F04 Physical Structure

Question 1

Define Domain Controller

Answer 1

• A server in an AD Forest that is running Window Server 2003 or better network operating system and actively providing directory services is known as a domain controller.
• A DC has a complete copy of every object in the domain.

Question 2

Flexible Single Operations Master

Answer 2

• FSMO

- Each domain controller can have multiple roles.

Question 3

Schema Master

Answer 3

• First DC in the forest
• Controls the master list of objects and attributes in the AD Structure.
• AD Schema cannot be modified unless SM is available.
• Forest level role

Question 4

Domain Naming Master

Answer 4

• Forest level role
• The DNM records the additions and deletions of domains in the forest.
• Domain cannot be added/deleted if DNM is not available.

Question 5

RID Master

Answer 5

• Objects have unique Security Identifier (SID)
• 1st Part: domain specific 2nd Part: uniquetoobject
• RID master creates SID blocks and assigned them to Dc.
• DC uses block of RID to complete SID object.
• If RID master is not available then object cannot be added to domain if all RID are used.
• Domain Level Role

Question 6

Primary Domain Controller (PDC) Emulator (1st function)

Answer 6

• Process password changes IOT ensure all DC know of PW changes.
• All PW changes get recorded on PDC first.
• this ensure users can lon on to domain if replication has not occured between DC.
• If different DC have different user password then PDC emulator resolves this issues.

Question 7

Primary Domain Controller (PDC) Emulator (2nd function)

Answer 7

-Manage group policy updates within a domain.

Question 8

Primary Domain Controller (PDC) Emulator (3rd function)

Answer 8

• Provides a master time source for the domain.
• PDC in the forest root domain is the time master for the entire forest.
• Important because because AD relies on time stamps to manage objects.

Question 9

Infrastructure Master

Answer 9

• The IM master is the master catalog of all objects in the domain.
• All changes are reported first to the IM and then replicated out to the other DC.
• Domain level role.
• Without IM object cannot be added to the domain.

Question 10

3 DC partition

Answer 10

• Schema Partition
• Configuration Partition
• Domain Partition

Question 11

DC Schema Partition

Answer 11

-Has a copy of the schema of the forest

Question 12

DC Configuration Partition

Answer 12

• Defines the physical sturucture of AD.

- The Servers and the roels that they play

Question 13

DC Domain Partition

Answer 13

-Domain partition is where they keep a copy of all of the objects in the domain.

Question 14

IP Bridgehead

Answer 14

• IP bridgehead control replication into and out of the site.
• DC replicate freel within a site.
• All changes are sent to the IPB and then sent over the WAN.

Question 15

Replication connections

Answer 15

• Replication connections across the WAN are configured between sites and contain costs and interval.
• Cost is the available bandwidth and delay.
• Replication interval is set by adminitrator.

Question 16

Knowledge Consistency Checker

Answer 16

• Replication topology is controlled by the KCC.

- KCC is a service in AD and determined how AD replicates both inter and intra site

Question 17

KCC replication interval

Answer 17

KCC service repliactes this topology to all DC every 15 minutes.

Question 18

KCC protocol

Answer 18

Directory Service Remote Procedure Call (DS-RPC)

-Inter-site messaging Simple Mail Transfer Protocol Call (ISM-SMTP)

Question 19

DS-RPC

Answer 19

Intra-site replication utilizes DS-RPC and is the default protocol in DC runing W2K8R2
-DS-RPC is not dispicted in the diagram.

Question 20

ISM-SMTP

Answer 20

• Can be used for inter-site replication.

- USMC uses DS-RPC because its easier

Question 21

DNS Configuration

Answer 21

• Primary Zone
• Secondary Zone
• Active Directory Integrated
• Stub DNS Zone

Question 22

DNS Primary Zone

Answer 22

-as