Identify Infrastructure Flashcards by Ian Reid

What is Active Directory Domain Services?

A directory service that is the central store for all domain objects.

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Partition

Logical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Schema

Logical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Domain

Logical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Domain tree

Logical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Forest

Logical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Logical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Container

Logical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Domain controller

Physical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Data store

Physical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Global catalog server

Physical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Read-only domain controller

Physical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Site

Physical

How well did you know this?

Not at all

Perfectly

(AD DS) Logical or physical?

Subnet

Physical

How well did you know this?

Not at all

Perfectly

What is an AD DS partition?

A portion (or naming context) of the AD DS database

How well did you know this?

Not at all

Perfectly

What is the default Active Directory database file location?

C:\Windows\NTDS

How well did you know this?

Not at all

Perfectly

What is the Active Directory database file name?

Ntds.dit

How well did you know this?

Not at all

Perfectly

What is the AD DS schema?

A set of definitions of the object types and attributes that you use to define the objects created in AD

How well did you know this?

Not at all

Perfectly

What is an AD domain?

A logical administrative container for storing and managing objects

How well did you know this?

Not at all

Perfectly

What is an AD DS domain tree?

A hierarchical collection of domains sharing a common root domain and a contiguous DNS namespace

How well did you know this?

Not at all

Perfectly

What is an AD DS forest?

A collection of one or more domains with a common AD DS root, schema, and global catalog

How well did you know this?

Not at all

Perfectly

What is an AD DS OU?

A container object for users, groups, and computers that provides framework for assigning administrative rights and administration by linking Group Policy Objects (GPOs)

How well did you know this?

Not at all

Perfectly

What is an AD DS container?

An object that provides an organization framework for use in AD DS

How well did you know this?

Not at all

Perfectly

What AD DS logical component cannot be linked to a container?

GPOs

How well did you know this?

Not at all

Perfectly

What is an AD domain controller?

A server that contains a copy of the AD DS database

What is an AD DS data store?

The data stored on each domain controller

What is an AD DS Global catalog server?

A domain controller that hosts the global catalog

What is the name of a partial, read-only copy of all of the objects in a multiple-domain forest?

AD DS global catalog

What purpose does a global catalog serve?

It speeds up searches for objects that might be stored on domain controllers in a different domain in the forest

What is a special, read-only installation of AD DS?

Read-only domain controller (RODC)

Where are read-only domain controllers commonly found?

Branch offices lacking optimal physical security and IT support

What is an AD DS site?

A container for AD DS objects and services that are specific to a physical location

What is an AD DS subnet?

A portion of the network IP addresses

What is an AD DS managed service account (MSA)?

An object class used to facilitate service-account management

What enables you to extend the capabilities of standard managed service accounts (MSA) to more than one server in your domain?

Group Managed Service Accounts (gMSA)

For what does the acronym SPN stand?

Service Principal Name

What is a managed domain account that provides provided automatic password management, simplified SPN management, and the ability to delegate this management to other admins?

Standalone Managed Service Account (sMSA)

What are the two group types in a Windows Server enterprise network?

Security and distribution

What are the four group scopes in Windows Server?

Local, domain-local, global, and universal

What is a group object?

A representation of a group in AD DS.

What is a group in AD DS?

A logical grouping of objects

Which AD DS group type is security-enabled, and allows you to assign permissions to various resources?

Security group

Which AD DS group type is not security-enabled?

Distribution group

Which AD DS group type is commonly used by email applications?

Distribution group

Based on scope, which Windows Server group is available only to the computer where they exist?

Local group

Which Windows Server group scope only allows for the assignment of abilities and permissions for local resources?

Local group

Which Windows Server group scope only allows for the assignment of abilities and permissions for domain-local resources?

Domain-local group

Which Windows Server group scope is used for 1) standalone servers or workstations, 2) domain-member servers that are not domain controllers, or on 3) domain-member workstations?

Local group

Which Windows Server group scope is used primarily for managing access to resources or to assign management rights and responsibilities?

Domain-local group

Which Windows Server group scope is used primarily for consolidation of users who have similar characteristics?

Global group

Which Windows Server group scope is used mostly in multidomain networks?

Universal group

Which Windows Server group scope would you use to join users who are part of the same department or geographic location?

Global group

What is a AD computer object?

A representation of a computer in AD

Where is the default location for computers in AD?

The Computers container

All the domains within a _____ share a contiguous namespace.

Tree

All of the root domains within a _____ do not share a contiguous namespace.

Forest

What four objects exist in the forest root domain?

The schema master role The domain naming master role The Enterprise Admins group The Schema Admins group

Which domain contains the schema master role, the domain naming master role, the Enterprise Admins group, and the Scheme Admins group?

Forest root domain

An AD DS forest in often described to be serving as what two boundaries?

Security boundary and replication boundary

Which objects exist in each domain (including the forest root)?

The RID master role The Infrastructure master role The PDC emulator master role The Domain Admins group

Which type of trust relationship is automatically generated between domains within a multiple-domain AD DS forest?

Two-way transitive trust

Where does Windows Server store the trusted domain objects in AD DS?

The System container

For what does the acronym "RSAT" stand?

Remote Server Administration Tools

_______ ________ authenticate all users and computers in a domain.

Domain controllers

For what does the acronym "FQDN" stand?

Fully Qualified Domain Name

What is the default Active Directory SYSVOL folder location?

C:\Windows\SYSVOL

This physical component of AD DS does not cache any user passwords by default.

Read-Only Domain Controller (RODC)

_____ ______ is a collection of critical OS and server role files that include AD DS database and registry.

System state

For what does the acronym "DSRM" stand?

Directory Services Restore Mode

What is Directory Services Restore Mode (DSRM)?

A special boot mode for repairing or recovering Active Directory

An operations master role is also known as a _____ ______ ______ ______ role.

Flexible Single Master Operation (FSMO) role

Regarding operations master roles, which two roles does each forest have?

Schema master | Domain naming master

Regarding operations master roles, which three roles does each AD DS domain have?

``` Relative ID (RID) master Infrastructure master Primary domain controller (PDC) emulator master ```

Which domain controller do is contacted to add or remove a domain, or make domain name changes?

Domain naming master

Which domain controller is contacted to make schema changes?

Schema master

Which domain controller allocates blocks of relative IDs (RIDs) to each domain controller within a domain to use when building security IDs (SIDs)

RID master

What is an AD DS security ID (SID)?

A unique identifying number assigned by the domain controller to a security principal object

Which domain controller maintains interdomain object refernces?

Infrastructure master

Which domain controller serves as the time source for the domain, as well as receives any urgent password changes?

Primary domain controller (PDC) emulator master

A planned move of a DC role between two online domain controllers is known as _____ ___ ____.

"Transferring the role"

A emergency move of a DC role from one domain controller to another is known as

"Seizing the role"

Should you need to seize a DC role, which two tools can you use?

ntdsutil.exe CLI tool or Windows PowerShell

What result will running "netdom query fsmo" yield?

A list of where the FSMO roles reside

An AD DS _____ is the component that defines all the object classes and attributes that AD DS uses to store data.

schema

Any changes to the AD DS schema originate at the schema ______.

master

You define Group Policy settings within a ____ _____ _____.

Group Policy Object (GPO)

______ _______ is a framework in Windows OSs that allow you to manage configurations in an AD DS domain.

Group Policy

What are the two main nodes in the Group Policy Management Editor?

Computer Configuration User Configuration

The _____ of a GPO is the collection of users and computers that will apply the settings in the GPO.

scope

To what three things can you link a GPO?

Sites Domains OUs

You can further narrow the scope of a GPO with these two filter types:

Security Windows Management Instrumentation (WMI)

Arrange the following GPOs in the correct processing order: ``` Domain-linked GPOs Local GPOs Site-linked GPOs Child OU-linked GPOs OU-linked GPOs ```

1. Local GPOs 2. Site-linked GPOs 3. Domain-linked GPOs 4. OU-linked GPOs 5. Child OU-linked GPOs Remember: "LSD, oh see!"

In regards to GPO inheritance, the (higher/lower) the number, the (higher/lower) the precedence.

Lower, higher

You can configure a domain or OU to prevent the inheritance of policy settings, which is known as ______ __________.

Block inheritance

To evaluate the GPO precedence for an OU or domain, which tab would you select?

Group Policy Inheritence

When AD DS is installed, which two default GPOs does Windows Server create?

Default Domain Policy GPO Default Domain Controllers Policy GPO

Which default GPO specifies password settings, account lockout settings, and Kerberos v5 authentication protocol policies?

Default Domain Policy GPO

Which default GPO would you modify to implement auditing policies and to assign user rights that are required on domain controllers?

Default Domain Controllers Policy GPO

Within both the Computer Configuration and User Configuration nodes are the ______ and __________ nodes.

Policy Preference

For what does the acronym "RSoP" stand?

Resultant Set of Policy

In AD DS, it is best practice in a multi-domain enterprise to create a _____ _____ for .admx files.

Central Store