - Group policy management - forest - domain - right click on default domain policy edit -
computer configurations -windows settings - security settings - local policies
How to enable or disable an account?
Right click on the account and select disable / enable
How to rename an account?
Right click on the account and select rename
What are the 3 group scope?
Domain Local, Global, Universal
What kind of memberships can be added to a Domain local group?
Can accept any membership ( Global , Universal ) but cant accept other Domain Local groups form another domain’s local group
User account from any domain in forest
Global or universal from any domain in forest
User accounts, global or universal groups from a
trusted forest domain
Other domain local groups from the same domain
Recourse access
What kind of memberships can be added to a Global group?
User account in same domain
Other global groups from same domain
for users of common type. example Department users
What is a Tree?
A collection of domains that share a common DNS namespace ( Patent -Technet.vn) ( child (video.technet.vn)
What is a Domain?
The core administrative unit of AD DS ( Address
)
What is a Orgnizational Unit? (OU)
Containers in AD DS which provide a framework for administrator and Group Policy Links.
What is a Site?
A collection of AD objects defined by their physical location
What is a Partition?
Logical section of actual AD DS Database.
What is a Domain Controller?
Contain copiesof the ad ds database
What is a data store?
The file on each domain controller that stores the AD DS information
What is Global Catalog servers
Domain Controllers which host global catalog which is partial read only copy of all the objects in the forrest
Read-Only Domain Controllers ?
Contain a special read only copy of the AD DS Database
What is Forest and Domain function level?
It is configured based on the older OS you will be supporting.
