Chapter 1: Active Directory Flashcards

1
Q

What is a network directory service?

A

A network directory service is an administrative tool that stores, retrieves, and allows for the centralised management of information on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Active Directory Domain Services (ADDS)?

A

Active Directory is a directory service based on standards for defining, storing, and accessing directory service objects. It is based on the LDAP standard for accessing directory service objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Active Directory Features (6)

A

Hierarchical organisation
Centralised but distributed database
Scalability
Security
Flexibility
Policy-based administration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an Active Directory site?

A

An active directory site is a physical location in which domain controllers communicate and replicate information periodically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Domain Controller (DC)

A

A Domain Controller is a computer running Windows Server with the ADDS role installed, which services (and controls) one domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Domain Controller - Responsibilities (4)

A
  1. Maintain a replica of objects in the domain
  2. Replicate changes to the data to all other domain controllers in the domain
  3. Providing data search and retrieval functions for users attempting to locate objects in the directory
  4. Providing authentication and authorisation services for users (logging in and accessing network resources)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Active Directory Logical Structure (4)

A

Organisational Units
Domains
Trees
Forests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Organisational Unit (OU)

A

An organisational unit is an AD container object that is used to organise network users and resources into logical administrative units.

Contains objects such as: User accounts, groups, computer accounts, printers, applications, shared folders, servers, domain controllers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Domain

A

The domain is the core structural unit of an Active Directory, which contains OUs, and represents the administrative, security, and policy boundaries

Extra: Represented by a pyramid, large companies may have several to separate regions or administrative responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tree

A

A tree is a grouping of one or more domains that share a common top-level and second-level domain name (naming structure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Forest

A

A forest is a collection of one or more Active Directory trees (groupings of domains) that provide a common Active Directory environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ADAC is used to… (functions 4)

A

Active Directory Administrative Center is used to:
Create and manage users and groups
Manage OUs
Connect to other domain controllers
Change the domains functional level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is meant by “Active Directory Schema”?

A

Active Directory (AD) schema is a blueprint that describes the rules about the objects that can be stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Object

A

An object is an entity that represents a (network) resource such as users, computers, or printers, that is part of an AD network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The schema defines…

A

The schema defines the type, organisation, and structure of objects stored in the AD database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Schema classes

A

Schema classes define the types of objects that can be stored in Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Schema attributes

A

Schema attributes define the rules of what type of information is stored in an AD object, the type of information is called the attribute value.

18
Q

What are Active Directory Container Objects?

A

A container object is used to encapsulate other objects for organisation, management, administrative, and security purposes

19
Q

Types of AD container objects (3)

A

Organisational Units
Folder objects
Domain objects

20
Q

Type of Folder objects (5)

A

Builtin - for default windows groups
Computers - default for computer accounts in domain
Foreign Security Principals - user accounts from other domains
Managed Service Accounts - for services to access domain resources
Users - the administrator and guest default accounts

21
Q

Leaf Object

A

A leaf object is an AD object that doesn’t contain other objects and represents either a security account, network resource, or GPO

22
Q

What is replication? What are the types? (3)

A

Replication is the process of maintaining a consistent database of information when the database is distributed among several locations (at domain controllers)

Intrasite replication - replication between domain controllers in the same site
Intersite replication - replication between domain controllers at two or more sites
Multimaster repliation - repliation used by AD for replacing AD objects

23
Q

Knowledge Consistency Checker (KCC)
Defines….

A

KCC runs on all Domain Controllers and defines the replication topology of them, to make sure that no more than three hops exist between any two Domain controllers.

24
Q

Directory partition (5)

A

Each section of an Active Directory database:
Domain directory partition
Schema directory partition
Global catalog partition
Application directory partition
Configuration partition

25
Q

Operations master

A

The operations master is the domain controller that is responsible for all the function of all DCs, it is usually the first DC, and its responsibilities can be transferred if needed

26
Q

Flexible Single Master Operation (FSMO)

A

Schema master
Infrastructure master
Domain naming master
RID master
PDC Emulator master

27
Q

Trust relationships

A

In active directory, a trust relationship defines whether and how security principals from one domain can access network resources in another domain

28
Q

All domains in a forest share these characteristics (6)

A

A single schema
Forest-wide administrative accounts
Operations masters
Global catalog
Trusts between domains
Replication between domains

29
Q

Global catalog servers (functions 3)

A

Facilitates domain and forest-wide searches
Facilitates logon across domains - using UPN
Hold universal group membership information

30
Q

Forest root domain (4)

A

The forest root domain is the first domain in a forest, and is imperative to the functionality of AD
It handles; DNS server, Global catalog server, Forest-wide administrative accounts, Operations masters

31
Q

Why is a single domain preferrable? (4)

A

Simplicity
Lower costs
Easier management
Easier access to resources

32
Q

Under what circumstances should you consider using more than one domain? (5)

A

Need for differing account policies
Need for different name identities
Replication control
Need for internal and external domains
Need for tight security

33
Q

Group Policy Object (GPO)

A

A group policy object is a list of settings that administrators use to configure user and computing operating environments remotely, and can be managed using the GPMC

34
Q

How would you locate Active Directory objects?

A

Searching in Active Directory Users and Computers

35
Q

What is a directory partition?

A

Directory partitions are sections of the Active Directory database that holds varied types of data and are managed by different processes

36
Q

How is data organised in Active Directory?

A

The data in Active Directory is organised as objects

37
Q

What types of objects are there in Active Directory?

A

Container objects and leaf objects

38
Q

What do leaf objects typically represent?

A

Leaf objects generally represent security accounts, network resources, and GPOs

39
Q

What is a directory service?

A

A directory service is a database that stores network resource information and can be used to manage users, computers, and resources throughout the network

40
Q

Network resources

A

Network resources are any device, information, or service available across a network.
EXAMPLE: Files, applications, services, servers, computers, printers, etc.

41
Q

LDAP

A

Lightweight Directory Access Protocol is based on the X.500 Directory Access Protocol