Configure Active Directory in a Complex Enterprise Environment

Question 1

Where do you go to add domains or forests?

Answer 1

Within the ADDSC wizard on the Domain Options screen

Question 2

What tool do you use to configure domain and forest functional levels?

Answer 2

Active Directory Domains and Trusts

Question 3

Within AD DT, how do you configure domain and forest functional levels?

Answer 3

To raise the forest level, right click on AD DT (top node) and select Raise Forest Functional Level

To raise the domain level, right click on domain and select Raise Domain Functional Level

Question 4

Domain functional levels can go lower than Forest functional levels. True or False?

Answer 4

False. Domain functional levels can go higher than forest functional levels but never lower.

Question 5

What tool do you use to configure User Principal Name (UPN) suffixes?

Answer 5

Active Directory Domains and Trusts.

Right click on AD DT (top node), and select properties.
Enter name of alternative UPN suffixes to be added.

Question 6

What is a forest trust?

Answer 6

A forest trust is the trust relationship between two different forests.

Question 7

How do you configure a forest trust?

Answer 7

Within AD DT > Right click on domain and select properties > Trusts tab > Launch “New Trust” wizard specifically selecting Forest Trust on the Trust Type screen.

Question 8

What is an external trust?

Answer 8

The trust relationship between an AD forest and a NT 4.0 domain structure.

Question 9

What is a realm trust?

Answer 9

The trust relationship between an AD forest and a Kerberos, non-AD domain structure.

Question 10

What is a shortcut trust?

Answer 10

The trust relationship between AD trees within a forest to speed up authentication

Question 11

What is SID filtering and how is it configured?

Answer 11

Aka Selective authentication, is when, by default, access to domain resources is not allowed unless permissions are given.

Is configured when going through the new trust wizard and selecting authentication type.

Question 12

What is name suffix routing?

Answer 12

The routing of child domains to parent domain’s DC for authentication.

Question 13

How do you configure name suffix routing?

Answer 13

Within AD DT > Domain properties > Trust properties > Name Suffix Routing tab

Question 14

What are 3 main reasons for using AD Sites?

Answer 14

1. Replication control
2. Enhance GPO deployment
3. Enhance use of SRV records

Question 15

What PowerShell cmdlet is used to create a new AD site?

Answer 15

New-ADReplicationSite

Question 16

How do you create a new site within AD SS?

Answer 16

Right click on Sites container and select New Site

Question 17

How do you create a new subnet within AD SS?

Answer 17

Right click on Subnets container and select New Subnet

Question 18

How do you create a new site link within AD SS?

Answer 18

Right click on Inter-Site Transports container (IP/SMTP) and select New Site Link

Question 19

What are 3 ways to implement site coverage?

Answer 19

1. utilizing SRV records pointing sites to DCs.
2. RODCs deployed within the site.
3. Subnet added to a site already containing a DC.

Question 20

How do you manage registration of SRV records?

Answer 20

Within DNS Manager > Forward Lookup Zones > > _tcp

Question 21

How do you move domain controllers between sites within AD SS?

Answer 21

Right click on DC and select Move then select available site

Question 22

What protocol can be used with a slow, unreliable WAN link between your sites?

Answer 22

SMTP

Question 23

What is the default time for replication over an IP site link?

Answer 23

180 minutes

Question 24

When configuring a trust between to domains, what is result of selecting domain-wide authentication?

Answer 24

Domain-wide authentication provides users from a trusted domain the same level of access to local resources as for users from the local forest.

Question 25

When configuring a trust between two domains, what is the result of selecting selective authentication?

Answer 25

Selective authentication allows users from a trusted domain to authenticate only to those resources to which they are explicitly allowed to authenticate.

Question 26

How do you prioritize certain site links over others?

Answer 26

By configuring the cost of the site links.

Within AD SS > Sites > Inter-Site Transports > IP, open the properties of the site and within the General tab, the Cost value can be changed. The lower the value, the higher the priority.

Question 27

Site link bridging is enabled by default. True or False?

Answer 27

True.

Question 28

How do you disable site link bridging?

Answer 28

Right click IP under Inter-Site Transports within AD SS.

On the General tab, uncheck the “Bridge all site links” option.

Question 29

What service, on DCs, is responsible for registering and periodically refreshing SRV locator records?

Answer 29

netlogon service

Question 30

If users are experiencing slow logon times, what may need to be done to resolve this issue?

Answer 30

Restart the netlogon service on the corresponding domain controller.