Chapter 1: Active Directory Flashcards
What is a network directory service?
A network directory service is an administrative tool that stores, retrieves, and allows for the centralised management of information on a network.
What is Active Directory Domain Services (ADDS)?
Active Directory is a directory service based on standards for defining, storing, and accessing directory service objects. It is based on the LDAP standard for accessing directory service objects.
Active Directory Features (6)
Hierarchical organisation
Centralised but distributed database
Scalability
Security
Flexibility
Policy-based administration
What is an Active Directory site?
An active directory site is a physical location in which domain controllers communicate and replicate information periodically
Domain Controller (DC)
A Domain Controller is a computer running Windows Server with the ADDS role installed, which services (and controls) one domain.
Domain Controller - Responsibilities (4)
- Maintain a replica of objects in the domain
- Replicate changes to the data to all other domain controllers in the domain
- Providing data search and retrieval functions for users attempting to locate objects in the directory
- Providing authentication and authorisation services for users (logging in and accessing network resources)
Active Directory Logical Structure (4)
Organisational Units
Domains
Trees
Forests
Organisational Unit (OU)
An organisational unit is an AD container object that is used to organise network users and resources into logical administrative units.
Contains objects such as: User accounts, groups, computer accounts, printers, applications, shared folders, servers, domain controllers
Domain
The domain is the core structural unit of an Active Directory, which contains OUs, and represents the administrative, security, and policy boundaries
Extra: Represented by a pyramid, large companies may have several to separate regions or administrative responsibilities
Tree
A tree is a grouping of one or more domains that share a common top-level and second-level domain name (naming structure)
Forest
A forest is a collection of one or more Active Directory trees (groupings of domains) that provide a common Active Directory environment
ADAC is used to… (functions 4)
Active Directory Administrative Center is used to:
Create and manage users and groups
Manage OUs
Connect to other domain controllers
Change the domains functional level
What is meant by “Active Directory Schema”?
Active Directory (AD) schema is a blueprint that describes the rules about the objects that can be stored.
Object
An object is an entity that represents a (network) resource such as users, computers, or printers, that is part of an AD network.
The schema defines…
The schema defines the type, organisation, and structure of objects stored in the AD database
Schema classes
Schema classes define the types of objects that can be stored in Active Directory
Schema attributes
Schema attributes define the rules of what type of information is stored in an AD object, the type of information is called the attribute value.
What are Active Directory Container Objects?
A container object is used to encapsulate other objects for organisation, management, administrative, and security purposes
Types of AD container objects (3)
Organisational Units
Folder objects
Domain objects
Type of Folder objects (5)
Builtin - for default windows groups
Computers - default for computer accounts in domain
Foreign Security Principals - user accounts from other domains
Managed Service Accounts - for services to access domain resources
Users - the administrator and guest default accounts
Leaf Object
A leaf object is an AD object that doesn’t contain other objects and represents either a security account, network resource, or GPO
What is replication? What are the types? (3)
Replication is the process of maintaining a consistent database of information when the database is distributed among several locations (at domain controllers)
Intrasite replication - replication between domain controllers in the same site
Intersite replication - replication between domain controllers at two or more sites
Multimaster repliation - repliation used by AD for replacing AD objects
Knowledge Consistency Checker (KCC)
Defines….
KCC runs on all Domain Controllers and defines the replication topology of them, to make sure that no more than three hops exist between any two Domain controllers.
Directory partition (5)
Each section of an Active Directory database:
Domain directory partition
Schema directory partition
Global catalog partition
Application directory partition
Configuration partition
Operations master
The operations master is the domain controller that is responsible for all the function of all DCs, it is usually the first DC, and its responsibilities can be transferred if needed
Flexible Single Master Operation (FSMO)
Schema master
Infrastructure master
Domain naming master
RID master
PDC Emulator master
Trust relationships
In active directory, a trust relationship defines whether and how security principals from one domain can access network resources in another domain
All domains in a forest share these characteristics (6)
A single schema
Forest-wide administrative accounts
Operations masters
Global catalog
Trusts between domains
Replication between domains
Global catalog servers (functions 3)
Facilitates domain and forest-wide searches
Facilitates logon across domains - using UPN
Hold universal group membership information
Forest root domain (4)
The forest root domain is the first domain in a forest, and is imperative to the functionality of AD
It handles; DNS server, Global catalog server, Forest-wide administrative accounts, Operations masters
Why is a single domain preferrable? (4)
Simplicity
Lower costs
Easier management
Easier access to resources
Under what circumstances should you consider using more than one domain? (5)
Need for differing account policies
Need for different name identities
Replication control
Need for internal and external domains
Need for tight security
Group Policy Object (GPO)
A group policy object is a list of settings that administrators use to configure user and computing operating environments remotely, and can be managed using the GPMC
How would you locate Active Directory objects?
Searching in Active Directory Users and Computers
What is a directory partition?
Directory partitions are sections of the Active Directory database that holds varied types of data and are managed by different processes
How is data organised in Active Directory?
The data in Active Directory is organised as objects
What types of objects are there in Active Directory?
Container objects and leaf objects
What do leaf objects typically represent?
Leaf objects generally represent security accounts, network resources, and GPOs
What is a directory service?
A directory service is a database that stores network resource information and can be used to manage users, computers, and resources throughout the network
Network resources
Network resources are any device, information, or service available across a network.
EXAMPLE: Files, applications, services, servers, computers, printers, etc.
LDAP
Lightweight Directory Access Protocol is based on the X.500 Directory Access Protocol
