CHAPTER 2.1 Flashcards
what is active directory
A directory service is a customizable information store
that functions as a single point from which users can
locate resources and services in the network.
what is active directory
Active Directory is Microsoft’s implementation of directory
service
benefits of acitve directory
Centralized control of network resources
* Centralized and decentralized resource management
* Stores objects securely in a logical structure
* Optimizes network traffic
Logical components
Partitions
* Schema
* Domains
* Domain trees
Physical components
domain controllers
* Data stores
* Global catalog servers
AD Object
Represent physical entities
that exists in a network
organizational unit
Are containers
Used to group objects
within a domain
Create OUs to
Organize Objects
⁻ Configure objects
by assigning
GPOs
⁻ Delegate
administrative
permissions
what is AD Domains
Provides a structure for the
management
of user accounts, computers
accounts and groups
what is Domain Tree
A domain tree is a hierarchy
of domains
Each tree share a
contiguous namespace to
its parent domain
what is a forest
A collection of one or more trees
what is forest shares
Common schema of the AD database.
* Global catalog to enable searching
what is tree in forest
Created with the first domain.
* Can grow to include child domains or new domain trees.
what is schema
Types of objects that
can be stored in AD DS
* The properties
associated with the
objects
what is domain controller
Servers that host the AD DS database (Ntds.dit) and
SYSVOL
Best practices for domain controllor
For availability: At least two domain controllers in a domain
For security: Implement Read Only DC (RODC) and BitLocker
what is AD
Replication
Ensures that all domain
controllers have the same
information
what does AD replication
AD replication copies all updates of the AD
database to all domain controllers in a domain
or forest
Requirements for Installing AD
A computer running Windows Server
* Administrative privileges for creating a domain
* TCP/IP is installed and configured to use DNS
what is the two step process to install ad ds
- Install the Active Directory Domain Service role
- Install the Domain Controller role
Methods to install domain controllor
- Use Server Manager
- Use Windows PowerShell
- Install from media
Read-Only Domain Controllers
A domain controller that supports only incoming
replication traffic.
* Use for authentication purpose
For use in locations for Read-Only Domain Controllers
require a domain controller, but with no or minimal physical
security
* No need to update the Active Directory database.
To manage AD DS objects, you can use the following
graphical tools
Active Directory Administration snap-ins
* Active Directory Administrative Center
You can also use the following command-line tools
Directory Service commands
* Active Directory module in Windows PowerShell
what is Delegation of
Control
Assigning management of an
organizational unit to another
user or group
Benefits of delegation
Eases administration by
distributing routine
administrative tasks
* Provides users or groups
more control over local
network resources
Eliminates the need for
multiple administrative
accounts
best practice for Effective
AD DS
Permissions
Assign permissions to
groups, not to individual
users
how to evaluate effective perimssion
use the Effective Permissions
tab
* Manual analysis
